Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit or other malware infection; ''This Connection is Untrusted'' message when navigating to Yahoo Mail and other websites


  • This topic is locked This topic is locked
14 replies to this topic

#1 NevikRoc

NevikRoc

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sterling Heights, MI
  • Local time:06:10 PM

Posted 01 April 2012 - 12:26 PM

Followed the instructions on the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" page. Attached a screen-cap of the error message ("This Connection is Untrusted") I get on Yahoo Mail and other "secure" websites.

Below is the "dds.txt" log...

[Start "dds.txt"]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Run by Nevik Roc at 13:00:41 on 2006-07-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1000 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/vso9/default.asp?affid=105-36&dtag=1rjrx61
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.7.0.13\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Steam]
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [TivoTransfer] "c:\program files\common files\tivo shared\transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [eTrustPPAP] "c:\program files\etrust pestpatrol\PPActiveDetection.exe"
mRun: [POINTER] point32.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
StartupFolder: c:\docume~1\nevikr~1\startm~1\programs\startup\taskma~1.lnk - c:\windows\system32\taskmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://mail.gdls.com/InternalSite/WhlCompMgr.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{4466A22F-9823-4184-9FA0-8199DFBE5319} : DhcpNameServer = 207.69.188.185 207.69.188.186
TCP: Interfaces\{4F40AA4C-E462-4724-BC9C-1B21C6B786D5} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5A8B9E4C-8A96-42E9-A8D3-010485D7EBE3} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{ECBCCB33-CA1F-4FE0-93BE-EFA740690F44} : DhcpNameServer = 207.69.188.185 207.69.188.186
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nevik roc\application data\mozilla\firefox\profiles\lr3jqjvz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search/?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Xfinity
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59099&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\nevik roc\application data\mozilla\firefox\profiles\lr3jqjvz.default\extensions\{19627815-20a6-46e6-be34-a0b6967c022a}\components\Engine.dll
FF - component: c:\documents and settings\nevik roc\application data\mozilla\firefox\profiles\lr3jqjvz.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\nevik roc\application data\mozilla\firefox\profiles\lr3jqjvz.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\nevik roc\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\picasa3\npPicasa3.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1207000.00d\symds.sys [2012-1-30 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1207000.00d\symefa.sys [2012-1-30 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-19 820856]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1207000.00d\ironx86.sys [2012-1-30 136312]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.7.0.13\ccsvchst.exe [2012-1-30 130008]
R2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2005-8-4 848896]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-8-17 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-15 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\ipsdefs\20120330.002\IDSXpx86.sys [2012-3-30 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20120331.009\NAVENG.SYS [2012-3-31 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20120331.009\NAVEX15.SYS [2012-3-31 1576312]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S0 41611341;41611341;c:\windows\system32\drivers\21047891.sys --> c:\windows\system32\drivers\21047891.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 jhqeorgw;jhqeorgw;\??\c:\windows\system32\drivers\jhqeorgw.sys --> c:\windows\system32\drivers\jhqeorgw.sys [?]
S1 qxdwpjak;qxdwpjak;\??\c:\windows\system32\drivers\qxdwpjak.sys --> c:\windows\system32\drivers\qxdwpjak.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\blkwgd.sys --> c:\windows\system32\drivers\BLKWGD.sys [?]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2012-2-29 6016]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-10 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-10 40552]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-2-29 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-2-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-2-29 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2012-2-29 9472]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2005-3-11 72576]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2005-3-21 15576]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [2004-4-21 16384]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-17 13:18:34 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-17 13:18:34 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-01 00:06:25 9472 ----a-w- c:\windows\system32\drivers\motusbdevice.sys
2012-03-01 00:06:24 6016 ----a-w- c:\windows\system32\drivers\motfilt.sys
2012-03-01 00:06:24 23424 ----a-w- c:\windows\system32\drivers\Motousbnet.sys
2012-03-01 00:06:23 24064 ----a-w- c:\windows\system32\drivers\motmodem.sys
2012-03-01 00:06:22 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2012-03-01 00:06:22 6400 ----a-w- c:\windows\system32\drivers\motswch.sys
2012-03-01 00:06:22 20480 ----a-w- c:\windows\system32\drivers\motccgp.sys
2012-03-01 00:05:55 -------- d-----w- c:\program files\common files\Motorola Shared
2012-03-01 00:05:53 -------- d-----w- c:\program files\Motorola
2012-02-23 21:23:38 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2012-02-16 05:13:48 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-16 05:13:48 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-01-31 02:40:35 744568 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\symefa.sys
2012-01-31 02:40:35 369784 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\symtdi.sys
2012-01-31 02:40:35 331384 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\symtdiv.sys
2012-01-31 02:40:35 299640 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\symnets.sys
2012-01-31 02:40:34 516216 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\srtsp.sys
2012-01-31 02:40:34 50168 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\srtspx.sys
2012-01-31 02:40:34 340088 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\symds.sys
2012-01-31 02:40:34 136312 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\ironx86.sys
2012-01-31 02:40:23 -------- d-----w- c:\windows\system32\drivers\nav\1207000.00D
2012-01-28 16:35:36 -------- d-----w- c:\documents and settings\all users\application data\WD_SmartWareCommon
2012-01-28 16:33:08 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\Western_Digital
2012-01-28 16:19:39 -------- d-----w- c:\documents and settings\nevik roc\application data\Western Digital
2012-01-28 16:19:15 -------- d-----w- c:\documents and settings\all users\application data\Western Digital
2012-01-28 16:18:26 -------- d-----w- c:\program files\Western Digital
