Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDL4 aswmbr removed, now can only boot in safe mode


  • This topic is locked This topic is locked
9 replies to this topic

#1 NickPower

NickPower

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 02 May 2012 - 04:19 PM

Hello,
I suspected a virus on a friends computer, scanned with malwarebytes and found some adware and trojan.Tracur, Exploit.Drop9. Rebooted and scanned with aswMBR and it found tdl4 rootkit and other items. Sorry I forgot to save a log. Now I can not boot in regular mode only safe mode. I have a Farbar log any help would be much appreciated.

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 01-05-2012 16:18:44
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [X]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

================================ Services (Whitelisted) ==================

2 AgereModemAudio; C:\Windows\system32\agrsmsvc.exe [9216 2006-10-05] (Agere Systems)
2 Ati External Event Utility; C:\Windows\System32\Ati2evxx.exe [671744 2008-04-22] (ATI Technologies Inc.)
2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [40960 2008-04-16] (TOSHIBA CORPORATION)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [165416 2008-01-29] (WildTangent, Inc.)
3 GoogleDesktopManager-022208-143751; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [29744 2008-05-05] (Google)
2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [135664 2010-02-01] (Google Inc.)
3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [135664 2010-02-01] (Google Inc.)
3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
3 SmartFaceVWatchSrv; "C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe" [73728 2008-04-24] (Toshiba)
3 Symantec RemoteAssist; "C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [394704 2008-02-01] (Symantec, Inc.)
2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-04-10] (TOSHIBA Corporation)
2 TODDSrv; C:\Windows\system32\TODDSrv.exe [129632 2007-11-21] (TOSHIBA Corporation)
2 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [431456 2008-02-06] (TOSHIBA Corporation)
2 TOSHIBA SMART Log Service; "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [126976 2007-12-03] (TOSHIBA Corporation)
2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [x]
2 Updater Service for StartNow Toolbar; C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe [x]

