Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Virus


  • This topic is locked This topic is locked
22 replies to this topic

#1 iamill

iamill

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 03 June 2012 - 04:56 PM

Have been having troubles. Tried to down load new version of AVG. Free edition.. I thought that it was completed and removed old one. As soon as the old one was removed, the computer shutdown. When I restarted it the new avg was not there and it will not let me download it now. My system is not protected and need help. Thanks M.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 03 June 2012 - 07:24 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 08 June 2012 - 10:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

If not already installed get Microsoft Security Essentials.
http://windows.microsoft.com/en-US/windows/products/security-essentials

===

AVG Removal tool. Download the proper tool for you version and run it.
http://www.avg.com/ca-en/utilities
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

#4 iamill

iamill
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 08 June 2012 - 08:57 PM

Thanks for the help. My computer crashed after opening this the first time. Thanks "I"
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by pmfjr at 0:37:42 on 2004-11-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1066 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Caller ID\Caller ID.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps08272011
uWindow Title = Windows Internet Explorer provided by MSN & Bing
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yie6/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [<NO NAME>]
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\pmfjr\startm~1\programs\startup\caller~1.lnk - c:\program files\caller id\Caller ID.exe
StartupFolder: c:\docume~1\pmfjr\startm~1\programs\startup\comcas~1.lnk - c:\program files\comcast universal caller id\Comcast Universal Caller ID.exe
StartupFolder: c:\docume~1\pmfjr\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: Yahoo! Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8F529776-340B-4783-85C0-D3B6114820EC} : DhcpNameServer = 75.75.75.75 75.75.76.76
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 Application Updater;Application Updater;"c:\program files\application updater\applicationupdater.exe" --> c:\program files\application updater\ApplicationUpdater.exe [?]
S2 gupdate1ca350392bb59ea;Google Update Service (gupdate1ca350392bb59ea);c:\program files\google\update\GoogleUpdate.exe [2009-9-13 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-13 133104]
.
=============== Created Last 30 ================
.
2012-06-03 07:10:31 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{7f35b685-57f8-4438-8c2c-ef3259a144d2}\mpengine.dll
2012-05-29 17:42:37 -------- d-----w- c:\program files\ESET
2012-05-28 19:49:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-25 23:35:30 -------- d-----w- C:\c02b5df38a0515e174
2012-05-25 02:01:19 -------- d-----w- c:\documents and settings\pmfjr\application data\Tific
2012-05-25 02:01:06 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\Symantec
2012-05-10 00:53:21 -------- d-----w- c:\program files\Caller ID
2012-05-06 02:25:20 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-03 02:35:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-26 15:41:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-02-15 03:31:15 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 03:31:15 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-03 01:24:37 81920 ------r- c:\program files\mozilla firefox\data\disk1\diagnosis\BrDbgOut.dll
2012-02-03 01:24:37 45056 ------r- c:\program files\mozilla firefox\data\disk1\brolink\Brolink0.exe
2012-02-03 01:24:37 364544 ------r- c:\program files\mozilla firefox\data\disk1\diagnosis\BR_collect.exe
2012-02-03 01:24:37 28944 ------r- c:\program files\mozilla firefox\data\disk1\diagnosis\psapi.dll
2012-02-03 01:24:37 147456 ------r- c:\program files\mozilla firefox\data\disk1\diagnosis\BR_DRV_LOG_OFF.exe
2012-02-03 01:20:50 270336 ----a-w- c:\program files\mozilla firefox\BrScUtil.exe
2012-02-03 01:19:39 6787245 ----a-w- c:\program files\mozilla firefox\CC2update.exe
2011-12-12 05:18:14 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-12-12 05:17:26 -------- d-----w- c:\program files\common files\xing shared
2011-12-12 05:16:58 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-12-12 05:16:40 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-10-24 22:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-19 03:00:54 27888 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-19 02:57:13 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2011-10-19 01:45:16 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-10-14 14:47:29 176128 ------w- c:\windows\system32\dllcache\winmm.dll
2011-09-20 19:52:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-20 18:44:01 -------- d-----w- c:\documents and settings\pmfjr\application data\SUPERAntiSpyware.com
2011-09-20 18:43:27 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-09-13 03:01:41 -------- d-----w- c:\documents and settings\pmfjr\application data\SupportSoft
2011-09-13 03:01:32 -------- d-----w- C:\temp
2011-09-13 03:01:30 -------- d-----w- c:\documents and settings\pmfjr\application data\OpswatLogs
2011-09-13 03:01:10 -------- d-----w- c:\program files\comcast
2011-09-04 23:55:45 92208 ------w- c:\windows\system32\WING.DLL
2011-09-04 23:55:45 6736 ------w- c:\windows\system32\WINGDIB.DRV
2011-09-04 23:55:45 5024 ------w- c:\windows\system32\WINGPAL.WND
2011-09-04 23:55:44 188960 ------w- c:\windows\system32\WINGDE.DLL
2011-09-04 23:55:44 12800 ------w- c:\windows\system32\WING32.DLL
2011-08-28 05:18:45 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2011-08-28 05:18:38 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\ID Vault
2011-08-28 05:17:54 -------- d-----w- c:\documents and settings\pmfjr\application data\ID Vault
2011-08-28 05:16:56 -------- d-----w- c:\program files\Constant Guard Protection Suite
2011-08-28 05:16:40 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
2011-06-30 03:09:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 05:42:11 -------- dc-h--w- c:\windows\ie8
2011-06-19 22:39:16 -------- d-----w- c:\documents and settings\pmfjr\application data\Malwarebytes
2011-06-19 22:39:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-19 22:38:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 22:38:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-16 02:43:32 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-06-16 02:43:29 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-06-16 02:43:25 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-06-16 02:43:19 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2011-06-16 02:43:18 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-06-16 02:43:14 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2011-06-16 02:43:13 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-06-16 02:43:10 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys
2011-06-16 02:43:09 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-06-16 02:43:05 17280 ----a-w- c:\windows\system32\dllcache\scr111.sys
2011-06-16 02:43:02 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
2011-06-16 02:41:59 79872 ----a-w- c:\windows\system32\dllcache\rwia330.dll
2011-06-16 02:40:56 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys
2011-06-16 02:39:58 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll
2011-06-16 02:38:59 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys
2011-06-16 02:37:58 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-06-16 02:36:57 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
2011-06-16 02:35:59 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe
2011-06-16 02:34:59 20573 ----a-w- c:\windows\system32\dllcache\lne100.sys
2011-06-16 02:33:58 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2011-06-16 02:32:59 26624 ----a-w- c:\windows\system32\dllcache\icam3ext.dll
2011-06-16 02:31:59 289887 ----a-w- c:\windows\system32\dllcache\hsf_fall.sys
2011-06-16 02:30:59 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys
2011-06-16 02:29:59 12362 ----a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2011-06-16 02:28:59 70174 ----a-w- c:\windows\system32\dllcache\el98xn5.sys
2011-06-16 02:27:58 110621 ----a-w- c:\windows\system32\dllcache\digirlpt.dll
2011-06-16 02:26:58 6912 ----a-w- c:\windows\system32\dllcache\ctlfacem.sys
2011-06-16 02:25:43 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-06-16 02:24:59 382592 ----a-w- c:\windows\system32\dllcache\atidrab.dll
2011-06-16 02:23:57 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-06-05 20:17:31 -------- d-----w- c:\documents and settings\all users\application data\PrevxCSI
2011-06-05 19:22:37 -------- d-----w- c:\program files\Sophos
2011-05-12 01:46:05 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras
2011-05-03 03:55:48 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\AVG Security Toolbar
2011-04-19 11:47:04 670032 ----a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll
2011-03-06 03:45:06 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\Apple
2011-02-05 20:00:08 -------- d-----w- c:\documents and settings\pmfjr\application data\Nokia Ovi Suite
2011-02-05 19:51:36 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\NokiaAccount
2011-02-05 19:49:31 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\Nokia
2011-02-05 19:45:06 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-02-05 19:45:03 23040 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2011-02-05 19:45:02 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2011-02-05 19:45:01 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-02-05 19:44:22 -------- d-----w- c:\documents and settings\all users\application data\NokiaInstallerCache
2011-02-05 18:53:22 604160 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-02-05 18:53:22 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-02-05 18:53:22 111104 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-02-05 18:35:21 1409 ----a-w- c:\windows\QTFont.for
2011-02-05 18:22:37 765952 ----a-w- c:\windows\system32\msvcp71d.dll
2011-02-05 18:22:37 2174464 ----a-w- c:\windows\system32\mfc71ud.dll
2011-02-05 18:22:36 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2011-02-05 18:22:36 -------- d-----w- c:\program files\Noki
2011-02-05 18:21:41 -------- d-----w- C:\noki
2011-02-05 18:20:09 -------- d-----w- C:\Downloads
2011-01-21 14:44:37 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-12 01:55:33 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\LogiShrd
2011-01-12 01:00:29 -------- d-----w- c:\program files\TeamViewer
2010-12-21 23:55:23 -------- d-----w- c:\program files\Search Toolbar
2010-12-21 21:58:55 -------- d-----w- c:\program files\ezt
2010-12-15 01:38:40 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-05 20:06:46 14416 ----a-w- c:\windows\system32\CTL3D.DLL
2010-12-05 20:02:29 -------- d-----w- c:\program files\Sierra On-Line
2010-12-05 20:02:17 -------- d-----w- c:\program files\Sierra
2010-12-05 18:49:09 -------- d-----w- C:\PrintArttistBackup
2010-12-01 02:53:31 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\WMTools Downloaded Files
2010-11-15 01:20:24 3584 ----a-r- c:\documents and settings\pmfjr\application data\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2010-11-15 01:20:23 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-11-15 01:20:04 -------- d-----w- c:\program files\MSECACHE
2010-11-14 22:32:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-14 22:32:22 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-14 22:32:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-13 20:58:06 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-11-13 20:58:06 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-13 20:17:38 -------- d-----w- c:\documents and settings\pmfjr\application data\TeamViewer
2010-10-22 00:05:56 -------- d-----w- c:\documents and settings\pmfjr\application data\Search Settings
2010-10-19 03:07:01 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2010-10-19 03:02:27 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2010-10-19 02:48:14 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2010-08-27 05:57:43 99840 ------w- c:\windows\system32\dllcache\srvsvc.dll
2010-08-24 19:24:07 -------- d-----w- c:\program files\Conduit Calculator
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-06-25 00:01:58 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\PCHealth
2010-06-18 17:45:17 293376 ------w- c:\windows\system32\dllcache\winsrv.dll
2010-06-11 01:31:47 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-04-16 15:36:56 406016 ------w- c:\windows\system32\dllcache\usp10.dll
2010-03-31 07:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 07:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-30 19:24:40 317440 ------w- c:\windows\system32\dllcache\mp4sdecd.dll
2010-03-29 23:31:47 -------- d-----w- c:\documents and settings\all users\application data\avg9
2010-03-11 04:44:16 -------- d-----w- C:\bd3a0751756053faf9bd8ed0f2fa
2010-02-26 03:04:22 126976 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-15 18:42:43 -------- d-----w- c:\documents and settings\all users\application data\Nokia
2009-11-15 00:40:11 -------- d-----w- c:\program files\common files\Nokia
2009-11-07 08:07:08 49488 ----a-w- c:\windows\system32\netfxperf.dll
2009-11-07 08:07:04 297808 ----a-w- c:\windows\system32\mscoree.dll