2012-01-28 16:16:59 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\Western Digital
2012-01-26 23:32:11 -------- d-----w- C:\3fbd77dacf61c0db1a563e1faf24c068
2012-01-24 07:22:51 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{ee197966-916e-4493-9bee-20aa9e449f12}\mpengine.dll
2012-01-12 03:05:15 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-12 03:05:14 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-12 03:05:14 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2011-11-18 12:35:08 60416 ------w- c:\windows\system32\dllcache\packager.exe
2011-11-04 15:28:05 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\SupportSoft
2011-11-04 15:27:48 -------- d-----w- c:\program files\common files\SupportSoft
2011-11-04 15:27:48 -------- d-----w- c:\program files\ComcastUI
2011-11-03 15:28:36 386048 ------w- c:\windows\system32\dllcache\qdvd.dll
2011-10-14 14:47:29 23040 ------w- c:\windows\system32\dllcache\mciseq.dll
2011-10-14 14:47:29 176128 ------w- c:\windows\system32\dllcache\winmm.dll
2011-09-26 15:41:20 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2011-09-26 15:41:14 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll
2011-09-04 06:10:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-08-12 09:51:17 -------- d-----w- c:\documents and settings\nevik roc\application data\CANON INC
2011-08-09 20:17:06 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-09 20:16:44 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-07-10 15:22:36 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-10 15:22:36 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-07-01 19:07:44 -------- d-----w- c:\program files\iPod
2011-06-14 19:39:56 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-05-20 10:10:07 -------- d-----w- c:\program files\Bonjour
2011-05-14 02:11:54 641536 ----a-w- c:\program files\common files\microsoft shared\vc\msdia80.dll
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-18 22:50:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-18 22:50:44 818104 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-18 22:50:44 441272 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-18 22:50:44 1969080 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-18 22:50:44 16312 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-18 22:50:44 101304 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-02-11 13:25:52 229888 ------w- c:\windows\system32\dllcache\fxscover.exe
2011-02-09 13:53:52 270848 ------w- c:\windows\system32\dllcache\sbe.dll
2011-02-09 13:53:52 186880 ------w- c:\windows\system32\dllcache\encdec.dll
2011-02-02 07:58:35 2067456 ------w- c:\windows\system32\dllcache\lhmstscx.dll
2011-01-27 11:57:06 677888 ------w- c:\windows\system32\dllcache\lhmstsc.exe
2011-01-21 14:44:37 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2010-12-24 13:40:36 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-24 13:37:05 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-24 13:37:05 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-21 23:28:43 -------- d-----w- c:\windows\system32\pt-PT
2010-12-21 23:28:43 -------- d-----w- c:\windows\system32\pt-BR
2010-12-21 23:28:43 -------- d-----w- c:\windows\system32\nl-NL
2010-12-21 23:28:43 -------- d-----w- c:\windows\system32\it-IT
2010-12-21 23:28:43 -------- d-----w- c:\windows\system32\fr-FR
2010-12-21 23:28:43 -------- d-----w- c:\windows\system32\es-ES
2010-12-21 23:28:42 -------- d-----w- c:\windows\system32\de-DE
2010-12-20 17:32:15 551936 ------w- c:\windows\system32\dllcache\oleaut32.dll
2010-12-18 15:50:05 -------- d-----w- c:\program files\Fisher-Price
2010-12-15 06:27:07 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 06:26:32 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-01 08:26:33 -------- d-----w- c:\documents and settings\nevik roc\application data\Tific
2010-12-01 08:26:31 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\Symantec
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ------w- c:\windows\system32\dllcache\isign32.dll
2010-11-09 14:52:35 536576 ------w- c:\windows\system32\dllcache\msado15.dll
2010-11-09 14:52:35 249856 ------w- c:\windows\system32\dllcache\odbc32.dll
2010-11-09 14:52:35 200704 ------w- c:\windows\system32\dllcache\msadox.dll
2010-11-09 14:52:35 180224 ------w- c:\windows\system32\dllcache\msadomd.dll
2010-11-09 14:52:35 143360 ------w- c:\windows\system32\dllcache\msadco.dll
2010-11-09 14:52:35 102400 ------w- c:\windows\system32\dllcache\msjro.dll
2010-11-05 19:44:01 -------- d-----w- c:\windows\system32\drivers\umdf\pt-BR
2010-11-05 19:43:54 -------- d-----w- c:\windows\system32\drivers\umdf\pt-PT
2010-11-05 19:43:50 -------- d-----w- c:\windows\system32\drivers\umdf\nl-NL
2010-11-05 19:43:45 -------- d-----w- c:\windows\system32\drivers\umdf\it-IT
2010-11-05 19:43:19 -------- d-----w- c:\windows\system32\drivers\umdf\de-DE
2010-11-05 19:43:00 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR
2010-11-05 19:42:43 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES
2010-11-05 19:39:41 -------- d-----w- c:\windows\system32\drivers\umdf\en-US
2010-10-30 12:17:01 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2010-10-30 12:16:58 -------- d-----w- c:\program files\McAfee Security Scan
2010-10-14 23:17:19 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 23:17:18 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 23:17:18 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 23:16:44 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-09-24 17:19:16 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-24 17:19:08 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-09-24 16:11:44 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-09-24 16:11:44 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-09-24 16:11:44 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
2010-09-24 16:11:44 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-09-24 16:11:44 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-09-24 16:11:42 796672 ----a-w- c:\windows\system32\drivers\umdf\ZuneDriver.dll
2010-09-24 16:11:42 205824 ----a-w- c:\windows\system32\ZuneCoInst.dll
2010-09-24 16:11:42 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-09-24 16:06:10 41472 ----a-w- c:\windows\system32\drivers\zumbus.sys
2010-09-18 16:41:23 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-18 16:41:23 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-18 16:41:23 -------- d-----w- c:\program files\Symantec
2010-09-18 16:41:23 -------- d-----w- c:\program files\common files\Symantec Shared
2010-09-18 16:40:52 -------- d-----w- c:\windows\system32\drivers\NAV
2010-09-18 16:40:48 -------- d-----w- c:\program files\Norton AntiVirus
2010-09-18 16:40:47 -------- d-----w- c:\documents and settings\all users\application data\Norton
2010-09-18 16:35:27 -------- d-----w- c:\program files\NortonInstaller
2010-09-18 16:35:27 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2010-09-17 06:15:07 6084944 ------w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\updates\mpengine.dll
2010-09-11 21:27:20 -------- d-----w- c:\program files\uTorrent
2010-09-11 21:26:55 -------- d-----w- c:\documents and settings\nevik roc\application data\uTorrent