========================== Drivers (Whitelisted) =============

3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1161888 2006-11-28] (Agere Systems)
3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [3551232 2008-04-22] (ATI Technologies Inc.)
0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [7680 2006-10-30] (ATI Technologies Inc.)
3 FwLnk; C:\Windows\System32\DRIVERS\FwLnk.sys [7168 2006-11-20] (TOSHIBA Corporation)
1 jswpslwf; C:\Windows\System32\DRIVERS\jswpslwf.sys [20384 2008-04-28] (Atheros Communications, Inc.)
4 KR10I; C:\Windows\System32\drivers\kr10i.sys [219264 2006-11-08] (TOSHIBA CORPORATION)
4 KR10N; C:\Windows\System32\drivers\kr10n.sys [211072 2006-11-08] (TOSHIBA CORPORATION)
3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2007-01-09] (Chic)
4 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [33384 2006-11-02] (LSI Logic Corporation)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [164864 2009-05-25] (Realtek )
3 RTSTOR; C:\Windows\System32\drivers\RTSTOR.SYS [64000 2009-03-26] (Realtek Semiconductor Corp.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2012-05-01] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2012-05-01] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2012-05-01] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
4 SiSRaid2; C:\Windows\System32\drivers\sisraid2.sys [41016 2008-01-20] (Microsoft Corporation)
3 SVRPEDRV; \??\C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [24200 2007-12-14] (TOSHIBA Corporation.)
3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [42368 2009-10-22] (Todos Data System AB)
0 tos_sps32; C:\Windows\System32\DRIVERS\tos_sps32.sys [285184 2008-04-10] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23640 2007-11-09] (TOSHIBA Corporation)
4 UlSata; C:\Windows\System32\drivers\ulsata.sys [98408 2006-11-02] (Promise Technology, Inc.)
4 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [115816 2008-01-20] (Promise Technology, Inc.)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-01 16:18 - 2012-04-05 15:37 - 0000000 ____D C:\FRST
2012-05-01 12:13 - 2007-11-07 04:00 - 2950524928 __ASH C:\hiberfil.sys
2012-05-01 11:01 - 2008-05-05 01:49 - 0000000 ___SD C:\ComboFix
2012-05-01 10:34 - 2009-05-28 13:43 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-01 10:34 - 2009-05-22 07:08 - 0208896 ____A C:\Windows\MBR.exe
2012-05-01 10:34 - 2008-05-05 10:41 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-01 10:34 - 2008-02-14 06:54 - 0068096 ____A C:\Windows\zip.exe
2012-05-01 10:34 - 2006-11-02 04:37 - 0256000 ____A C:\Windows\PEV.exe
2012-05-01 10:34 - 2006-11-02 03:18 - 0098816 ____A C:\Windows\sed.exe
2012-05-01 10:34 - 2006-11-02 02:22 - 0080412 ____A C:\Windows\grep.exe
2012-05-01 10:34 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-01 10:31 - 2012-01-30 16:59 - 0000000 ____D C:\Qoobox
2012-05-01 10:31 - 2006-11-02 04:42 - 0000000 ____D C:\Windows\ERDNT
2012-05-01 10:30 - 2009-07-27 04:42 - 4480463 ____R (Swearware) C:\Users\Anna-Maria\Desktop\ComboFix.exe
2012-05-01 09:38 - 2006-11-02 04:42 - 0000000 ____D C:\Windows\Standalone System Sweeper
2012-05-01 07:35 - 2011-07-09 15:58 - 0000000 ____D C:\Program Files\ESET
2012-05-01 06:24 - 2006-11-02 01:44 - 268435456 __ASH C:\Windows\System32\temppf.sys
2012-05-01 05:45 - 2010-10-15 05:51 - 0920096 ____A C:\Users\Anna-Maria\Desktop\Norton_Removal_Tool.exe
2012-05-01 05:44 - 2010-06-09 12:58 - 2322184 ____A (ESET) C:\Users\Anna-Maria\Desktop\esetsmartinstaller_enu.exe
2012-04-30 12:59 - 2011-05-30 15:24 - 0000917 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-30 12:53 - 2012-05-01 10:31 - 0000370 ____A C:\rkill.log
2012-04-30 12:52 - 2011-04-26 15:20 - 1008092 ____A C:\Users\Anna-Maria\Desktop\rkill.exe
2012-04-30 12:42 - 2008-01-20 18:23 - 0364342 ____A C:\Windows\ntbtlog.txt
2012-04-30 11:33 - 2011-06-02 10:01 - 4730880 ____A (AVAST Software) C:\Users\Anna-Maria\Desktop\aswMBR.exe
2012-04-14 15:54 - 2012-02-09 04:51 - 0025088 ____A C:\Users\Anna-Maria\Documents\Cherrydale 90 day move out clause.doc
2012-04-11 18:04 - 2008-09-06 03:49 - 0024064 ____A C:\Users\Anna-Maria\Documents\RENTAL INCOME CHERRYDALY 2012.doc
2012-04-11 16:10 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-11 16:10 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-11 16:10 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-11 16:10 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-11 16:10 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-11 16:10 - 2011-05-02 09:16 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-11 16:10 - 2011-04-08 17:35 - 9705984 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-11 16:10 - 2011-04-08 17:35 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-11 16:10 - 2011-04-08 17:35 - 12281856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-11 16:10 - 2011-04-08 17:35 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-11 16:10 - 2009-08-24 03:36 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-11 16:10 - 2008-01-20 18:23 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-11 16:10 - 2006-11-02 01:46 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-11 16:09 - 2009-04-10 19:32 - 0012800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-11 16:09 - 2008-01-20 18:24 - 0172032 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-11 16:09 - 2006-11-02 04:35 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-11 16:09 - 2006-11-02 01:44 - 0157696 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-11 11:51 - 2008-05-05 10:27 - 0001726 ____A C:\Users\Public\Desktop\Content Manager.lnk
2012-04-11 11:50 - 2012-05-01 11:09 - 0000000 ____D C:\Program Files\Content Manager
2012-04-11 10:00 - 2011-12-25 06:12 - 0473632 ____A C:\Users\Anna-Maria\LeeClerk Village Green Amendment 2003.pdf
2012-04-10 14:57 - 2011-08-17 17:43 - 0000000 ____D C:\Program Files\goodsearchtb
2012-04-10 09:17 - 2012-04-10 09:19 - 21942774 ____A C:\Users\Anna-Maria\Downloads\scan0055 (1).bmp
2012-04-10 09:17 - 2012-03-26 14:40 - 24774610 ____A C:\Users\Anna-Maria\Downloads\scan0050.bmp
2012-04-10 09:16 - 2012-04-10 09:19 - 21942774 ____A C:\Users\Anna-Maria\Downloads\scan0055.bmp
2012-04-09 09:13 - 2003-12-20 13:20 - 0375018 ____A C:\Users\Anna-Maria\Documents\Village Green Section 10 Amendment.pdf
2012-04-09 09:12 - 2012-04-09 09:13 - 1687534 ____A C:\Users\Anna-Maria\Documents\Village Green Section 10.pdf
2012-04-09 08:50 - 2012-03-30 07:44 - 0139363 ____A C:\Users\Anna-Maria\Downloads\20120409121233139.pdf
2012-04-08 17:02 - 2012-04-04 15:11 - 4523528 ____A C:\Users\Anna-Maria\Downloads\5685_Bolla_Ct._Final_contract_w-buyers_signatures (1).pdf
2012-04-08 16:55 - 2012-04-08 17:02 - 4523528 ____A C:\Users\Anna-Maria\Downloads\5685_Bolla_Ct._Final_contract_w-buyers_signatures.pdf
2012-04-07 16:18 - 2009-04-10 19:28 - 0189952 ____A (Microsoft Corporation) C:\Windows\System32\winmm.dll
2012-04-07 16:18 - 2006-11-02 01:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\mciseq.dll
2012-04-07 12:21 - 2012-04-08 16:55 - 6667887 ____A C:\Users\Anna-Maria\Downloads\5885_Bolla_Ct.pdf
2012-04-07 04:55 - 2012-04-11 17:17 - 0000000 ____D C:\Windows\Minidump
2012-04-07 04:55 - 2010-10-15 09:17 - 184188980 ____A C:\Windows\MEMORY.DMP
2012-04-07 04:55 - - 0135232 ____A C:\Windows\Minidump\Mini040712-01.dmp
2012-04-07 04:04 - - 0001898 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-07 04:04 - - 0000000 ____D C:\Program Files\Adobe
2012-04-05 15:37 - 2012-02-28 14:58 - 0000000 __SHD C:\found.002
2012-04-04 15:23 - 2012-04-04 15:21 - 0072147 ____A C:\Users\Anna-Maria\Downloads\30793-confirmation-cendant (5).pdf
2012-04-04 15:21 - 2012-04-04 15:15 - 0073048 ____A C:\Users\Anna-Maria\Downloads\30793-confirmation-cendant (4).pdf
2012-04-04 15:15 - 2012-04-04 15:15 - 0072147 ____A C:\Users\Anna-Maria\Downloads\30793-confirmation-cendant (3).pdf
2012-04-04 15:15 - 2012-04-04 15:13 - 0073048 ____A C:\Users\Anna-Maria\Downloads\30793-confirmation-cendant (2).pdf
2012-04-04 15:13 - 2012-03-30 16:03 - 0073048 ____A C:\Users\Anna-Maria\Downloads\30793-confirmation-cendant (1).pdf
2012-04-04 15:11 - 2012-04-04 15:23 - 0072147 ____A C:\Users\Anna-Maria\Downloads\30793-confirmation-cendant.pdf
2012-04-02 14:07 - 2008-12-23 04:50 - 0053760 ____A C:\Users\Anna-Maria\Documents\Build a simple cat shelter.doc