2009-11-07 08:06:46 1130824 ----a-w- c:\windows\system32\dfshim.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-02 23:08:52 237072 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 22:21:52 -------- d-----w- c:\documents and settings\pmfjr\application data\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
2009-09-14 13:56:22 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\Real
2009-09-14 06:54:00 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\Temp
2009-09-10 02:04:56 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 01:48:43 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-08 00:19:46 -------- d-----w- c:\windows\pss
2009-09-07 21:05:59 -------- d-----w- C:\Scan
2009-08-22 00:04:02 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-22 00:01:34 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-08-21 23:59:17 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 23:59:17 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-08-21 23:59:17 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 23:59:17 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-21 23:59:16 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-21 23:59:16 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 23:59:15 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-21 23:59:15 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 23:59:13 -------- d-----w- C:\714752cc0fa47993136e
2009-08-08 01:31:42 -------- d-sh--w- c:\documents and settings\pmfjr\PrivacIE
2009-08-08 01:31:27 -------- d-sh--w- c:\documents and settings\pmfjr\IECompatCache
2009-08-07 02:24:18 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2009-08-07 02:24:12 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-08-07 02:24:06 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-08-07 02:24:00 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2009-07-27 23:17:41 135168 ------w- c:\windows\system32\dllcache\shsvcs.dll
2009-07-21 08:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-06-25 08:25:26 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2009-06-21 05:41:10 -------- d-sh--w- c:\documents and settings\pmfjr\IETldCache
2009-06-21 05:34:04 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-21 05:34:01 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-21 05:33:54 -------- d-----w- c:\windows\ie8updates
2009-06-21 05:33:03 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-16 14:36:30 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-06-12 12:31:39 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-06-10 16:19:38 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 06:14:49 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2009-05-22 03:41:34 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-04-16 16:34:38 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 16:34:37 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 16:32:58 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-04-16 16:32:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-04-14 00:42:45 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-04-14 00:42:43 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-04-14 00:42:43 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-04-14 00:42:34 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-04-04 01:20:48 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\OLYMPUS
2009-03-08 21:22:30 49152 ------w- c:\windows\system32\msrating.dll.mui
2009-03-08 21:22:18 2560 ------w- c:\windows\system32\mshta.exe.mui
2009-03-08 21:21:06 4096 ------w- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 21:20:54 81920 ------w- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 11:35:32 743424 ------w- c:\program files\internet explorer\iedvtool.dll
2009-03-08 11:35:12 233984 ------w- c:\program files\internet explorer\jsprofilerui.dll
2009-03-08 11:35:04 7680 ------w- c:\program files\internet explorer\iecompat.dll
2009-03-08 11:35:04 144384 ------w- c:\program files\internet explorer\ExtExport.exe
2009-03-08 11:35:04 118272 ------w- c:\program files\internet explorer\JSProfilerCore.dll
2009-03-08 11:35:02 521216 ------w- c:\program files\internet explorer\jsdbgui.dll
2009-03-08 11:35:02 121344 ------w- c:\program files\internet explorer\jsdebuggeride.dll
2009-03-08 11:33:40 18944 ------w- c:\windows\system32\dllcache\corpol.dll
2009-03-08 11:33:18 12800 ------w- c:\program files\internet explorer\xpshims.dll
2009-02-24 06:41:49 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-02-24 06:41:49 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-02-24 06:41:49 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-02-24 01:03:14 -------- d-----w- c:\program files\support.com
2009-02-08 04:40:25 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\Apple Computer
2009-01-29 03:38:20 -------- d-----w- c:\program files\common files\muvee Technologies
2009-01-29 03:33:54 95744 ----a-r- c:\windows\system32\atl80.dll
2009-01-29 03:33:53 626688 ----a-r- c:\windows\system32\msvcr80.dll
2009-01-29 03:33:52 548864 ----a-r- c:\windows\system32\msvcp80.dll
2009-01-29 03:33:51 1079808 ----a-r- c:\windows\system32\mfc80u.dll
2009-01-29 02:48:10 -------- d-----w- c:\program files\OLYMPUS
2009-01-08 01:20:54 134144 ------w- c:\windows\system32\dllcache\sqmapi.dll
2009-01-08 01:20:54 134144 ------w- c:\program files\internet explorer\sqmapi.dll
2009-01-08 01:20:52 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-01-08 01:20:52 1497088 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-01-08 01:20:52 1022976 ------w- c:\windows\system32\dllcache\browseui.dll
2009-01-08 01:20:18 355832 ------w- c:\program files\internet explorer\pdm.dll
2009-01-08 01:20:18 265720 ----a-w- c:\windows\system32\msdbg2.dll
2008-12-16 12:30:34 354816 ------w- c:\windows\system32\dllcache\winhttp.dll
2008-10-19 02:09:01 1862272 ------w- c:\windows\system32\dllcache\win32k.sys
2008-10-19 01:32:33 2148352 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-19 01:32:30 2026496 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-19 01:27:57 357888 ------w- c:\windows\system32\dllcache\srv.sys
2008-09-07 00:27:55 -------- d-----w- c:\windows\system32\scripting
2008-09-07 00:27:54 -------- d-----w- c:\windows\l2schemas
2008-09-07 00:27:51 -------- d-----w- c:\windows\system32\en
2008-09-07 00:27:50 -------- d-----w- c:\windows\system32\bits
2008-09-07 00:19:02 -------- d-----w- c:\windows\ServicePackFiles
2008-09-07 00:00:35 -------- d-----w- c:\windows\EHome
2008-09-05 08:27:03 276992 ------w- c:\windows\system32\wmphoto.dll
2008-09-05 08:25:59 29184 ----a-w- c:\windows\system32\dllcache\rw330ext.dll
2008-09-05 08:24:59 76800 ----a-w- c:\windows\system32\dllcache\msshamsg.dll
2008-09-05 08:23:50 61440 ----a-w- c:\windows\system32\dllcache\kmsvc.dll
2008-09-05 08:22:58 94208 ----a-w- c:\windows\system32\dllcache\eappgnui.dll
2008-09-05 08:21:59 3775 ----a-w- c:\windows\system32\dllcache\adv11nt5.dll