2010-09-03 22:26:54 -------- d-----w- c:\documents and settings\nevik roc\DoctorWeb
2010-08-27 05:57:43 99840 ------w- c:\windows\system32\dllcache\srvsvc.dll
2010-08-03 09:09:29 -------- d-----w- c:\windows\6239C519FFFD4F0A938A78C6F2FA0BFA.TMP
2010-07-24 04:52:50 0 ----a-w- c:\windows\Ucececofiruji.bin
2010-07-24 04:52:49 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\{55DA23C0-BA61-4250-8418-F63238588D1B}
2010-07-24 04:50:12 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\emtmstjop
2010-07-16 12:05:55 1288704 ------w- c:\windows\system32\dllcache\ole32.dll
2010-07-14 08:32:49 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-23 11:21:08 -------- d-----w- c:\windows\6D1E83602F354C848D53C614FBCA621C.TMP
2010-06-18 17:45:17 293376 ------w- c:\windows\system32\dllcache\winsrv.dll
2010-06-08 20:59:51 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-04-20 05:30:08 290432 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-17 00:15:23 -------- d-----w- c:\documents and settings\nevik roc\application data\BitTorrent
2010-04-17 00:12:19 -------- d-----w- c:\program files\BitTorrent
2010-04-16 15:36:56 406016 ------w- c:\windows\system32\dllcache\usp10.dll
2010-04-01 03:41:24 -------- d-----w- c:\program files\Enigma Software Group
2010-03-31 04:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-30 16:24:40 317440 ------w- c:\windows\system32\dllcache\mp4sdecd.dll
2010-03-18 18:16:28 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 18:16:28 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-03-18 18:16:28 486216 ----a-w- c:\windows\system32\evr.dll
2010-03-09 18:44:23 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-08 16:09:53 -------- d-----w- c:\documents and settings\nevik roc\application data\Facebook
2010-03-05 14:37:40 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2010-03-04 05:15:38 -------- d-----w- c:\documents and settings\nevik roc\application data\ZoomBrowser EX
2010-02-14 14:34:41 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-14 14:34:41 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-14 14:34:41 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-04 23:23:37 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\IsolatedStorage
2010-01-31 23:44:06 -------- d-----w- c:\program files\Avery
2010-01-30 18:10:54 -------- d-----w- c:\documents and settings\all users\application data\ZoomBrowser
2010-01-30 18:09:55 -------- d-----w- c:\program files\Canon
2010-01-30 18:08:31 -------- d-----w- c:\program files\common files\Canon
2010-01-13 14:01:25 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2010-01-12 21:09:21 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-12-24 06:59:40 177664 ------w- c:\windows\system32\dllcache\wintrust.dll
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2009-11-07 05:07:08 49488 ----a-w- c:\windows\system32\netfxperf.dll
2009-11-07 05:07:04 297808 ----a-w- c:\windows\system32\mscoree.dll
2009-11-07 05:06:46 1130824 ----a-w- c:\windows\system32\dfshim.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-10-03 05:59:45 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-09-24 05:30:08 156488 ----a-w- c:\windows\system32\mscorier.dll
2009-09-08 23:33:08 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-17 16:37:56 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll
2009-08-17 16:37:56 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2009-08-16 07:05:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-16 07:05:02 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-08-16 07:04:39 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-16 07:04:39 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-08-16 07:04:39 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-16 07:04:39 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-16 07:04:39 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-16 07:04:39 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-16 07:04:39 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-16 07:04:39 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-16 07:04:38 -------- d-----w- C:\a590b107e5d6d0aecbb739253c68
2009-08-12 15:43:53 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01:48 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 05:02:41 -------- d-sh--w- c:\documents and settings\nevik roc\IECompatCache
2009-08-04 04:31:37 -------- d-sh--w- c:\documents and settings\nevik roc\PrivacIE
2009-07-27 23:35:17 -------- d-sh--w- c:\documents and settings\nevik roc\IETldCache
2009-07-27 23:17:41 135168 ------w- c:\windows\system32\dllcache\shsvcs.dll
2009-07-27 22:51:42 101376 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-27 22:51:29 -------- d-----w- c:\windows\ie8updates
2009-07-27 22:50:47 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-27 22:50:46 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-27 22:49:13 -------- dc-h--w- c:\windows\ie8
2009-07-21 05:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-17 19:01:06 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-07-17 16:22:18 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-06-25 08:25:26 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 08:25:26 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 08:25:26 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-06-24 11:18:41 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 14:36:30 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36:30 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-06-12 12:31:39 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-06-10 14:13:29 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 13:19:38 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 06:14:49 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2009-06-09 03:46:10 -------- d-----w- c:\documents and settings\nevik roc\application data\CVS
2009-05-07 15:32:35 345600 ------w- c:\windows\system32\dllcache\localspl.dll
2009-04-20 17:17:26 45568 ------w- c:\windows\system32\dllcache\dnsrslvr.dll
2009-04-16 01:19:47 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-04-16 01:19:47 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-04-16 01:19:46 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 01:19:46 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 01:19:46 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-04-16 01:19:45 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 01:19:45 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 01:19:45 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 01:19:44 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 01:19:44 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 01:16:43 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-04-16 01:16:42 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-04-15 14:51:25 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-21 14:06:58 989696 ------w- c:\windows\system32\dllcache\kernel32.dll
2009-03-18 06:04:48 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2009-03-18 03:18:44 -------- d-----w- c:\documents and settings\nevik roc\application data\Malwarebytes