============ 3 Months Modified Files and Folders ===============

2012-05-01 16:18 - 2012-05-01 16:18 - 0000000 ____D C:\FRST
2012-05-01 12:15 - 2012-05-01 12:13 - 2950524928 __ASH C:\hiberfil.sys
2012-05-01 12:15 - 2012-05-01 06:24 - 268435456 __ASH C:\Windows\System32\temppf.sys
2012-05-01 12:15 - 2006-11-02 05:01 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-01 11:50 - 2012-04-30 12:42 - 0364342 ____A C:\Windows\ntbtlog.txt
2012-05-01 11:49 - 2006-11-02 02:33 - 0707392 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-01 11:47 - 2012-04-30 12:53 - 0000370 ____A C:\rkill.log
2012-05-01 11:38 - 2009-07-27 07:31 - 0000000 ____D C:\Windows\pss
2012-05-01 11:13 - 2012-05-01 11:01 - 0000000 ___SD C:\ComboFix
2012-05-01 11:13 - 2012-05-01 10:31 - 0000000 ____D C:\Windows\ERDNT
2012-05-01 10:47 - 2006-11-02 02:23 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-01 10:32 - 2012-05-01 10:30 - 4480463 ____R (Swearware) C:\Users\Anna-Maria\Desktop\ComboFix.exe
2012-05-01 10:31 - 2012-05-01 10:31 - 0000000 ____D C:\Qoobox
2012-05-01 09:52 - 2009-07-27 04:43 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-01 09:38 - 2012-05-01 09:38 - 0000000 ____D C:\Windows\Standalone System Sweeper
2012-05-01 07:35 - 2012-05-01 07:35 - 0000000 ____D C:\Program Files\ESET
2012-05-01 06:23 - 2009-04-17 18:20 - 1251247 ____A C:\Windows\WindowsUpdate.log
2012-05-01 06:23 - 2006-11-02 05:01 - 0032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-01 06:23 - 2006-11-02 04:47 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-01 06:23 - 2006-11-02 04:47 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-01 06:09 - 2010-02-01 04:22 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-01 05:52 - 2010-02-01 04:22 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-01 05:52 - 2009-07-25 04:24 - 0000236 ____A C:\Windows\Tasks\PersonalAV.job
2012-05-01 05:51 - 2009-07-27 04:56 - 0093522 ____A C:\Windows\PFRO.log
2012-05-01 05:51 - 2009-07-23 04:25 - 0000000 ____D C:\Program Files\Norton 360
2012-05-01 05:49 - 2009-07-23 04:20 - 0000000 ____D C:\Users\All Users\Norton
2012-05-01 05:49 - 2009-07-23 04:20 - 0000000 ____D C:\ProgramData\Norton
2012-05-01 05:49 - 2008-05-05 10:49 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-05-01 05:47 - 2008-05-05 10:50 - 0000000 ____D C:\Users\All Users\Symantec
2012-05-01 05:47 - 2008-05-05 10:50 - 0000000 ____D C:\ProgramData\Symantec
2012-05-01 05:46 - 2009-07-23 04:20 - 0000000 ____D C:\Users\All Users\NortonInstaller
2012-05-01 05:46 - 2009-07-23 04:20 - 0000000 ____D C:\ProgramData\NortonInstaller
2012-05-01 05:44 - 2012-05-01 05:45 - 0920096 ____A C:\Users\Anna-Maria\Desktop\Norton_Removal_Tool.exe
2012-05-01 05:41 - 2009-07-27 06:09 - 0006696 ____A C:\Windows\setupact.log
2012-05-01 05:11 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\ModemLogs
2012-04-30 12:59 - 2012-04-30 12:59 - 0000917 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-30 12:59 - 2009-05-22 06:58 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-30 10:16 - 2011-05-19 17:21 - 0000000 ____D C:\Users\Anna-Maria\AppData\Roaming\Skype
2012-04-29 04:14 - 2009-05-22 02:05 - 0000000 ____D C:\Users\Anna-Maria\AppData\Local\ATI
2012-04-27 07:36 - 2012-05-01 05:44 - 2322184 ____A (ESET) C:\Users\Anna-Maria\Desktop\esetsmartinstaller_enu.exe
2012-04-16 18:09 - 2009-06-01 12:31 - 0002609 ____A C:\Users\Anna-Maria\Desktop\Microsoft Office Word 2003.lnk
2012-04-16 16:22 - 2011-05-19 17:24 - 0001982 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-04-15 11:28 - 2011-07-09 15:59 - 0000354 ____A C:\Windows\Tasks\Driver Robot.job
2012-04-14 15:54 - 2012-04-14 15:54 - 0025088 ____A C:\Users\Anna-Maria\Documents\Cherrydale 90 day move out clause.doc
2012-04-14 04:18 - 2012-01-10 08:09 - 0027648 ____A C:\Users\Anna-Maria\Documents\GOOD MORNING pet care instructions jan2012.doc
2012-04-14 04:11 - 2012-01-10 07:08 - 0031744 ____A C:\Users\Anna-Maria\Documents\dagligt schema för de fyrfotade jan2012.doc