2008-08-23 02:27:53 -------- d-----w- c:\program files\Nokia
2008-08-12 05:26:08 -------- d-----w- c:\program files\AVG
2008-07-30 04:10:04 73720 ----a-w- c:\windows\system32\dxva2.dll
2008-07-30 04:10:04 493048 ----a-w- c:\windows\system32\evr.dll
2008-07-30 04:10:04 26112 ----a-w- c:\windows\system32\TsWpfWrp.exe
2008-07-30 02:59:58 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2008-07-30 02:59:58 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2008-07-30 02:59:58 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-30 02:24:50 97800 ----a-w- c:\windows\system32\infocardapi.dll
2008-07-30 02:24:50 622080 ----a-w- c:\windows\system32\icardagt.exe
2008-07-30 02:24:50 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2008-07-30 02:24:50 11264 ----a-w- c:\windows\system32\icardres.dll
2008-07-29 12:49:58 586240 ----a-w- c:\windows\system32\icardres.dll.mui
2008-07-25 18:16:58 83968 ----a-w- c:\windows\system32\mscories.dll
2008-07-25 18:16:58 158720 ----a-w- c:\windows\system32\mscorier.dll
2008-07-25 18:16:58 158720 ----a-w- c:\program files\internet explorer\mui\0409\mscorier.dll
2008-06-20 11:51:12 361600 ------w- c:\windows\system32\dllcache\tcpip.sys
2008-06-20 11:08:27 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2008-06-17 19:02:19 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2008-06-11 04:10:26 272128 ----a-w- c:\windows\system32\dllcache\bthport.sys
2008-06-11 04:10:26 272128 ------w- c:\windows\system32\drivers\bthport.sys
2008-06-02 00:30:35 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2008-05-09 10:53:40 90112 ------w- c:\windows\system32\dllcache\wshext.dll
2008-05-08 11:24:44 155648 ------w- c:\windows\system32\dllcache\wscript.exe
2008-03-22 13:46:01 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2008-03-22 13:46:00 274288 ----a-w- c:\windows\system32\mucltui.dll
2008-03-22 06:18:53 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-03-14 04:07:05 -------- d-----w- c:\documents and settings\pmfjr\application data\Grisoft
2008-02-12 02:28:49 -------- d-----w- c:\documents and settings\all users\application data\Grisoft
2008-01-31 18:03:57 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\SupportSoft
2008-01-31 10:39:21 -------- d-----w- c:\program files\Dell Support Center
2008-01-31 10:38:00 -------- d-----w- c:\program files\common files\supportsoft
2008-01-14 04:31:16 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2008-01-14 04:31:16 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2008-01-14 04:31:15 445952 ----a-w- c:\windows\system32\dllcache\ieapfltr.dll
2008-01-14 04:31:15 3698584 ----a-w- c:\windows\system32\dllcache\ieapfltr.dat
2008-01-14 04:31:15 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2008-01-14 04:31:15 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2008-01-14 04:31:15 11082752 ------w- c:\windows\system32\dllcache\ieframe.dll
2008-01-14 04:31:14 59904 ----a-w- c:\windows\system32\dllcache\icardie.dll
2008-01-14 04:21:51 -------- d-----w- c:\windows\network diagnostic
2007-08-14 02:54:10 33792 ------w- c:\program files\internet explorer\custsat.dll
2007-08-14 02:54:10 247808 ------w- c:\program files\internet explorer\ieproxy.dll
2007-08-14 02:54:10 236544 ----a-w- c:\windows\system32\dllcache\webcheck.dll
2007-08-14 02:40:52 1241088 ----a-w- c:\windows\system32\ieframe.dll.mui
2007-08-14 02:38:48 10240 ----a-w- c:\windows\system32\advpack.dll.mui
2007-08-09 21:03:28 -------- d-----w- c:\documents and settings\pmfjr\application data\Uniblue
2007-07-31 02:18:34 215920 ----a-w- c:\windows\system32\muweb.dll
2007-04-14 01:37:13 -------- d-----w- c:\program files\DellSupport
2007-03-22 23:26:23 -------- d-----w- c:\program files\Windows Media Connect 2
2007-03-22 21:00:52 5360464 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2007-03-22 21:00:43 -------- d-----w- C:\c5cbd7a86310a62d78e9a0dcfd07
2007-03-16 01:17:08 336768 ------w- c:\windows\system32\dllcache\WgaTray.exe
2007-03-16 01:16:42 236928 ------w- c:\windows\system32\dllcache\WgaLogon.dll
2007-03-13 23:39:26 637272 ----a-w- c:\program files\common files\microsoft shared\dw\DW20.EXE
2007-03-13 23:38:56 43360 ----a-w- c:\program files\common files\microsoft shared\dw\DWDCW20.DLL
2007-03-13 23:38:52 39264 ----a-w- c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE
2007-03-08 08:57:54 51560 ----a-w- c:\program files\windows defender\MpAsDesc.dll
2007-03-08 08:57:52 629096 ----a-w- c:\program files\windows defender\MsMpRes.dll
2007-03-08 08:57:52 28520 ----a-w- c:\program files\windows defender\mpevmsg.dll
2007-03-08 00:44:18 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\default\MpEngine.dll
2007-02-28 19:14:48 -------- d-----w- c:\windows\Twain32
2007-02-25 19:10:48 5376 --s-a-w- c:\windows\system32\drivers\dsunidrv.sys
2007-02-22 04:20:41 -------- d-----w- c:\program files\MSXML 4.0
2007-02-22 04:20:32 -------- d-----w- C:\1bda7d10d198e2e579bc731a
2007-01-11 21:43:05 -------- d-----w- c:\program files\Microsoft Money
2007-01-10 05:22:54 460080 ----a-w- c:\program files\windows defender\LegitLib.dll
2006-12-19 18:08:07 758784 ----a-w- c:\windows\system32\dllcache\vgx.dll
2006-11-23 19:11:32 -------- d-----w- c:\program files\FilmLoop Player
2006-11-04 01:20:52 11032 ----a-w- c:\program files\windows defender\MsMpLics.dll
2006-11-04 01:20:12 866584 ----a-w- c:\program files\windows defender\MSASCui.exe
2006-11-04 01:20:12 693016 ----a-w- c:\program files\windows defender\MpRtMon.dll
2006-11-04 01:20:10 513816 ----a-w- c:\program files\windows defender\MpSoftEx.dll
2006-11-04 01:20:08 320280 ----a-w- c:\program files\windows defender\MpClient.dll
2006-11-04 01:20:06 293144 ----a-w- c:\program files\windows defender\MpCmdRun.exe
2006-11-04 01:20:06 271128 ----a-w- c:\program files\windows defender\MpSvc.dll
2006-11-04 01:20:06 215320 ----a-w- c:\program files\windows defender\MsMpCom.dll
2006-11-04 01:20:04 140056 ----a-w- c:\program files\windows defender\MpSigDwn.dll
2006-11-04 01:20:02 85272 ----a-w- c:\program files\windows defender\MpOAv.dll
2006-11-04 01:20:00 83224 ----a-w- c:\program files\windows defender\MpShHook.dll
2006-11-04 01:19:58 13592 ----a-w- c:\program files\windows defender\MsMpEng.exe
2006-11-04 01:19:56 52504 ----a-w- c:\program files\windows defender\MpRtPlug.dll
2006-11-02 14:22:54 444136 ------w- c:\windows\system32\drivers\wdf01000.sys
2006-11-02 14:22:52 37608 ------w- c:\windows\system32\drivers\wdfldr.sys
2006-10-30 03:55:41 -------- d-----w- C:\9c8092baf4f28c6804068b7616
2006-10-19 03:05:26 204288 ------w- c:\program files\windows media player\wmpnscfg.exe
2006-10-19 03:05:24 913408 ------w- c:\program files\windows media player\wmpnetwk.exe
2006-10-19 03:04:40 493568 ------w- c:\program files\windows media player\wmdbexport.exe
2006-10-19 03:04:30 36864 ------w- c:\program files\windows media player\wmpshare.exe
2006-10-19 03:00:46 249856 ------w- c:\windows\system32\drmupgds.exe