2009-03-18 03:18:35 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-18 03:18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 03:18:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2009-03-17 00:28:38 -------- d-----w- c:\program files\Lavasoft
2009-03-08 18:22:30 49152 ------w- c:\windows\system32\msrating.dll.mui
2009-03-08 18:22:18 2560 ------w- c:\windows\system32\mshta.exe.mui
2009-03-08 18:21:06 4096 ------w- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 18:20:54 81920 ------w- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 08:35:32 743424 ------w- c:\program files\internet explorer\iedvtool.dll
2009-03-08 08:35:12 233984 ------w- c:\program files\internet explorer\jsprofilerui.dll
2009-03-08 08:35:04 144384 ------w- c:\program files\internet explorer\ExtExport.exe
2009-03-08 08:35:04 118272 ------w- c:\program files\internet explorer\JSProfilerCore.dll
2009-03-08 08:35:04 101376 ------w- c:\program files\internet explorer\iecompat.dll
2009-03-08 08:35:02 521216 ------w- c:\program files\internet explorer\jsdbgui.dll
2009-03-08 08:35:02 121344 ------w- c:\program files\internet explorer\jsdebuggeride.dll
2009-03-08 08:33:40 18944 ------w- c:\windows\system32\dllcache\corpol.dll
2009-03-08 08:33:18 12800 ----a-w- c:\program files\internet explorer\xpshims.dll
2009-02-07 18:03:30 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\Intuit
2009-02-07 17:55:57 -------- d-----w- c:\program files\common files\AnswerWorks 5.0
2009-02-03 19:59:07 56832 ------w- c:\windows\system32\dllcache\secur32.dll
2009-01-10 07:20:53 -------- d-----r- c:\program files\Skype
2009-01-07 22:20:54 134144 ------w- c:\windows\system32\dllcache\sqmapi.dll
2009-01-07 22:20:54 134144 ------w- c:\program files\internet explorer\sqmapi.dll
2009-01-07 22:20:52 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-01-07 22:20:52 1497088 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-01-07 22:20:52 1022976 ------w- c:\windows\system32\dllcache\browseui.dll
2009-01-07 22:20:18 355832 ------w- c:\program files\internet explorer\pdm.dll
2009-01-07 22:20:18 265720 ----a-w- c:\windows\system32\msdbg2.dll
2008-12-16 12:30:34 354816 ------w- c:\windows\system32\dllcache\winhttp.dll
2008-12-05 06:54:55 152064 ------w- c:\windows\system32\dllcache\schannel.dll
2008-11-20 19:19:06 43872 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2008-11-12 08:34:21 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 08:34:05 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2008-10-24 06:56:12 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 12:36:14 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 02:33:10 357888 ------w- c:\windows\system32\dllcache\srv.sys
2008-10-16 02:32:37 1860096 ------w- c:\windows\system32\dllcache\win32k.sys
2008-10-16 02:32:30 2192768 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 02:32:30 2148864 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 02:32:29 2027008 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 02:32:28 2069376 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-02 02:28:58 922112 ------w- c:\windows\system32\imapi2fs.dll
2008-10-02 02:28:58 922112 ------w- c:\windows\system32\dllcache\imapi2fs.dll
2008-10-02 02:28:58 62976 ------w- c:\windows\system32\dllcache\cdrom.sys
2008-10-02 02:28:58 426496 ------w- c:\windows\system32\imapi2.dll
2008-10-02 02:28:58 426496 ------w- c:\windows\system32\dllcache\imapi2.dll
2008-09-25 02:21:29 -------- d-----w- c:\windows\system32\scripting
2008-09-25 02:21:28 -------- d-----w- c:\windows\l2schemas
2008-09-25 02:21:27 -------- d-----w- c:\windows\system32\en
2008-09-25 02:21:27 -------- d-----w- c:\windows\system32\bits
2008-09-25 02:18:59 -------- d-----w- c:\windows\ServicePackFiles
2008-09-25 02:13:19 -------- d-----w- c:\windows\EHome
2008-09-18 08:40:03 276992 ------w- c:\windows\system32\wmphoto.dll
2008-09-18 08:40:01 69120 ------w- c:\windows\system32\wlanapi.dll
2008-09-18 08:40:00 712704 ------w- c:\windows\system32\windowscodecs.dll
2008-09-18 08:40:00 346112 ------w- c:\windows\system32\windowscodecsext.dll
2008-09-18 08:38:55 61440 ------w- c:\windows\system32\kmsvc.dll
2008-09-12 12:20:28 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\Unity
2008-09-12 11:52:07 -------- d-----w- c:\program files\Unity
2008-08-27 20:19:00 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2008-08-27 20:19:00 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2008-08-12 22:59:56 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2008-08-12 22:59:11 692736 ------w- c:\windows\system32\dllcache\inetcomm.dll
2008-07-30 01:10:04 26112 ----a-w- c:\windows\system32\TsWpfWrp.exe
2008-07-29 23:59:58 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2008-07-29 23:59:58 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2008-07-29 23:59:58 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 23:24:50 97800 ----a-w- c:\windows\system32\infocardapi.dll
2008-07-29 23:24:50 622080 ----a-w- c:\windows\system32\icardagt.exe
2008-07-29 23:24:50 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2008-07-29 23:24:50 11264 ----a-w- c:\windows\system32\icardres.dll
2008-07-29 09:49:58 586240 ----a-w- c:\windows\system32\icardres.dll.mui
2008-07-25 15:16:58 83968 ----a-w- c:\windows\system32\mscories.dll
2008-07-25 15:16:58 158720 ----a-w- c:\program files\internet explorer\mui\0409\mscorier.dll
2008-07-07 20:26:58 253952 ------w- c:\windows\system32\dllcache\es.dll
2008-06-24 16:43:16 74240 ------w- c:\windows\system32\dllcache\mscms.dll
2008-06-20 17:46:57 245248 ------w- c:\windows\system32\dllcache\mswsock.dll
2008-06-20 17:46:57 149504 ------w- c:\windows\system32\dllcache\dnsapi.dll
2008-06-20 11:51:12 361600 ------w- c:\windows\system32\dllcache\tcpip.sys
2008-06-20 11:40:08 138496 ------w- c:\windows\system32\dllcache\afd.sys
2008-06-20 11:08:27 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2008-06-17 19:02:19 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2008-06-15 15:17:53 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2008-06-12 14:23:32 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2008-06-12 14:23:32 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2008-06-12 14:23:32 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2008-06-12 14:23:32 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2008-06-12 14:23:32 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll
2008-06-12 14:23:32 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2008-06-11 17:22:40 -------- d-----w- c:\program files\TouchStoneSoftware
2008-06-10 19:19:23 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2008-06-10 19:19:21 272128 ------w- c:\windows\system32\drivers\bthport.sys
2008-06-10 19:19:21 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2008-05-11 14:30:47 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\NOS
2008-05-09 10:53:40 90112 ------w- c:\windows\system32\dllcache\wshext.dll
2008-05-09 10:53:40 420864 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2008-05-09 10:53:40 172032 ------w- c:\windows\system32\dllcache\scrrun.dll
2008-05-09 10:53:39 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2008-05-09 10:53:39 180224 ------w- c:\windows\system32\dllcache\scrobj.dll
2008-05-08 11:24:44 155648 ------w- c:\windows\system32\dllcache\wscript.exe