2012-04-11 18:04 - 2012-04-11 18:04 - 0024064 ____A C:\Users\Anna-Maria\Documents\RENTAL INCOME CHERRYDALY 2012.doc
2012-04-11 17:17 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\Microsoft.NET
2012-04-11 16:04 - 2006-11-02 02:24 - 55154568 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-04-11 11:59 - 2012-04-11 11:50 - 0000000 ____D C:\Program Files\Content Manager
2012-04-11 11:51 - 2012-04-11 11:51 - 0001726 ____A C:\Users\Public\Desktop\Content Manager.lnk
2012-04-11 11:50 - 2008-05-05 10:00 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2012-04-11 10:00 - 2012-04-11 10:00 - 0473632 ____A C:\Users\Anna-Maria\LeeClerk Village Green Amendment 2003.pdf
2012-04-11 10:00 - 2009-05-22 02:04 - 0000000 ____D C:\users\Anna-Maria
2012-04-11 04:29 - 2009-05-22 06:33 - 0168448 ____A C:\Users\Anna-Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-10 14:57 - 2012-04-10 14:57 - 0000000 ____D C:\Program Files\goodsearchtb
2012-04-10 14:57 - 2009-05-22 02:04 - 0000000 ____D C:\Users\Anna-Maria\AppData\LocalLow
2012-04-10 14:15 - 2012-04-07 04:04 - 0001898 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-10 09:19 - 2012-04-10 09:17 - 24774610 ____A C:\Users\Anna-Maria\Downloads\scan0050.bmp
2012-04-10 09:19 - 2012-04-10 09:17 - 21942774 ____A C:\Users\Anna-Maria\Downloads\scan0055 (1).bmp
2012-04-10 09:17 - 2012-04-10 09:16 - 21942774 ____A C:\Users\Anna-Maria\Downloads\scan0055.bmp
2012-04-09 09:13 - 2012-04-09 09:13 - 0375018 ____A C:\Users\Anna-Maria\Documents\Village Green Section 10 Amendment.pdf
2012-04-09 09:12 - 2012-04-09 09:12 - 1687534 ____A C:\Users\Anna-Maria\Documents\Village Green Section 10.pdf
2012-04-09 08:50 - 2012-04-09 08:50 - 0139363 ____A C:\Users\Anna-Maria\Downloads\20120409121233139.pdf
2012-04-08 17:02 - 2012-04-08 17:02 - 4523528 ____A C:\Users\Anna-Maria\Downloads\5685_Bolla_Ct._Final_contract_w-buyers_signatures (1).pdf
2012-04-08 16:55 - 2012-04-08 16:55 - 4523528 ____A C:\Users\Anna-Maria\Downloads\5685_Bolla_Ct._Final_contract_w-buyers_signatures.pdf
2012-04-07 12:22 - 2012-04-07 12:21 - 6667887 ____A C:\Users\Anna-Maria\Downloads\5885_Bolla_Ct.pdf
2012-04-07 07:52 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\System32\spool
2012-04-07 07:52 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-07 07:52 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\rescache
2012-04-07 07:52 - 2006-11-02 02:22 - 40108032 ____A C:\Windows\System32\config\software_previous
2012-04-07 07:52 - 2006-11-02 02:22 - 18087936 ____A C:\Windows\System32\config\system_previous
2012-04-07 07:51 - 2011-12-06 10:50 - 0000000 ____D C:\Program Files\Shop to Win 22
2012-04-07 07:51 - 2011-08-30 05:57 - 0000000 ____D C:\Users\All Users\HP Product Assistant
2012-04-07 07:51 - 2011-08-30 05:57 - 0000000 ____D C:\ProgramData\HP Product Assistant
2012-04-07 07:51 - 2011-05-19 17:20 - 0000000 ___RD C:\Program Files\Skype
2012-04-07 07:51 - 2011-02-20 04:25 - 0000000 ____D C:\Program Files\Coupons
2012-04-07 07:51 - 2009-07-27 04:42 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-04-07 07:51 - 2009-07-27 04:42 - 0000000 ____D C:\Program Files\CCleaner
2012-04-07 07:51 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\registration
2012-04-07 07:48 - 2009-07-23 10:13 - 0000000 ____D C:\Users\Anna-Maria\AppData\Local\The Weather Channel
2012-04-07 07:42 - 2006-11-02 02:22 - 33030144 ____A C:\Windows\System32\config\components_previous
2012-04-07 07:42 - 2006-11-02 02:22 - 0262144 ____A C:\Windows\System32\config\sam_previous
2012-04-07 04:55 - 2012-04-07 04:55 - 184188980 ____A C:\Windows\MEMORY.DMP
2012-04-07 04:55 - 2012-04-07 04:55 - 0135232 ____A C:\Windows\Minidump\Mini040712-01.dmp
2012-04-07 04:55 - 2012-04-07 04:55 - 0000000 ____D C:\Windows\Minidump
2012-04-07 04:55 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-07 04:04 - 2012-04-07 04:04 - 0000000 ____D C:\Program Files\Adobe
2012-04-07 04:04 - 2010-10-15 11:00 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-04-07 04:04 - 2008-05-05 10:23 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-07 04:04 - 2008-05-05 10:23 - 0000000 ____D C:\ProgramData\Adobe