2006-10-19 03:00:14 17408 ------w- c:\windows\system32\wpdshextautoplay.exe
2006-10-02 22:28:42 312128 ------w- c:\windows\system32\msdelta.dll
2006-09-29 03:13:26 39936 ------w- c:\windows\system32\WUDFCoinstaller.dll
2006-09-29 02:00:34 132224 ------w- c:\windows\system32\drivers\WudfRd.sys
2006-09-29 01:56:38 567808 ------w- c:\windows\system32\WUDFx.dll
2006-09-29 01:56:38 195584 ------w- c:\windows\system32\WudfHost.exe
2006-09-29 01:56:16 148480 ------w- c:\windows\system32\WudfPlatform.dll
2006-09-29 01:56:14 64512 ------w- c:\windows\system32\WudfSvc.dll
2006-09-29 01:55:50 91904 ------w- c:\windows\system32\drivers\WudfPf.sys
2006-08-24 23:15:06 150808 ----a-w- c:\windows\system32\rgb9rast_2.dll
2006-07-24 10:00:00 36528 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2006-07-24 10:00:00 2560 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2006-07-24 10:00:00 2432 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2006-07-20 00:27:24 158456 ----a-w- c:\windows\system32\pxwma.dll
2006-06-29 16:05:44 26112 ----a-w- c:\windows\system32\idndl.dll
2006-06-29 16:05:44 23552 ----a-w- c:\windows\system32\normaliz.dll
2006-06-29 01:59:26 24576 ----a-w- c:\windows\system32\nlsdl.dll
2006-06-28 02:00:26 410928 ------w- c:\program files\windows media player\LegitLibM.dll
2006-04-30 06:27:52 135168 ----a-w- c:\windows\system32\igfxres.dll
2006-03-17 00:38:01 28672 ------w- c:\windows\system32\verclsid.exe
2006-02-04 23:56:41 -------- d-----w- c:\documents and settings\pmfjr\application data\POPFile
2006-02-04 23:55:17 -------- d-----w- c:\program files\POPFile
2006-02-03 07:14:09 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\Mozilla
2006-01-07 05:54:53 -------- d-----w- c:\program files\OfficeUpdate11
2006-01-07 04:51:59 7882 ----a-w- c:\windows\system32\GTKCMOS.sys
2006-01-07 04:51:59 7626 ----a-w- c:\windows\system32\GPCIEnum.sys
2006-01-07 04:51:59 7168 ----a-w- c:\windows\system32\DLPT64.sys
2006-01-07 04:51:59 6656 ----a-w- c:\windows\system32\DLPT2.sys
2006-01-07 04:51:59 5632 ----a-w- c:\windows\system32\GPCIEn64.sys
2006-01-07 04:51:59 5120 ----a-w- c:\windows\system32\GTKCMO64.sys
2006-01-07 04:51:59 4608 ----a-w- c:\windows\system32\DDMI64.sys
2006-01-07 04:51:59 1650688 ----a-w- c:\windows\system32\qdiagdwc.ocx
2006-01-07 04:48:29 184320 ----a-w- c:\windows\system32\gtdownde_110.ocx
2006-01-05 04:03:37 -------- d-----w- C:\CRIBPRO
2006-01-05 04:02:44 27632 ------w- c:\windows\system\ctl3dv2.dll
2005-12-31 22:30:57 -------- d-----w- C:\win98 start-up disk
2005-10-28 18:01:30 -------- d-----w- c:\program files\Tiff Surfer
2005-10-24 01:18:16 -------- d-----w- c:\windows\system32\LogFiles
2005-10-24 00:13:22 -------- d-----w- C:\Zip drive
2005-10-24 00:12:13 17664 ----a-w- c:\windows\system32\drivers\ppa3.sys
2005-10-24 00:12:13 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys
2005-10-23 22:30:54 -------- d--h--w- c:\windows\PIF
2005-10-23 05:22:09 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2005-10-23 05:22:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2005-10-23 04:14:16 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2005-10-23 04:14:16 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2005-10-23 04:13:16 52224 ----a-w- c:\windows\system32\BrNetSti.dll
2005-10-23 04:13:16 33792 ----a-w- c:\windows\system32\BrWiaNCp.dll
2005-10-23 04:13:16 31232 ----a-w- c:\windows\system32\Brnsplg.dll
2005-10-23 04:13:16 155648 ----a-w- c:\windows\system32\NSSearch.dll
2005-10-23 04:13:16 106496 ----a-w- c:\windows\system32\BrMuSNMP.dll
2005-10-23 00:04:24 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\PowerDVD
2005-10-22 19:43:28 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\Google
2005-10-22 19:42:44 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll
2005-10-22 19:42:44 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll
2005-10-22 19:42:44 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
2005-10-22 19:42:44 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll
2005-10-22 19:42:44 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll
2005-10-22 19:42:44 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll
2005-10-22 19:42:43 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll
2005-09-20 16:52:34 61440 ----a-w- c:\windows\system32\iAlmCoIn_v4396.dll
2005-09-20 16:44:50 524288 ----a-w- c:\windows\system32\igldev32.dll
2005-09-20 16:43:00 2310144 ----a-w- c:\windows\system32\iglicd32.dll
2005-09-20 16:36:46 143360 ----a-w- c:\windows\system32\igfxrrus.lrc
2005-09-20 16:32:16 159744 ----a-w- c:\windows\system32\igfxsrvc.exe
2005-08-30 03:10:01 -------- d-----w- c:\windows\system32\PreInstall
2005-08-08 18:41:41 -------- d-----w- c:\program files\Snapshot Viewer
2005-07-18 17:43:52 146976 ----a-w- c:\windows\system\MFCOLEUI.DLL
2005-07-18 17:43:52 125344 ----a-w- c:\windows\system\MFCO250.DLL
2005-07-18 17:43:52 11072 ----a-w- c:\windows\system\MFCN250.DLL
2005-07-18 17:43:51 51920 ----a-w- c:\windows\system\MFCD250.DLL
2005-07-18 17:43:51 320880 ----a-w- c:\windows\system\MFC250.DLL
2005-07-18 17:43:50 291600 ----a-w- c:\windows\system\WININET.DLL
2005-07-13 05:31:42 -------- d-----w- c:\program files\Microsoft Expedia Streets & Trips
2005-07-04 20:25:08 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\Help
2005-07-04 20:14:37 -------- d-----w- C:\SIERRA
2005-07-04 20:13:44 -------- d-----w- c:\documents and settings\pmfjr\WINDOWS
2005-06-18 18:47:11 -------- d-----w- c:\program files\CCleaner
2005-06-18 04:32:40 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2005-06-17 18:40:10 23304 ----a-w- c:\windows\system32\GWFSPidGen.DLL
2005-06-13 18:59:44 -------- d-----r- c:\documents and settings\pmfjr\application data\Brother
2005-06-10 01:04:35 7008 ----a-w- c:\windows\system\SETUPKIT.DLL
2005-06-10 01:04:35 69421 ----a-w- c:\windows\PUTESORB.EXE
2005-06-10 01:04:35 398416 ----a-w- c:\windows\system\VBRUN300.DLL
2005-06-10 01:04:35 19104 ----a-w- c:\windows\system\ALAINSTL.DLL
2005-06-08 22:55:51 -------- d-----w- C:\old 98 files
2005-06-07 02:32:25 107134 ----a-w- c:\windows\UninstallFirefox.exe
2005-06-05 06:09:31 -------- d-----w- C:\Yahoo!
2005-06-05 06:09:31 -------- d-----w- C:\Links
2005-06-05 05:48:50 -------- d-----w- c:\windows\Windows Update Setup Files
2005-06-05 05:39:24 -------- d-----w- c:\program files\common files\Scanner
2005-06-05 04:32:08 57344 ----a-w- c:\windows\system32\brsvc01a.exe
2005-06-05 04:32:08 51712 ----a-w- c:\windows\system32\drivers\BrSerIf.sys
2005-06-05 04:32:08 45056 ----a-w- c:\windows\system32\brss01a.exe
2005-06-05 04:32:08 26285 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\brmfpp1.dll
2005-06-05 04:32:08 258048 ----a-w- c:\windows\system32\bsplmf01.dll
2005-06-05 04:32:08 131072 ----a-w- c:\windows\system32\bsplmf01.exe
2005-06-05 04:32:08 11648 ----a-w- c:\windows\system32\drivers\BrUsbSer.sys