2008-05-07 09:07:23 135168 ------w- c:\windows\system32\dllcache\cscript.exe
2008-05-07 05:12:40 1292288 ------w- c:\windows\system32\dllcache\quartz.dll
2008-05-06 21:06:00 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2008-04-17 23:11:06 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2008-03-25 02:46:44 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2008-03-08 18:30:24 1409 ----a-w- c:\windows\QTFont.for
2008-02-21 22:52:50 -------- d-----w- c:\program files\Paint.NET
2008-02-21 22:52:46 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\Paint.NET
2008-02-16 16:39:08 8413 ----a-w- c:\windows\system32\drivers\mcstrm.sys
2008-02-16 16:37:38 -------- d-----w- c:\program files\Rhapsody
2008-02-10 23:45:07 -------- d-----w- c:\program files\MOV to AVI Converter
2008-02-10 23:40:18 -------- d-----w- c:\program files\MOV Converter
2008-02-10 23:27:36 356352 ----a-w- c:\windows\eSellerateEngine.dll
2008-02-10 23:25:07 -------- d-----w- c:\program files\common files\DeskShare Shared
2008-02-10 23:25:02 -------- d-----w- c:\program files\Digital Media Converter
2008-02-10 22:54:41 -------- d-----w- c:\program files\VideoLAN
2008-02-01 18:05:41 -------- d-----w- c:\program files\TaxCut
2008-02-01 15:40:01 -------- d-----w- c:\documents and settings\nevik roc\application data\Intuit
2008-02-01 15:32:33 -------- d-----w- c:\program files\TurboTax
2008-01-29 16:02:30 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2008-01-29 16:01:28 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-01-27 19:11:52 -------- d-----w- c:\program files\eMusic Download Manager
2008-01-26 16:26:34 -------- d-----w- c:\program files\Mahjong Towers Eternity
2008-01-26 16:26:04 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache
2008-01-26 16:26:03 -------- d-----w- c:\program files\bfgclient
2008-01-26 16:09:54 -------- d-----w- c:\program files\Sudoku
2008-01-26 16:09:54 -------- d-----w- c:\program files\BFG
2008-01-26 16:09:54 -------- d-----w- c:\documents and settings\nevik roc\application data\demo
2008-01-05 17:06:37 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\Google
2008-01-05 17:05:50 -------- d-----w- c:\windows\system32\IOSUBSYS
2008-01-05 17:05:42 -------- d-----w- c:\program files\Picasa3
2007-12-27 21:09:45 -------- d-----w- c:\program files\Netflix
2007-12-09 16:59:32 21248 ----a-w- c:\windows\system32\drivers\pfc.sys
2007-12-09 16:59:26 143360 ----a-w- c:\windows\system32\PhotoBase Screen Saver.scr
2007-12-09 16:59:22 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2007-12-09 16:57:48 45056 ----a-w- c:\windows\system32\PhDi2.sys
2007-12-05 02:24:53 -------- d-----w- C:\ce5300190664659aac067fcb9c4a25
2007-11-23 20:14:54 -------- d-----w- c:\windows\system32\ENU
2007-11-23 20:14:53 126976 ----a-w- c:\windows\system32\Imsmudlg.exe
2007-11-17 00:35:16 -------- d-----w- c:\program files\Windows Media Connect 2
2007-10-21 12:28:40 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\Apple
2007-10-19 22:22:39 14744 ----a-w- c:\documents and settings\nevik roc\application data\microsoft\identitycrl\production\ppcrlconfig.dll
2007-10-19 22:18:18 -------- d-----w- c:\program files\Microsoft Money Plus
2007-10-18 18:09:24 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2007-09-14 23:29:59 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\Steam
2007-08-26 14:44:19 369024 ----a-w- c:\windows\system32\drivers\bcmwl5.sys
2007-08-26 14:44:19 1396831 ----a-w- c:\windows\system32\AegisE5.dll
2007-08-26 14:44:18 651264 ----a-w- c:\windows\system32\libeay32.dll
2007-08-26 14:44:18 147456 ----a-w- c:\windows\system32\ssleay32.dll
2007-08-26 14:44:15 -------- d-----w- c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2007-08-25 18:00:26 -------- d-----w- c:\documents and settings\all users\application data\Trymedia
2007-08-25 17:43:58 -------- d-----w- C:\Downloads
2007-08-24 03:10:41 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\Mozilla
2007-08-24 00:43:00 69632 ----a-w- c:\windows\system32\javacpl.cpl
2007-08-20 10:04:34 59904 ----a-w- c:\windows\system32\dllcache\icardie.dll
2007-08-15 07:03:16 -------- d-----w- c:\program files\MSXML 6.0
2007-07-16 22:44:30 -------- d-----w- c:\windows\pss
2007-07-09 07:00:22 21408 ----a-w- c:\documents and settings\all users\application data\microsoft\identitycrl\production\ppcrlconfig.dll
2007-06-21 18:43:30 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2007-06-21 18:43:30 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2007-06-21 18:43:30 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2007-06-21 18:43:29 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2007-05-15 19:43:10 1372672 ----a-w- c:\windows\system32\msxml6.dll
2007-05-08 23:22:12 3698584 ----a-w- c:\windows\system32\dllcache\ieapfltr.dat
2007-05-08 23:22:12 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2007-05-08 23:22:11 602112 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2007-05-08 23:22:11 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2007-05-08 23:22:11 445952 ----a-w- c:\windows\system32\dllcache\ieapfltr.dll
2007-05-08 23:22:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2007-05-08 23:22:10 11082240 ------w- c:\windows\system32\dllcache\ieframe.dll
2007-04-12 15:43:15 -------- d-----w- c:\program files\Whale Communications
2007-04-10 21:21:08 163256 ----a-w- c:\program files\mozilla firefox\plugins\np-mswmp.dll
2007-04-03 00:33:10 629096 ----a-w- c:\program files\windows defender\MsMpRes.dll
2007-04-03 00:33:08 51560 ----a-w- c:\program files\windows defender\MpAsDesc.dll
2007-04-03 00:33:08 28520 ----a-w- c:\program files\windows defender\mpevmsg.dll
2007-03-14 02:47:48 -------- d-----w- c:\documents and settings\all users\application data\EPSON
2007-03-14 02:43:36 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2007-03-14 02:43:08 212480 ----a-w- c:\windows\PCDLIB32.DLL
2007-03-14 02:41:57 -------- d-----w- c:\program files\EPSON Print CD
2007-03-14 02:41:53 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2007-03-14 02:41:53 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2007-03-14 02:41:53 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2007-03-14 02:41:52 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2007-03-14 02:41:52 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2007-03-14 02:41:52 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2007-03-14 02:41:52 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2007-03-14 02:32:42 77824 ----a-w- c:\windows\system32\PICEntry.dll
2007-03-14 02:32:42 73728 ----a-w- c:\windows\system32\PICSDK.dll
2007-03-14 02:32:42 495616 ----a-w- c:\windows\system32\PICSDK2.dll
2007-03-14 02:32:42 114688 ----a-w- c:\windows\system32\EpPicPrt.dll
2007-03-14 02:32:41 65536 ----a-w- c:\windows\system32\EPPicMgr.dll
2007-03-14 02:32:21 75264 ----a-w- c:\windows\system32\E_FLBBPA.DLL
2007-03-14 02:32:21 62976 ----a-w- c:\windows\system32\E_FD4BBPA.DLL
2007-03-14 02:32:21 309760 ----a-w- c:\windows\system32\EAL32.DLL
2007-03-14 02:32:20 82944 ----a-w- c:\windows\system32\EAL.EXE
2007-03-14 02:31:57 -------- d-----w- c:\program files\epson
2007-03-14 02:31:55 63488 ----a-w- c:\windows\system32\escwiad.dll