2012-04-06 18:06 - 2006-11-02 02:22 - 0786432 ____A C:\Windows\System32\config\default_previous
2012-04-06 18:06 - 2006-11-02 02:22 - 0262144 ____A C:\Windows\System32\config\security_previous
2012-04-05 15:37 - 2012-04-05 15:37 - 0000000 __SHD C:\found.002
2012-04-04 15:23 - 2012-04-04 15:23 - 0072147 ____A C:\Users\Anna-Maria\Downloads\30793-confirmation-cendant (5).pdf
2012-04-04 15:21 - 2012-04-04 15:21 - 0073048 ____A C:\Users\Anna-Maria\Downloads\30793-confirmation-cendant (4).pdf
2012-04-04 15:15 - 2012-04-04 15:15 - 0073048 ____A C:\Users\Anna-Maria\Downloads\30793-confirmation-cendant (2).pdf
2012-04-04 15:15 - 2012-04-04 15:15 - 0072147 ____A C:\Users\Anna-Maria\Downloads\30793-confirmation-cendant (3).pdf
2012-04-04 15:13 - 2012-04-04 15:13 - 0073048 ____A C:\Users\Anna-Maria\Downloads\30793-confirmation-cendant (1).pdf
2012-04-04 15:11 - 2012-04-04 15:11 - 0072147 ____A C:\Users\Anna-Maria\Downloads\30793-confirmation-cendant.pdf
2012-04-04 11:56 - 2009-05-22 06:58 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 18:14 - 2009-07-23 04:25 - 0000000 ____D C:\Windows\System32\Drivers\N360
2012-04-02 14:07 - 2012-04-02 14:07 - 0053760 ____A C:\Users\Anna-Maria\Documents\Build a simple cat shelter.doc
2012-03-30 16:03 - 2012-03-30 16:03 - 0327641 ____A C:\Users\Anna-Maria\Downloads\2012_april_30_bayshore_extension_001.jpg
2012-03-30 14:51 - 2012-03-30 14:51 - 3493888 ____A C:\Users\Anna-Maria\Downloads\Planeta_tiera.pps
2012-03-30 14:51 - 2012-03-30 14:51 - 3493888 ____A C:\Users\Anna-Maria\Downloads\Planeta_tiera (2).pps
2012-03-30 14:51 - 2012-03-30 14:51 - 3493888 ____A C:\Users\Anna-Maria\Downloads\Planeta_tiera (1).pps
2012-03-30 07:44 - 2012-03-30 07:44 - 0102540 ____A C:\Users\Anna-Maria\Downloads\20120330110540288.pdf
2012-03-30 07:40 - 2012-03-30 07:40 - 0025106 ____A C:\Users\Anna-Maria\Downloads\Title_Commitment_Update_Endorsement.pdf
2012-03-29 11:22 - 2012-03-29 11:22 - 3114274 ____A C:\Users\Anna-Maria\Downloads\Adam_Elhadi_kontraktforlangning0001.pdf
2012-03-28 10:33 - 2012-03-28 10:33 - 0020951 ____A C:\Users\Anna-Maria\Downloads\20120328121717310.pdf
2012-03-28 09:54 - 2010-06-13 14:00 - 0021200 ____A C:\Windows\DPINST.LOG
2012-03-28 09:53 - 2012-03-28 09:53 - 0000000 ____D C:\Users\Anna-Maria\AppData\Roaming\InstallShield
2012-03-27 11:28 - 2012-03-27 11:28 - 0515496 ____A C:\Users\Anna-Maria\Downloads\20120327145916449.pdf
2012-03-26 14:42 - 2012-03-26 14:42 - 0018432 ____A C:\Users\Anna-Maria\Downloads\PROPERTY_MAIN (3).wps
2012-03-26 14:42 - 2012-03-26 14:42 - 0018432 ____A C:\Users\Anna-Maria\Downloads\PROPERTY_MAIN (2).wps
2012-03-26 14:41 - 2012-03-26 14:41 - 0018432 ____A C:\Users\Anna-Maria\Downloads\PROPERTY_MAIN (1).wps
2012-03-26 14:40 - 2012-03-26 14:40 - 0018432 ____A C:\Users\Anna-Maria\Downloads\PROPERTY_MAIN.wps
2012-03-26 11:39 - 2012-03-26 11:39 - 0280923 ____A C:\Users\Anna-Maria\Downloads\Closing_Documents (3).pdf
2012-03-26 11:20 - 2012-03-26 11:20 - 0280923 ____A C:\Users\Anna-Maria\Downloads\Closing_Documents (2).pdf
2012-03-26 11:19 - 2012-03-26 11:19 - 0280923 ____A C:\Users\Anna-Maria\Downloads\Closing_Documents (1).pdf
2012-03-26 11:16 - 2012-03-26 11:16 - 0122069 ____A C:\Users\Anna-Maria\Downloads\HUD_1.pdf
2012-03-26 11:13 - 2012-03-26 11:13 - 0280923 ____A C:\Users\Anna-Maria\Downloads\Closing_Documents.pdf
2012-03-26 06:10 - 2012-03-26 06:10 - 0125531 ____A C:\Users\Anna-Maria\Downloads\Ethics_Requirement_Class_REV_3-22-12 (1).pdf
2012-03-23 10:25 - 2012-03-23 10:25 - 0201825 ____A C:\Users\Anna-Maria\Downloads\20120323130152358.pdf
2012-03-23 10:21 - 2012-03-23 10:21 - 0060123 ____A C:\Users\Anna-Maria\Downloads\20120323130445663.pdf
2012-03-21 16:06 - 2012-03-21 16:06 - 0000000 ____D C:\Program Files\Inbox Toolbar
2012-03-21 14:57 - 2012-03-21 14:57 - 0086016 ____A C:\Users\Anna-Maria\Downloads\Periodic ethics training.doc
2012-03-21 13:19 - 2012-03-21 13:19 - 0125531 ____A C:\Users\Anna-Maria\Downloads\Ethics_Requirement_Class_REV_3-22-12.pdf