2005-06-05 04:32:07 65536 ----a-w- c:\windows\system32\Brmfrmps.exe
2005-06-05 04:32:07 51200 ------w- c:\windows\system32\brinsstr.dll
2005-06-05 04:30:10 53248 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
2005-06-05 04:30:07 114688 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
2005-06-05 04:29:26 -------- d-----w- c:\program files\common files\ScanSoft Shared
2005-06-05 04:29:21 -------- d-----w- c:\program files\ScanSoft
2005-06-05 04:28:13 -------- d-----w- c:\documents and settings\all users\application data\Brother
2005-06-05 04:26:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2005-06-05 04:25:57 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2005-06-05 03:24:39 -------- d-----w- c:\program files\common files\SWF Studio
2005-06-05 02:13:01 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\RcIncidents
2005-06-05 01:49:12 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\Identities
2005-06-05 01:19:01 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\BVRP Software
2005-06-05 00:34:14 -------- d-----w- c:\documents and settings\pmfjr\application data\Symantec
2005-06-05 00:34:04 -------- d-----w- c:\documents and settings\all users\application data\Symantec
2005-06-05 00:33:42 -------- d-----w- c:\program files\common files\Symantec Shared
2005-06-05 00:31:12 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2005-06-05 00:31:11 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2005-06-05 00:31:10 -------- d-----w- c:\windows\system32\SoftwareDistribution
2005-06-05 00:19:13 -------- d-sh--w- c:\documents and settings\pmfjr\UserData
2005-06-05 00:14:56 -------- d-----w- c:\program files\Yahoo!
2005-06-05 00:09:58 -------- d-----w- c:\windows\cache
2005-06-05 00:00:39 -------- d-----w- c:\documents and settings\pmfjr\application data\EarthLink Toolbar
2005-06-04 21:55:17 -------- d-----w- c:\documents and settings\pmfjr\application data\Earthlink
2005-06-04 21:53:35 -------- d-----w- c:\program files\EarthLink TotalAccess
2005-06-04 21:50:39 -------- d-----w- c:\documents and settings\pmfjr\local settings\application data\Adobe
2005-06-04 18:59:42 -------- d-----w- c:\documents and settings\pmfjr\application data\McAfee.com Personal Firewall
2005-04-24 14:13:17 -------- d-----w- c:\program files\common files\Sonic Shared
2005-04-24 14:12:23 339968 ----a-w- c:\windows\system32\cdintf.dll
2005-04-24 14:12:10 -------- d-----w- c:\windows\Intuit
2005-04-24 14:10:27 -------- d-----w- c:\program files\common files\Intuit
2005-04-24 14:09:34 -------- d-----w- c:\program files\Intuit
2005-04-24 14:09:28 -------- d-----w- c:\documents and settings\all users\application data\Intuit
2005-04-24 14:08:38 -------- d-----w- c:\windows\occache
2005-04-24 14:08:33 1483264 ----a-w- c:\windows\system32\shdocvw.bak
2005-04-24 14:08:13 -------- d-----w- c:\program files\common files\Nullsoft
2005-04-24 14:08:06 -------- d-----w- C:\My Music
2005-04-24 14:08:00 -------- d-----w- c:\program files\common files\Real
2005-04-24 14:07:14 29184 ----a-w- c:\windows\system32\popup.ocx
2005-04-24 14:07:14 1060864 ----a-w- c:\windows\system32\mfc71.dll
2005-04-24 14:06:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2005-04-24 14:06:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2005-04-24 14:06:27 -------- d-----w- c:\program files\common files\AOL
2005-04-24 14:05:09 -------- d-----w- c:\documents and settings\all users\application data\McAfee.com
2005-04-24 14:04:58 -------- d-----w- c:\program files\McAfee.com
2005-04-24 14:04:39 -------- d-----w- c:\program files\Dell
2005-04-24 14:04:25 108544 ------w- c:\windows\system32\pxcpyi64.exe
2005-04-24 14:04:25 104960 ------w- c:\windows\system32\pxinsi64.exe
2005-04-24 14:02:48 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2005-04-24 14:02:48 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2005-04-24 14:02:48 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2005-04-24 14:02:48 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2005-04-24 14:02:48 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2005-04-24 14:02:48 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2005-04-24 14:02:47 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2005-04-24 14:02:47 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2005-04-24 14:02:44 -------- d-----w- c:\program files\Dell Inc
2005-04-24 14:01:19 -------- d-----w- c:\program files\Jasc Software Inc
2005-04-24 14:00:17 -------- d-----w- c:\program files\Microsoft Plus! Digital Media Edition
.
==================== Find3M ====================
.
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-14 14:47:29 23040 ----a-w- c:\windows\system32\mciseq.dll
2011-10-14 14:47:29 176128 ----a-w- c:\windows\system32\winmm.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-17 13:18:03 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 17:32:15 551936 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-02 15:17:02 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 16:17:24 143422 ----a-w- c:\windows\system32\l3codecx.ax
2010-06-14 14:31:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-04-16 15:36:56 406016 ----a-w- c:\windows\system32\usp10.dll
2010-03-30 19:24:40 317440 ------w- c:\windows\system32\mp4sdecd.dll
2010-03-30 07:52:26 262416 ----a-w- c:\windows\system32\mpg4ds32.ax
2010-03-05 14:37:40 65536 ----a-w- c:\windows\system32\asycfilt.dll
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-29 14:43:39 307260 ----a-w- c:\windows\system32\l3codeca.acm
2010-01-13 14:01:25 86016 ----a-w- c:\windows\system32\cabview.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 15:51:04 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 16:28:26 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 14:46:07 282654 ----a-w- c:\windows\system32\msaud32.acm
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 02:24:10 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 18:05:44 1372672 ------w- c:\windows\system32\msxml6.dll
2009-07-17 19:01:06 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22:18 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-14 06:43:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 08:25:26 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25:26 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-24 11:18:41 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31:39 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 06:14:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-05-07 15:32:35 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-20 17:17:26 45568 ----a-w- c:\windows\system32\dnsrslvr.dll
2009-04-02 06:02:22 604160 ----a-w- c:\windows\system32\wmspdmod.dll
2009-03-08 11:33:40 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:32:56 72704 ----a-w- c:\windows\system32\admparse.dll
.
============= FINISH: 0:40:05.34 ===============