2007-03-09 15:25:14 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\default\MpEngine.dll
2007-03-07 21:55:30 460080 ----a-w- c:\program files\windows defender\LegitLib.dll
2007-03-05 22:53:08 -------- d-----w- c:\windows\SxsCaPendDel
2007-03-02 15:54:08 -------- d-----w- c:\documents and settings\nevik roc\application data\Magic Set Editor
2007-02-28 08:41:16 111504 ----a-w- c:\program files\common files\microsoft shared\dw\1061\DWINTL20.DLL
2007-02-28 08:40:46 114024 ----a-w- c:\program files\common files\microsoft shared\dw\1026\DWINTL20.DLL
2007-02-28 08:38:44 113040 ----a-w- c:\program files\common files\microsoft shared\dw\1051\DWINTL20.DLL
2007-02-28 08:37:52 111440 ----a-w- c:\program files\common files\microsoft shared\dw\1058\DWINTL20.DLL
2007-02-28 08:37:46 112552 ----a-w- c:\program files\common files\microsoft shared\dw\1063\DWINTL20.DLL
2007-02-28 08:37:20 112016 ----a-w- c:\program files\common files\microsoft shared\dw\1055\DWINTL20.DLL
2007-02-28 08:28:56 114600 ----a-w- c:\program files\common files\microsoft shared\dw\1027\DWINTL20.DLL
2007-02-28 08:25:50 113072 ----a-w- c:\program files\common files\microsoft shared\dw\1062\DWINTL20.DLL
2007-02-28 08:25:46 113048 ----a-w- c:\program files\common files\microsoft shared\dw\1050\DWINTL20.DLL
2007-02-28 08:23:46 113048 ----a-w- c:\program files\common files\microsoft shared\dw\1048\DWINTL20.DLL
2007-02-28 08:22:46 112536 ----a-w- c:\program files\common files\microsoft shared\dw\1060\DWINTL20.DLL
2007-02-26 06:01:00 816528 ----a-w- c:\program files\common files\microsoft shared\dw\DW20.EXE
2007-02-26 06:01:00 437160 ----a-w- c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE
2007-02-16 06:49:32 115576 ----a-w- c:\program files\common files\microsoft shared\dw\1032\DWINTL20.DLL
2007-02-16 06:38:22 111984 ----a-w- c:\program files\common files\microsoft shared\dw\1038\DWINTL20.DLL
2007-02-16 04:00:46 1447296 ----a-w- c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
2007-02-10 14:33:33 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2007-02-10 14:33:33 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2007-02-10 14:33:05 -------- d-----w- c:\program files\McAfee
2007-02-10 14:32:54 -------- d-----w- c:\program files\common files\McAfee
2007-02-08 17:02:48 5632 ----a-w- c:\windows\system32\ptpusb.dll
2007-02-08 17:02:46 159232 ----a-w- c:\windows\system32\ptpusd.dll
2007-02-08 17:02:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2007-02-08 17:02:41 -------- d-----w- c:\program files\common files\Kodak
2007-01-30 23:58:01 107 ----a-w- c:\windows\wpd99.drv
2007-01-30 23:57:46 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2007-01-30 23:57:46 118784 ----a-w- c:\windows\system32\pdfmona.dll
2007-01-30 23:57:46 -------- d-----w- c:\documents and settings\all users\application data\pdf995
2007-01-27 18:29:01 16720 ----a-w- c:\documents and settings\nevik roc\application data\microsoft\identitycrl\prod\ppcrlconfig.dll
2007-01-27 18:28:06 -------- d-----w- c:\program files\common files\ComponentOne
2007-01-24 19:46:18 113056 ----a-w- c:\program files\common files\microsoft shared\dw\2070\DWINTL20.DLL
2007-01-09 17:01:44 112528 ----a-w- c:\program files\common files\microsoft shared\dw\1029\DWINTL20.DLL
2007-01-03 03:59:50 109832 ----a-w- c:\program files\common files\microsoft shared\dw\1049\DWINTL20.DLL
2006-12-18 08:18:30 77824 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2006-12-18 08:18:30 77824 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2006-12-11 23:19:20 -------- d-----w- c:\program files\FLVplayer
2006-12-09 05:11:00 109376 ----a-w- c:\program files\common files\microsoft shared\dw\1044\DWINTL20.DLL
2006-12-02 15:38:31 -------- d-----w- c:\windows\network diagnostic
2006-12-02 15:37:20 -------- d-----w- c:\program files\MSXML 4.0
2006-12-02 15:33:11 -------- d-----w- c:\windows\system32\LogFiles
2006-12-02 15:28:21 -------- d-----w- c:\program files\common files\Pure Networks Shared
2006-12-02 15:28:09 -------- d-----w- c:\program files\Pure Networks
2006-12-02 15:21:50 108872 ----a-w- c:\program files\common files\microsoft shared\dw\1030\DWINTL20.DLL
2006-12-02 15:18:26 108880 ----a-w- c:\program files\common files\microsoft shared\dw\1035\DWINTL20.DLL
2006-11-24 15:13:58 110928 ----a-w- c:\program files\common files\microsoft shared\dw\1045\DWINTL20.DLL
2006-11-24 15:13:00 110920 ----a-w- c:\program files\common files\microsoft shared\dw\1043\DWINTL20.DLL
2006-11-24 14:51:04 111440 ----a-w- c:\program files\common files\microsoft shared\dw\1040\DWINTL20.DLL
2006-11-24 14:50:30 108816 ----a-w- c:\program files\common files\microsoft shared\dw\1054\DWINTL20.DLL
2006-11-24 14:49:50 110416 ----a-w- c:\program files\common files\microsoft shared\dw\1046\DWINTL20.DLL
2006-11-24 14:48:20 109376 ----a-w- c:\program files\common files\microsoft shared\dw\1053\DWINTL20.DLL
2006-11-14 00:29:30 109840 ----a-w- c:\program files\common files\microsoft shared\dw\1081\DWINTL20.DLL
2006-11-08 02:03:36 33792 ------w- c:\program files\internet explorer\custsat.dll
2006-11-08 02:03:36 247808 ----a-w- c:\program files\internet explorer\ieproxy.dll
2006-11-08 02:03:36 236544 ----a-w- c:\windows\system32\dllcache\webcheck.dll
2006-11-08 02:03:36 156160 ----a-w- c:\windows\system32\dllcache\msls31.dll
2006-11-07 08:27:10 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2006-11-07 08:27:02 229376 ----a-w- c:\windows\system32\dllcache\ieaksie.dll
2006-11-07 08:26:56 125952 ----a-w- c:\windows\system32\dllcache\ieakeng.dll
2006-11-07 08:26:44 72704 ----a-w- c:\windows\system32\dllcache\admparse.dll
2006-11-07 08:26:42 71680 ----a-w- c:\windows\system32\dllcache\iesetup.dll
2006-11-07 08:26:28 55808 ----a-w- c:\windows\system32\dllcache\iernonce.dll
2006-11-07 08:26:28 174080 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2006-11-07 08:26:24 128512 ----a-w- c:\windows\system32\dllcache\advpack.dll
2006-11-07 08:25:58 10240 ----a-w- c:\windows\system32\advpack.dll.mui
2006-11-07 08:25:14 163840 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2006-11-03 23:20:52 11032 ----a-w- c:\program files\windows defender\MsMpLics.dll
2006-11-03 23:20:12 866584 ----a-w- c:\program files\windows defender\MSASCui.exe
2006-11-03 23:20:12 693016 ----a-w- c:\program files\windows defender\MpRtMon.dll
2006-11-03 23:20:10 513816 ----a-w- c:\program files\windows defender\MpSoftEx.dll
2006-11-03 23:20:08 320280 ----a-w- c:\program files\windows defender\MpClient.dll
2006-11-03 23:20:06 293144 ----a-w- c:\program files\windows defender\MpCmdRun.exe
2006-11-03 23:20:06 271128 ----a-w- c:\program files\windows defender\MpSvc.dll
2006-11-03 23:20:06 215320 ----a-w- c:\program files\windows defender\MsMpCom.dll
2006-11-03 23:20:04 140056 ----a-w- c:\program files\windows defender\MpSigDwn.dll
2006-11-03 23:20:02 85272 ----a-w- c:\program files\windows defender\MpOAv.dll
2006-11-03 23:20:00 83224 ----a-w- c:\program files\windows defender\MpShHook.dll
2006-11-03 23:19:58 13592 ----a-w- c:\program files\windows defender\MsMpEng.exe
2006-11-03 23:19:56 52504 ----a-w- c:\program files\windows defender\MpRtPlug.dll
2006-11-02 12:22:54 444136 ------w- c:\windows\system32\drivers\wdf01000.sys
2006-11-02 12:22:52 37608 ------w- c:\windows\system32\drivers\wdfldr.sys