2012-03-17 04:19 - 2012-03-17 04:19 - 5508096 ____A C:\Users\Anna-Maria\Downloads\BosqueTallado.PPS
2012-03-16 18:24 - 2012-03-16 18:24 - 0025600 ____A C:\Users\Anna-Maria\Documents\Börje16eMarch2012.doc
2012-03-16 04:18 - 2012-03-16 04:17 - 1866240 ____A C:\Users\Anna-Maria\Downloads\degeestv.pps
2012-03-15 18:34 - 2012-03-15 18:34 - 0102990 ____A C:\Users\Anna-Maria\Downloads\photo (1).JPG
2012-03-14 15:56 - 2012-03-14 15:56 - 0114636 ____A C:\Users\Anna-Maria\Downloads\ATT00001 (1).bin
2012-03-14 15:55 - 2012-03-14 15:55 - 0114636 ____A C:\Users\Anna-Maria\Downloads\ATT00001.bin
2012-03-07 06:16 - 2012-03-07 06:15 - 4041887 ____A C:\Users\Anna-Maria\Downloads\vehicle_theft_made_easy.wmv
2012-03-07 00:01 - 2012-03-07 00:01 - 0000000 ____D C:\f027e4079b4d2a02f7
2012-03-06 09:45 - 2012-04-30 11:33 - 4730880 ____A (AVAST Software) C:\Users\Anna-Maria\Desktop\aswMBR.exe
2012-03-05 09:51 - 2012-03-05 09:51 - 0196518 ____A C:\Users\Anna-Maria\Downloads\20120305092151686.pdf
2012-03-04 17:45 - 2012-03-04 17:45 - 0024064 ____A C:\Users\Anna-Maria\Documents\BÖRJES PACKLISTA.doc
2012-03-04 09:14 - 2012-03-04 09:13 - 6958604 ____A C:\Users\Anna-Maria\Downloads\SWIMMIGWITHAFRISKYDLOPHIN.WMV
2012-03-03 08:27 - 2012-03-03 08:27 - 0172778 ____A C:\Users\Anna-Maria\Downloads\Eleanor and Footies.jpg
2012-03-03 08:26 - 2012-03-03 08:26 - 0172778 ____A C:\Users\Anna-Maria\Downloads\IMG_5865.jpg
2012-03-01 18:51 - 2012-03-01 18:51 - 0000928 ____A C:\{3AA944DB-38AE-402F-B108-B0FDB6B9FAD8}
2012-03-01 04:54 - 2009-05-23 10:28 - 0026624 ____A C:\Users\Anna-Maria\Documents\meds for Anna.doc
2012-02-29 15:54 - 2012-02-29 15:54 - 0148775 ____A C:\Users\Anna-Maria\Downloads\20120229_184128_00005.pdf
2012-02-29 15:37 - 2012-02-29 15:37 - 0013232 ____A C:\Windows\System32\hs_err_pid2372.log
2012-02-29 07:11 - 2012-04-11 16:09 - 0172032 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 07:11 - 2012-04-11 16:09 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 07:09 - 2012-04-11 16:09 - 0157696 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 05:32 - 2012-04-11 16:09 - 0012800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-28 14:58 - 2012-02-28 14:58 - 0000000 __SHD C:\found.001
2012-02-27 17:52 - 2012-04-11 16:10 - 12281856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 17:27 - 2012-04-11 16:10 - 9705984 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 17:18 - 2012-04-11 16:10 - 1799168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 17:12 - 2012-04-11 16:10 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 17:11 - 2012-04-11 16:10 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 17:11 - 2012-04-11 16:10 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 17:09 - 2012-04-11 16:10 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 17:08 - 2012-04-11 16:10 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 17:06 - 2012-04-11 16:10 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 17:04 - 2012-04-11 16:10 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 17:03 - 2012-04-11 16:10 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 17:03 - 2012-04-11 16:10 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 16:59 - 2012-04-11 16:10 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-25 10:17 - 2012-02-25 10:17 - 0051872 ____A C:\Users\Anna-Maria\Downloads\20120225111705794.pdf
2012-02-24 11:56 - 2012-02-24 11:56 - 0328940 ____A C:\Users\Anna-Maria\Downloads\20120224144329192.pdf
2012-02-19 07:56 - 2012-02-19 07:56 - 0220160 ____A C:\Users\Anna-Maria\Downloads\EINSTEIN_FLYER.doc
2012-02-19 07:25 - 2012-02-18 13:48 - 0220160 ____A C:\Users\Anna-Maria\Documents\EINSTEIN FLYER.doc
2012-02-18 13:02 - 2012-02-18 13:03 - 0198138 ____A C:\Users\Anna-Maria\Downloads\Einstein.jpg
2012-02-18 12:59 - 2012-02-18 12:59 - 0198138 ____A C:\Users\Anna-Maria\Downloads\IMG_4397.jpg
2012-02-18 09:14 - 2012-02-18 09:14 - 0123904 ____A C:\Users\Anna-Maria\Documents\Einstein cat.doc
2012-02-18 09:08 - 2012-02-18 09:08 - 0102990 ____A C:\Users\Anna-Maria\Downloads\Einstein rescued cat.jpg