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 09 June 2012 - 06:31 AM

Nothing suspicious was found on your DDS log.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs and let me know if the problem persists.

#6 iamill

iamill
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 09 June 2012 - 06:43 PM

I did not read the entire contents of your instructions first. I ran the combofix and then the security check. As a result I may have to do it over. Please let me know. Thanks "I"
here are the logs requested.
ComboFix 12-06-09.02 - pmfjr 11/08/2004 0:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1374 [GMT -8:00]
Running from: c:\documents and settings\pmfjr\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\QTSBandwidthCache
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\v42nkq310vj50eh546811hf52l0sm7doe7
c:\documents and settings\pmfjr\Templates\v42nkq310vj50eh546811hf52l0sm7doe7
c:\documents and settings\pmfjr\WINDOWS
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system\winspool.drv
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll
.
.
((((((((((((((((((((((((( Files Created from 2004-10-08 to 2004-11-08 )))))))))))))))))))))))))))))))
.
.
2012-05-28 19:49 . 2012-05-28 19:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-25 23:35 . 2012-05-25 23:35 -------- d-----w- C:\c02b5df38a0515e174
2011-09-13 03:01 . 2011-12-12 05:11 -------- d-----w- C:\temp
2011-02-05 18:21 . 2011-02-05 18:21 -------- d-----w- C:\noki
2011-02-05 18:20 . 2011-11-29 01:01 -------- d-----w- C:\Downloads
2010-12-05 18:49 . 2010-12-05 18:49 -------- d-----w- C:\PrintArttistBackup
2010-03-11 04:44 . 2010-03-11 04:46 -------- d-----w- C:\bd3a0751756053faf9bd8ed0f2fa
2009-09-18 00:37 . 2009-09-18 00:37 -------- d-----w- C:\MITCHELL
2009-09-07 21:05 . 2009-09-08 00:08 -------- d-----w- C:\Scan
2009-08-21 23:59 . 2009-08-22 00:01 -------- d-----w- C:\714752cc0fa47993136e
2007-03-22 21:00 . 2007-03-22 21:00 -------- d-----w- C:\c5cbd7a86310a62d78e9a0dcfd07
2007-02-22 04:20 . 2007-02-22 04:20 -------- d-----w- C:\1bda7d10d198e2e579bc731a
2006-10-30 03:55 . 2006-10-30 03:55 -------- d-----w- C:\9c8092baf4f28c6804068b7616
2006-01-05 04:03 . 2006-01-05 05:16 -------- d-----w- C:\CRIBPRO
2005-12-31 22:30 . 2005-12-31 22:33 -------- d-----w- C:\win98 start-up disk
2005-10-24 00:13 . 2005-10-24 00:13 -------- d-----w- C:\Zip drive
2005-07-04 20:14 . 2011-09-05 00:02 -------- d-----w- C:\SIERRA
2005-06-08 22:55 . 2005-06-08 23:07 -------- d-----w- C:\old 98 files
2005-06-05 06:09 . 2005-06-05 06:09 -------- d-----w- C:\Yahoo!
2005-06-05 06:09 . 2005-06-05 06:09 -------- d-----w- C:\Links
2005-06-05 04:31 . 2005-10-23 04:13 -------- d-----w- C:\Brother
2005-04-24 14:08 . 2005-04-24 14:08 -------- d-----w- C:\My Music
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:12 . 2004-08-04 10:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2004-08-04 10:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-04 10:00 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01 . 2004-08-04 10:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 10:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 10:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2012-01-09 16:20 . 2004-08-04 10:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-11-25 21:57 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-18 12:35 . 2004-08-04 10:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-04 10:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-04 10:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-03 15:28 . 2004-08-04 10:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-04 10:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-04 10:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-18 11:13 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-14 14:47 . 2004-08-04 10:00 23040 ----a-w- c:\windows\system32\mciseq.dll
2011-10-14 14:47 . 2004-08-04 10:00 176128 ----a-w- c:\windows\system32\winmm.dll
2011-10-10 14:22 . 2004-08-04 10:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-17 13:49 . 2004-08-04 10:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-03-04 06:37 . 2004-08-04 10:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-17 13:18 . 2004-08-04 10:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-15 12:56 . 2004-08-04 10:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-04 10:00 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-08 13:33 . 2004-08-04 10:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2004-08-04 10:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-04 10:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 17:32 . 2004-08-04 10:00 551936 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15 . 2004-08-04 10:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-11-18 18:12 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-04 10:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-02 15:17 . 2004-08-04 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 08:02 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12 . 2004-08-04 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 10:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-06-17 14:03 . 2004-08-04 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 16:17 . 2004-08-04 10:00 143422 ----a-w- c:\windows\system32\l3codecx.ax
2010-06-14 14:31 . 2004-08-04 10:00 744448 ----a-w- c:\windows\pchealth\HELPCTR\BINARIES\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-04-16 15:36 . 2004-08-04 10:00 406016 ----a-w- c:\windows\system32\usp10.dll
2010-03-30 07:52 . 2004-08-04 10:00 262416 ----a-w- c:\windows\system32\mpg4ds32.ax
2010-03-05 14:37 . 2004-08-04 10:00 65536 ----a-w- c:\windows\system32\asycfilt.dll
2010-02-12 04:33 . 2004-08-04 10:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 10:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-29 14:43 . 2004-08-04 10:00 307260 ----a-w- c:\windows\system32\l3codeca.acm
2010-01-13 14:01 . 2004-08-04 10:00 86016 ----a-w- c:\windows\system32\cabview.dll
2009-12-16 18:43 . 2004-08-04 10:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-11-27 17:11 . 2004-08-04 10:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-04 10:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 10:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-04 10:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 10:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-04 10:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 16:28 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-10-13 10:30 . 2004-08-04 10:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 14:46 . 2004-08-04 10:00 282654 ----a-w- c:\windows\system32\msaud32.acm
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 02:24 . 2004-08-04 10:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2004-08-04 10:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2004-08-04 10:00 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2009-08-07 02:24 . 2004-08-04 10:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2004-08-04 10:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2004-08-04 10:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22 . 2004-08-04 10:00 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-14 06:43 . 2004-08-04 10:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 08:25 . 2004-08-04 10:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 10:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-24 11:18 . 2004-08-04 10:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31 . 2004-08-04 10:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 06:14 . 2004-08-04 10:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-20 17:17 . 2004-08-04 10:00 45568 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-01-31 703360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-28 3905920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-12 296056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\pmfjr\Start Menu\Programs\Startup\
Caller ID.lnk - c:\program files\Caller ID\Caller ID.exe [2012-5-9 74752]
Comcast Universal Caller ID.lnk - c:\program files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe [N/A]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2005-6-4 819200]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\igfxsrvc.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 2:00 AM 14336]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 5:19 PM 13592]
S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]
S2 gupdate1ca350392bb59ea;Google Update Service (gupdate1ca350392bb59ea);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2009 10:20 PM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 6:35 PM 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2009 10:20 PM 133104]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-30 c:\windows\Tasks\About Dell Support Center.job
- c:\documents and settings\All Users\Start Menu\Programs\Dell Support Center\About Dell Support Center.lnk [2008-01-31 10:42]
.
2004-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:25]
.
2012-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2012-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-02 05:01]
.
2004-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 06:19]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 06:19]
.
2004-11-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
2004-11-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-421708231-1707030445-3758243908-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2004-11-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-421708231-1707030445-3758243908-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2011-08-15 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-09-24 22:31]
.
2011-08-15 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-09-24 22:31]
.
2012-05-07 c:\windows\Tasks\System Restore.job
- c:\windows\SYSTEM32\Restore\RSTRUI.EXE [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps08272011
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yie6/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Yahoo! Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-MSMONEYV4 - c:\program files\Microsoft Money\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2004-11-08 00:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-421708231-1707030445-3758243908-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2160)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\windows\SYSTEM32\Brmfrmps.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
.
**************************************************************************
.
Completion time: 2004-11-08 00:34:22 - machine was rebooted
ComboFix-quarantined-files.txt 2004-11-08 08:34
.
Pre-Run: 9,298,128,896 bytes free
Post-Run: 9,656,934,400 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A5853EC9768BBEBAA899C1E86799BD28
Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
Windows Defender
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 6 Update 26
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 10 June 2012 - 08:55 AM