2006-11-02 12:00:10 24136 ------w- c:\windows\system32\winusb.dll
2006-11-02 12:00:08 39368 ------w- c:\windows\system32\drivers\winusb.sys
2006-10-27 15:57:04 110936 ----a-w- c:\program files\common files\microsoft shared\dw\3082\DWINTL20.DLL
2006-10-27 13:46:36 112464 ----a-w- c:\program files\common files\microsoft shared\dw\1031\DWINTL20.DLL
2006-10-27 13:06:36 108824 ----a-w- c:\program files\common files\microsoft shared\dw\1037\DWINTL20.DLL
2006-10-27 13:04:04 108824 ----a-w- c:\program files\common files\microsoft shared\dw\1025\DWINTL20.DLL
2006-10-27 13:01:08 108816 ----a-w- c:\program files\common files\microsoft shared\dw\2052\DWINTL20.DLL
2006-10-27 11:59:44 111960 ----a-w- c:\program files\common files\microsoft shared\dw\1036\DWINTL20.DLL
2006-10-27 11:59:34 108816 ----a-w- c:\program files\common files\microsoft shared\dw\3076\DWINTL20.DLL
2006-10-27 11:55:12 108816 ----a-w- c:\program files\common files\microsoft shared\dw\1041\DWINTL20.DLL
2006-10-27 11:54:38 108816 ----a-w- c:\program files\common files\microsoft shared\dw\1028\DWINTL20.DLL
2006-10-27 11:52:08 108824 ----a-w- c:\program files\common files\microsoft shared\dw\1042\DWINTL20.DLL
2006-10-26 23:48:14 439568 ----a-w- c:\program files\common files\microsoft shared\dw\DWDCW20.DLL
2006-10-26 23:48:10 108872 ----a-w- c:\program files\common files\microsoft shared\dw\1033\DWINTL20.DLL
2006-10-20 02:05:35 -------- d-----w- c:\documents and settings\nevik roc\local settings\application data\Apple Computer
2006-10-20 02:05:04 -------- d-----w- c:\program files\iTunes
2006-10-19 01:05:26 204288 ------w- c:\program files\windows media player\wmpnscfg.exe
2006-10-19 01:05:24 913408 ------w- c:\program files\windows media player\wmpnetwk.exe
2006-10-19 01:04:40 493568 ------w- c:\program files\windows media player\wmdbexport.exe
2006-10-19 01:04:30 36864 ------w- c:\program files\windows media player\wmpshare.exe
2006-10-19 01:00:46 249856 ------w- c:\windows\system32\drmupgds.exe
2006-10-19 01:00:14 17408 ------w- c:\windows\system32\wpdshextautoplay.exe
2006-10-17 17:05:22 105984 ----a-w- c:\windows\system32\dllcache\url.dll
2006-10-17 17:05:10 43520 ----a-w- c:\windows\system32\dllcache\licmgr10.dll
2006-10-17 17:04:46 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2006-10-17 17:04:40 638816 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2006-10-17 17:02:20 1241088 ----a-w- c:\windows\system32\ieframe.dll.mui
2006-10-17 16:57:58 34816 ----a-w- c:\windows\system32\dllcache\imgutil.dll
2006-10-17 16:56:10 45568 ----a-w- c:\windows\system32\dllcache\mshta.exe
2006-10-17 16:44:36 68608 ----a-w- c:\windows\system32\dllcache\hmmapi.dll
2006-10-17 16:28:56 48128 ----a-w- c:\windows\system32\dllcache\mshtmler.dll
2006-10-14 08:13:25 974848 ------w- c:\windows\system32\dllcache\mfc42u.dll
2006-10-02 20:28:42 312128 ------w- c:\windows\system32\msdelta.dll
2006-09-29 01:13:26 39936 ------w- c:\windows\system32\WUDFCoinstaller.dll
2006-09-29 00:00:34 132224 ------w- c:\windows\system32\drivers\WudfRd.sys
2006-09-28 23:56:38 567808 ------w- c:\windows\system32\WUDFx.dll
2006-09-28 23:56:38 195584 ------w- c:\windows\system32\WudfHost.exe
2006-09-28 23:56:16 148480 ------w- c:\windows\system32\WudfPlatform.dll
2006-09-28 23:56:14 64512 ------w- c:\windows\system32\WudfSvc.dll
2006-09-28 23:55:50 91904 ------w- c:\windows\system32\drivers\WudfPf.sys
2006-09-18 14:15:52 758784 ----a-w- c:\windows\system32\dllcache\vgx.dll
2006-09-13 09:27:46 101888 ----a-w- c:\program files\common files\microsoft shared\dw\2068\DWINTL20.DLL
2006-08-24 20:15:06 150808 ----a-w- c:\windows\system32\rgb9rast_2.dll
2006-08-22 09:05:26 498742 ------w- c:\windows\system32\dllcache\dxmasf.dll
2006-08-21 14:52:08 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2006-07-07 15:49:13 -------- d-----w- C:\TDSSKiller_Quarantine
2006-07-07 05:18:04 -------- d-----w- c:\program files\Analog Devices
2006-06-29 13:05:44 26112 ----a-w- c:\windows\system32\idndl.dll
2006-06-29 13:05:44 23552 ----a-w- c:\windows\system32\normaliz.dll
2006-06-28 22:59:26 24576 ----a-w- c:\windows\system32\nlsdl.dll
2006-06-28 00:00:26 410928 ------w- c:\program files\windows media player\LegitLibM.dll
.
==================== Find3M ====================
.
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-28 00:13:41 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-05 12:54:07 110592 ----a-w- c:\windows\DUMPb42d.tmp
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-27 22:29:20 110592 ----a-w- c:\windows\DUMP9cfb.tmp
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-14 14:47:29 23040 ----a-w- c:\windows\system32\mciseq.dll
2011-10-14 14:47:29 176128 ----a-w- c:\windows\system32\winmm.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-03-13 15:28:58 71168 ----a-w- c:\windows\system32\LxrJD31s.exe
2011-03-13 15:28:58 69824 ----a-w- c:\windows\system32\drivers\LxrJD31d.sys
2011-03-13 15:28:58 61440 ----a-w- c:\windows\system32\LxrJD20Sat.dll
2011-03-13 15:28:58 249856 ----a-w- c:\windows\system32\LxrJD31.dll
2011-03-13 15:28:58 163840 ----a-w- c:\windows\system32\LxrJD31c.exe
2011-03-13 15:28:58 146432 ----a-w- c:\windows\system32\LxrJD31p.exe
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-17 13:18:03 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 17:32:15 551936 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-02 15:17:02 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-09-24 17:25:18 6144 ----a-w- c:\windows\system32\drivers\umdf\pt-pt\ZuneDriver.dll.mui
2010-09-24 17:25:10 6144 ----a-w- c:\windows\system32\drivers\umdf\pt-br\ZuneDriver.dll.mui
2010-09-24 17:25:02 6656 ----a-w- c:\windows\system32\drivers\umdf\nl-nl\ZuneDriver.dll.mui
2010-09-24 17:24:56 6656 ----a-w- c:\windows\system32\drivers\umdf\it-it\ZuneDriver.dll.mui
2010-09-24 17:24:48 6144 ----a-w- c:\windows\system32\drivers\umdf\fr-fr\ZuneDriver.dll.mui
2010-09-24 17:24:42 6656 ----a-w- c:\windows\system32\drivers\umdf\es-es\ZuneDriver.dll.mui
2010-09-24 17:24:34 6144 ----a-w- c:\windows\system32\drivers\umdf\de-de\ZuneDriver.dll.mui
2010-09-24 16:14:48 6144 ----a-w- c:\windows\system32\drivers\umdf\en-us\ZuneDriver.dll.mui
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 16:17:24 143422 ----a-w- c:\windows\system32\l3codecx.ax
2010-06-14 14:31:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-04-16 15:36:56 406016 ----a-w- c:\windows\system32\usp10.dll
2010-03-30 16:24:40 317440 ------w- c:\windows\system32\mp4sdecd.dll
2010-03-30 04:52:26 262416 ----a-w- c:\windows\system32\mpg4ds32.ax
2010-03-05 14:37:40 65536 ----a-w- c:\windows\system32\asycfilt.dll
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-29 14:43:39 307260 ----a-w- c:\windows\system32\l3codeca.acm
2010-01-13 14:01:25 86016 ----a-w- c:\windows\system32\cabview.dll
2009-12-24 06:59:40 177664 ----a-w- c:\windows\system32\wintrust.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 15:51:04 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 16:28:26 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 14:46:07 282654 ----a-w- c:\windows\system32\msaud32.acm
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
.
============= FINISH: 13:03:02.68 ===============