2012-02-18 09:02 - 2012-02-18 09:02 - 0000000 ____D C:\Users\Anna-Maria\Animals
2012-02-18 09:02 - 2008-05-05 10:35 - 0000000 ____D C:\Program Files\Picasa2
2012-02-18 08:57 - 2009-05-23 10:27 - 0000000 ____D C:\Users\Anna-Maria\Documents\SugarBab
2012-02-18 08:54 - 2009-05-23 10:26 - 0000000 ____D C:\Users\Anna-Maria\Documents\MichaelBuble001
2012-02-18 08:54 - 2009-05-23 10:26 - 0000000 ____D C:\Users\Anna-Maria\Documents\ATT1
2012-02-18 08:53 - 2009-05-23 10:26 - 0000000 ____D C:\Users\Anna-Maria\Documents\Jul 07
2012-02-18 08:53 - 2009-05-23 10:26 - 0000000 ____D C:\Users\Anna-Maria\Documents\FLAPPING
2012-02-18 08:50 - 2009-05-23 10:27 - 0000000 ____D C:\Users\Anna-Maria\Documents\pic26299
2012-02-18 08:48 - 2009-05-23 10:25 - 0000000 ____D C:\Users\Anna-Maria\Documents\_KLF8162
2012-02-18 08:47 - 2009-05-23 10:26 - 0000000 ____D C:\Users\Anna-Maria\Documents\Fwd_Fw_Cameraquick!
2012-02-18 08:47 - 2009-05-23 10:26 - 0000000 ____D C:\Users\Anna-Maria\Documents\Frederick Douglass, 1818-1895_ Narrative of the Life of Frederick Douglass, an American Slave_ Written by Himself_files
2012-02-18 08:46 - 2009-05-23 10:26 - 0000000 ____D C:\Users\Anna-Maria\Documents\Mvc-002s
2012-02-18 08:46 - 2009-05-23 10:26 - 0000000 ____D C:\Users\Anna-Maria\Documents\Lucia ca 2005
2012-02-18 08:46 - 2009-05-23 10:25 - 0000000 ____D C:\Users\Anna-Maria\Documents\AOL Downloads
2012-02-18 08:45 - 2009-05-23 10:26 - 0000000 ____D C:\Users\Anna-Maria\Documents\P8260005
2012-02-18 08:45 - 2009-05-23 10:26 - 0000000 ____D C:\Users\Anna-Maria\Documents\Karin Graduation
2012-02-18 08:43 - 2009-05-23 10:26 - 0000000 ____D C:\Users\Anna-Maria\Documents\BizarreC
2012-02-18 08:41 - 2012-02-18 08:41 - 0095837 ____A C:\Users\Anna-Maria\Downloads\photo.JPG
2012-02-18 08:41 - 2012-02-18 08:41 - 0095837 ____A C:\Users\Anna-Maria\Downloads\photo (2).JPG
2012-02-18 08:41 - 2012-02-18 08:41 - 0000000 ___HD C:\Users\Anna-Maria\Downloads\.picasaoriginals
2012-02-17 07:17 - 2012-02-17 07:17 - 4202700 ____A C:\Users\Anna-Maria\Downloads\DSC09566 (1).JPG
2012-02-17 06:55 - 2012-02-17 06:55 - 4495898 ____A C:\Users\Anna-Maria\Downloads\DSC09623 (1).JPG
2012-02-17 06:53 - 2012-02-17 06:53 - 3831154 ____A C:\Users\Anna-Maria\Downloads\DSC09651 (1).JPG
2012-02-17 06:53 - 2012-02-17 06:52 - 4628115 ____A C:\Users\Anna-Maria\Downloads\DSC09565.JPG
2012-02-17 06:53 - 2012-02-17 06:52 - 4495898 ____A C:\Users\Anna-Maria\Downloads\DSC09623.JPG
2012-02-17 06:53 - 2012-02-17 06:52 - 4202700 ____A C:\Users\Anna-Maria\Downloads\DSC09566.JPG
2012-02-17 06:53 - 2012-02-17 06:52 - 4135655 ____A C:\Users\Anna-Maria\Downloads\DSC09611.JPG
2012-02-17 06:53 - 2012-02-17 06:52 - 3831154 ____A C:\Users\Anna-Maria\Downloads\DSC09651.JPG
2012-02-17 06:52 - 2012-02-17 06:52 - 4310018 ____A C:\Users\Anna-Maria\Downloads\DSC09528.JPG
2012-02-16 10:02 - 2012-02-16 10:02 - 0017717 ____A C:\Users\Anna-Maria\Downloads\addendum2.16.2.12.pdf
2012-02-16 10:02 - 2012-02-16 10:02 - 0017717 ____A C:\Users\Anna-Maria\Downloads\addendum2.16.2.12 (1).pdf
2012-02-16 04:15 - 2012-02-16 04:15 - 0008097 ____A C:\Users\Anna-Maria\Downloads\Benedictson_-_repair_work_tile.pdf
2012-02-14 16:37 - 2012-02-14 16:38 - 0941547 ____A C:\Users\Anna-Maria\Downloads\First Thank You to Karin.jpg
2012-02-14 11:21 - 2012-02-14 11:21 - 6568784 ____A C:\Users\Anna-Maria\Downloads\bark_worse_than_bite.wmv
2012-02-13 17:21 - 2012-02-13 17:21 - 0008494 ____A C:\Users\Anna-Maria\Downloads\ATT00013.jpg
2012-02-13 17:21 - 2012-02-13 17:21 - 0008494 ____A C:\Users\Anna-Maria\Downloads\ATT00013 (1).jpg
2012-02-09 04:51 - 2012-02-08 16:38 - 0024064 ____A C:\Users\Anna-Maria\Documents\CHECKLIST FOR KARIN-NC.doc
2012-02-07 04:38 - 2012-02-07 04:38 - 2173701 ____A C:\Users\Anna-Maria\Downloads\Como_ir_de_botellon.wmv
2012-02-07 04:38 - 2012-02-07 04:38 - 2173701 ____A C:\Users\Anna-Maria\Downloads\Como_ir_de_botellon (2).wmv
2012-02-07 04:38 - 2012-02-07 04:38 - 2173701 ____A C:\Users\Anna-Maria\Downloads\Como_ir_de_botellon (1).wmv