Looking good.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Please let me know what problem persists.

#8 iamill

iamill
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 11 June 2012 - 01:06 PM

Could NOT down load Java or Adobe. Keep getting error that "......runtime. exe is corrupt. Just to get to that point I had to bypass the security system to go to those sites. I had to do the same for this site. Things are getting worse. "I"

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 11 June 2012 - 01:40 PM

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • List Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size
Click Go and copy/paste the log (Result.txt) into your next post.

#10 iamill

iamill
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 11 June 2012 - 08:01 PM

OK here it is. "I"

MiniToolBox by Farbar Version: 09-06-2012
Ran by pmfjr (administrator) on 08-11-2004 at 08:03:51
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : jr1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.or.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.or.comcast.net.

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-0A-53-F7

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 50.137.58.140

Subnet Mask . . . . . . . . . . . : 255.255.252.0

IP Address. . . . . . . . . . . . : fe80::213:20ff:fe0a:53f7%4

Default Gateway . . . . . . . . . : 50.137.56.1

DHCP Server . . . . . . . . . . . : 76.96.95.4

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Monday, November 08, 2004 7:51:21 AM

Lease Expires . . . . . . . . . . : Thursday, November 11, 2004 9:04:30 AM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 80-00-FB-F5-CD-76-C5-73

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter 6to4 Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : hsd1.or.comcast.net.

Description . . . . . . . . . . . : 6to4 Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 32-89-3A-8C

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 2002:3289:3a8c::3289:3a8c

Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : hsd1.or.comcast.net.

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 32-89-3A-8C

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:50.137.58.140%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 173.194.33.39, 173.194.33.37, 173.194.33.33, 173.194.33.38
173.194.33.46, 173.194.33.40, 173.194.33.41, 173.194.33.34, 173.194.33.32
173.194.33.36, 173.194.33.35



Pinging google.com [173.194.33.2] with 32 bytes of data:



Reply from 173.194.33.2: bytes=32 time=14ms TTL=56

Reply from 173.194.33.2: bytes=32 time=15ms TTL=56



Ping statistics for 173.194.33.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 14ms, Maximum = 15ms, Average = 14ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=126ms TTL=49

Reply from 98.139.183.24: bytes=32 time=175ms TTL=47



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 126ms, Maximum = 175ms, Average = 150ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 0a 53 f7 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 50.137.56.1 50.137.58.140 20
50.137.56.0 255.255.252.0 50.137.58.140 50.137.58.140 20
50.137.58.140 255.255.255.255 127.0.0.1 127.0.0.1 20
50.255.255.255 255.255.255.255 50.137.58.140 50.137.58.140 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 50.137.58.140 50.137.58.140 20
255.255.255.255 255.255.255.255 50.137.58.140 50.137.58.140 1
Default Gateway: 50.137.56.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/08/2004 07:54:34 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (11/08/2004 01:17:30 AM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (11/08/2004 01:17:30 AM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (11/08/2004 00:58:22 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated unexpectedly. It has done this 3 time(s).

Error: (11/08/2004 00:57:54 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (11/08/2004 00:57:44 AM) (Source: WinDefend) (User: )
Description: %27 engine has been terminated due to an unexpected error.

Failure Type: %30

Exception code: 0xc0000005

Resource: file:C:\WINDOWS\system32\ntdll.dll

Error: (11/08/2004 00:56:14 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (11/08/2004 00:56:14 AM) (Source: WinDefend) (User: )
Description: %27 engine has been terminated due to an unexpected error.

Failure Type: %30

Exception code: 0xc0000005

Resource: file:C:\WINDOWS\system32\dwwin.exe

Error: (11/08/2004 00:41:48 AM) (Source: Print) (User: pmfjr)
Description: The document MSInfo6 owned by pmfjr failed to print on printer Brother MFC-5440CN USB Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 458752. Number of bytes printed: 299820. Total number of pages in the document: 68. Number of pages printed: 0. Client machine: \\JR1. Win32 error code returned by the print processor: MSInfo60. MSInfo61

Error: (11/08/2004 00:01:24 AM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (11/08/2004 00:01:24 AM) (Source: 0) (User: )
Description: \Device\CdRom1


Microsoft Office Sessions:
=========================
Error: (11/08/2004 07:54:34 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/08/2004 07:54:34 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 2045.98 MB
Available physical RAM: 1158.57 MB
Total Pagefile: 4395.32 MB
Available Pagefile: 3471.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.06 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:33.8 GB) (Free:8.66 GB) NTFS
4 Drive e: (2ST7US) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\JR1

Administrator Guest HelpAssistant
pmfjr SUPPORT_388945a0


**** End of log ****




#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 12 June 2012 - 12:44 PM

S2 Application Updater;Application Updater

Do you have any difficulties in updating Microsoft Windows Defender?
===

Remove this driver.

Open notepad and copy/paste the text in the quote box below into it:

Driver::
Application Updater


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.

#12 iamill

iamill
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 13 June 2012 - 11:35 PM

Defenders would not update or run. I uninstalled it then ran the Combofix. it was writing a log when my computer crashed. I guess that it is now lost in cyber space. I will run it again and send the log if it gives me one. Thanks "I"

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 14 June 2012 - 09:30 AM

Try to install Microsoft Security Essentials.

http://www.microsoft.com/en-us/download/details.aspx?id=5201

#14 iamill

iamill
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 14 June 2012 - 09:32 PM

I was able to download it. It started with a quick scanned, which failed after about 5 minutes. I then started a a full scan that went 46 minutes and 10,200 items before it had an error and had to close. ??????? thanks "I"

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 15 June 2012 - 09:43 AM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users