[End "dds.txt"]

Also attached is the "attach.txt" file. I have not been able to get the GMER scan to complete (the program keeps crashing/closing), so I do not have an "ark.txt" file.

Thank you in advance for your assistance, right now I'm paranoid that some sort of spyware/malware is trying to steal my secure passwords...

Thank you,
Kevin Corr
nevik@umich.edu

Attached Files



BC AdBot (Login to Remove)

 


#2 NevikRoc

NevikRoc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sterling Heights, MI
  • Local time:06:10 PM

Posted 01 April 2012 - 12:29 PM

Here is the screen-cap of the "This Connection is Untrusted" message (attached).

Attached Files



#3 NevikRoc

NevikRoc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sterling Heights, MI
  • Local time:06:10 PM

Posted 01 April 2012 - 12:41 PM

Another little "wrinkle"... noticed that the date on my computer was (somehow) set to July, 2006.

Reset to current date/time, still suspect malware of some sort...

#4 NevikRoc

NevikRoc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sterling Heights, MI
  • Local time:06:10 PM

Posted 06 April 2012 - 09:57 AM

Finally got the "GMER" utility to run... "ark.log" is attached, could still use some help with this.

Thanks,
Kevin

Attached Files

  • Attached File  ark.log   15.71KB   0 downloads


#5 NevikRoc

NevikRoc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sterling Heights, MI
  • Local time:06:10 PM

Posted 07 April 2012 - 05:21 AM

Attached is the log from running the Kaspersky Virus Removal Tool... deleted/quarantined 16 objects...

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:10 PM

Posted 07 April 2012 - 08:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start by running these tools.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#7 NevikRoc

NevikRoc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sterling Heights, MI
  • Local time:06:10 PM

Posted 07 April 2012 - 08:58 AM

Bonjour, nasdaq, thanks for the help. Here's the contents of the TDSSKiller "Report" (attached as a TXT file... I tried to copy & paste it directly into the reply, but I got an error saying my reply was too long.)

Attached Files



#8 NevikRoc

NevikRoc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sterling Heights, MI
  • Local time:06:10 PM

Posted 07 April 2012 - 09:09 AM

Log from the "Avast!" program...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 10:05:31
-----------------------------
10:05:31.399 OS Version: Windows 5.1.2600 Service Pack 3
10:05:31.399 Number of processors: 1 586 0x403
10:05:31.399 ComputerName: NEVIK UserName:
10:05:32.492 Initialize success
10:05:43.992 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:05:43.992 Disk 0 Vendor: ST316002 8.12 Size: 152587MB BusType: 3
10:05:44.039 Disk 0 MBR read successfully
10:05:44.039 Disk 0 MBR scan
10:05:44.039 Disk 0 unknown MBR code
10:05:44.039 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 62 MB offset 63
10:05:44.039 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 148891 MB offset 128520
10:05:44.070 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3631 MB offset 305058285
10:05:44.070 Disk 0 scanning sectors +312496380
10:05:44.117 Disk 0 scanning C:\WINDOWS\system32\drivers
10:05:55.867 Service scanning
10:06:10.602 Modules scanning
10:06:25.977 Disk 0 trace - called modules:
10:06:26.008 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:06:26.039 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89eacab8]
10:06:26.039 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a855030]
10:06:26.039 Scan finished successfully
10:07:46.180 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nevik Roc\My Documents\Downloads\MBR.dat"
10:07:46.180 The log file has been saved successfully to "C:\Documents and Settings\Nevik Roc\My Documents\Downloads\aswMBR.txt"

#9 NevikRoc

NevikRoc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sterling Heights, MI
  • Local time:06:10 PM

Posted 07 April 2012 - 09:10 AM

And the zipped "MBR.dat" file, as requested... thanks again, in advance.

Attached Files

  • Attached File  MBR.zip   579bytes   0 downloads


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:10 PM

Posted 07 April 2012 - 09:34 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs and let me know if the problem persists.


P.S.
Leaving now. Will be back tomorrow morning.

#11 NevikRoc

NevikRoc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sterling Heights, MI
  • Local time:06:10 PM

Posted 07 April 2012 - 11:56 AM

(Log from "SecurityCheck" copy-and-pasted below... "ComboFix" log attached as requested)

* * *

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton AntiVirus
CA eTrust PestPatrol
```````````````````````````````
Anti-malware/Other Utilities Check:

Windows Defender
Java™ 6 Update 2
Java™ 6 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of date!
Adobe Flash Player 11.1.102.62
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
eTrust PestPatrol PPActiveDetection.exe
``````````End of Log````````````

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:10 PM

Posted 07 April 2012 - 12:36 PM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 2
Java™ 6 Update 3
Java 2 Runtime Environment, SE v1.4.2_03


===

Any remaining issues with this computer.

#13 NevikRoc

NevikRoc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sterling Heights, MI
  • Local time:06:10 PM

Posted 08 April 2012 - 09:10 AM

Removed old versions and re-installed Java as you suggested... my computer seems to be running a lot faster/smoother now, thanks again for your help.

How can I make a "donation?" ; )

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:10 PM

Posted 08 April 2012 - 09:38 AM

Glad we could help.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:10 PM

Posted 14 April 2012 - 07:48 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users