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 2813.1 MB
Available physical RAM: 2427.07 MB
Total Pagefile: 2612.97 MB
Available Pagefile: 2473.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.32 MB

======================= Partitions =========================

1 Drive c: (SQ004720V05) (Fixed) (Total:225.52 GB) (Free:152.03 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.32 GB) NTFS
4 Drive f: (NICKS TOOLS) (Removable) (Total:0.94 GB) (Free:0.42 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 968 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 226 GB 1501 MB
Partition 3 Primary 6040 MB 227 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SQ004720V05 NTFS Partition 226 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 967 MB 32 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F NICKS TOOLS FAT Removable 967 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-05-01 05:58

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:41 PM

Posted 02 May 2012 - 05:50 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start

TDL4: custom:26000022
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 NickPower

NickPower
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 02 May 2012 - 06:20 PM

i will not be able to do it until tomorrow, thank you for the fast reply

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:41 PM

Posted 02 May 2012 - 06:23 PM

:thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 NickPower

NickPower
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 03 May 2012 - 08:07 AM

worked great

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:41 PM

Posted 03 May 2012 - 04:59 PM

good to hear, there are a couple more scans I'd like you to perform just to make certain you are clean, please do the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 NickPower

NickPower
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 04 May 2012 - 01:45 PM

combofix will not run, error opening pev.3xe, iexplorer stopped working

wait....it ran

Edited by NickPower, 04 May 2012 - 01:47 PM.


#8 NickPower

NickPower
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 04 May 2012 - 02:02 PM

ComboFix 12-05-04.03 - Anna-Maria 05/04/2012 14:49:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1975 [GMT -4:00]
Running from: c:\users\Anna-Maria\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))
.
.
2012-05-04 18:58 . 2012-05-04 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-04 18:58 . 2012-05-04 18:58 -------- d-----w- c:\users\Anna-Maria\AppData\Local\temp
2012-05-03 19:34 . 2012-05-03 19:34 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-05-03 19:34 . 2012-05-03 19:34 -------- d-----w- c:\program files\Symantec
2012-05-03 19:33 . 2012-05-03 19:33 -------- d-----w- c:\windows\system32\drivers\N360
2012-05-03 19:32 . 2012-05-03 19:32 -------- d-----w- c:\program files\NortonInstaller
2012-05-03 17:14 . 2012-05-03 17:14 -------- d-----w- c:\program files\Common Files\Adobe
2012-05-03 17:12 . 2012-05-03 17:12 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-03 17:12 . 2012-05-03 17:12 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-03 17:11 . 2012-05-03 17:11 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-03 17:11 . 2012-05-03 17:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-03 17:11 . 2012-05-03 17:11 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-03 16:30 . 2012-05-03 16:30 -------- d-----w- c:\windows\CheckSur
2012-05-03 15:48 . 2009-01-15 16:19 23848 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-03 15:48 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-03 15:32 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-05-03 15:31 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-05-03 15:31 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-05-03 14:55 . 2012-05-03 14:55 -------- d-----w- c:\users\Anna-Maria\AppData\Roaming\IObit
2012-05-03 14:20 . 2012-05-03 14:20 -------- d-----w- c:\program files\HitmanPro
2012-05-03 13:12 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-05-03 13:12 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-05-03 13:12 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-03 13:11 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-03 13:10 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-03 13:10 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 18:34 . 2012-05-02 18:34 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-05-02 18:22 . 2012-05-02 18:34 -------- d-----w- c:\programdata\HitmanPro
2012-05-01 17:38 . 2012-05-01 17:38 -------- d-----w- c:\windows\Standalone System Sweeper
2012-05-01 15:35 . 2012-05-01 15:35 -------- d-----w- c:\program files\ESET
2012-04-12 00:09 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 00:09 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 00:09 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 00:09 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 23:38 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-11 19:50 . 2012-04-11 19:59 -------- d-----w- c:\program files\Content Manager
2012-04-10 22:57 . 2012-04-10 22:57 -------- d-----w- c:\program files\goodsearchtb
2012-04-08 00:18 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-04-08 00:18 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-04-05 23:37 . 2012-04-05 23:37 -------- d-----w- C:\found.002
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44520b54-9e1a-420b-aac8-b53721cbd53f}]
2012-04-04 17:40 86696 ----a-w- c:\program files\goodsearchtb\goodsearchDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd9475f4-a228-4e22-8d37-4b52c2054c31}]
2012-04-04 17:40 262312 ----a-w- c:\program files\goodsearchtb\auxi\goodsearchAu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{44520b54-9e1a-420b-aac8-b53721cbd53f}"= "c:\program files\goodsearchtb\goodsearchDx.dll" [2012-04-04 86696]
.
[HKEY_CLASSES_ROOT\clsid\{44520b54-9e1a-420b-aac8-b53721cbd53f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonUpdateAgent"="c:\programdata\Norton\NUA.exe" [2011-10-12 2697656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-05-01 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2012-05-01 17:44 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BankID Security Application.lnk]
backup=c:\windows\pss\BankID Security Application.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-03-19 20:35 716800 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-04-29 17:33 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2009-04-23 17:42 801904 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-05-05 18:34 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-11-01 05:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 22:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 04:01 448080 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 19:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-01 17:52 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-14 14:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-02-06 20:52 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1807422815-738861055-1700803671-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 253088]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 17:11]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 12:22]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 12:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-04 14:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2648)
c:\windows\system32\authui.dll
.
Completion time: 2012-05-04 15:01:06
ComboFix-quarantined-files.txt 2012-05-04 19:01
.
Pre-Run: 197,622,652,928 bytes free
Post-Run: 197,541,576,704 bytes free
.
- - End Of File - - 64EC84FAD381FE9BF910EB00443C2D76

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:41 PM

Posted 04 May 2012 - 07:30 PM

Have you been able to run Malwarebytes and the ESET scan?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:41 PM

Posted 18 May 2012 - 10:19 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users