Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitman pro did not stop Mandiant Cyber Security


  • This topic is locked This topic is locked
23 replies to this topic

#1 Whywise

Whywise

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 03 September 2013 - 03:19 PM

I downloaded the software to a USB drive while in Safe Mode. I rebooted with the USB drive. Windows came up after I chose option 1. Then the Mandiant software locked up the computer just like it did while booting the normal way.

Thanks for the help

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:40 PM

Posted 03 September 2013 - 06:59 PM

Welcome aboard p22002758.gif

 

I'll report this topic to appropriate helpers.

Hold on there....


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:40 PM

Posted 07 September 2013 - 09:48 AM

Hello Whywise and welcome to Bleeping Computer!

Sorry for the delay in response to your topic, the Malware Removal forum can get busy at times.

==========

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:
  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Please do not run any other tools without my instruction to do so!
==========

I have moved this topic to the Malware Removal Logs forum where it will stay. Could you please tell me what version of Windows and what bit type you are running? (Windows XP/Vista/7, 32 or 64-bit)

That will help us determine the next steps to take to get you cleaned up. :)

bloopie

#4 Whywise

Whywise
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 07 September 2013 - 03:29 PM

I am running windows XP 32 bit and do not have the XP disc.

#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:40 PM

Posted 09 September 2013 - 03:13 PM

Hello again,
 
Okay, let's try this:

On a clean machine, please download Farbar Recovery Scan Tool and save it to the flashdrive.

Note: You need to run the version compatible with your system.

Plug the flashdrive into the infected PC. Now I'd like you to boot the infected machine into "Safemode with Command Prompt".

  • Once the Command Prompt window is open, type in notepad and press ENTER
  • The notepad window opens. Now click File > Open, then click on "My Computer" and note down the drive letter of the flashdrive
  • Now back in the Command Prompt, type in x:\frst (where x is the letter of your flashdrive)
  • FRST should then open. Click the "Scan" button just once and wait for the tool to scan
  • When finished it will produce a log (Fixlog.txt) on the flashdrive
  • Please copy and paste that log in a reply here

bloopie



#6 Whywise

Whywise
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 10 September 2013 - 11:27 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 01
Ran by Administrator (administrator) on DIMENSION4700 on 10-09-2013 12:14:48
Running from E:\
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-05-11] (Hewlett-Packard Co.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [101136 2007-01-23] (Logitech Inc.)
HKLM\...\Run: [Logitech Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [101136 2007-01-23] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Starter] - C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe [79728 2012-02-14] (Driver-Soft Inc.)
HKU\Owner\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2012-06-08] (Google Inc.)
HKU\Owner\...\Run: [cdloader] - C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe [ 2012-02-01] (magicJack L.P.)
HKU\Owner\...\Run: [AmazonMP3DownloaderHelper] - C:\Documents and Settings\Owner\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [ 2013-05-22] ()
HKU\Owner\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)
HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Owner\Application Data\cache.dat [ 2010-12-09] () <==== ATTENTION
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {A6026B06-6060-431E-8F2D-E84E01B92318} URL = http://search.genieo.com/results.html?v=w3i18W_29&wtag=W3i_IA,206,0_01,DefaultSearch,20130835,19432,6,0,&q={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1332707986906
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP1-321/event/ieatgpc.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2012-11-15] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2012-11-15] (Printing Communications Assoc., Inc. (PCAUSA))
S3 senfilt; C:\Windows\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.)
S0 cerc6; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-10 12:14 - 2013-09-10 12:14 - 00000000 ____D C:\FRST
2013-08-29 20:18 - 2013-09-10 12:10 - 00000426 _____ C:\WINDOWS\Tasks\PC Optimizer Pro startups.job
2013-08-29 20:18 - 2013-08-29 20:21 - 00000454 _____ C:\WINDOWS\Tasks\PC Optimizer Pro Updates.job
2013-08-29 20:18 - 2013-08-29 20:21 - 00000422 _____ C:\WINDOWS\Tasks\PC Optimizer Pro Scan.job
2013-08-29 20:18 - 2013-08-29 20:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
2013-08-29 20:17 - 2013-08-29 20:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-08-29 20:16 - 2013-08-29 20:20 - 00000000 ____D C:\0d3dd0de31284b195acdb905a88e
2013-08-29 20:16 - 2013-08-29 20:17 - 09186416 _____ (SurfRight B.V.) C:\Documents and Settings\Administrator\Desktop\HitmanPro.exe
2013-08-29 20:16 - 2013-08-29 20:16 - 00000000 ____D C:\df4d5a82700c30c3ffda0774ae9b2e3e
2013-08-29 20:11 - 2013-08-29 20:11 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sun
2013-08-29 20:09 - 2013-08-29 20:10 - 00000000 ____D C:\Program Files\7-Zip
2013-08-29 20:09 - 2013-08-29 20:09 - 00000860 _____ C:\Documents and Settings\Administrator\Desktop\Driver Genius.lnk
2013-08-29 20:09 - 2013-08-29 20:09 - 00000000 ____D C:\Program Files\Driver-Soft
2013-08-29 20:09 - 2013-08-29 20:09 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\7-Zip
2013-08-29 20:08 - 2013-08-29 20:18 - 00000000 ____D C:\Program Files\PC Optimizer Pro
2013-08-29 20:08 - 2013-08-29 20:08 - 00000768 _____ C:\Documents and Settings\All Users\Desktop\PC Optimizer Pro.lnk
2013-08-29 20:02 - 2013-08-29 20:02 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-08-29 20:02 - 2013-08-29 20:02 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-08-29 19:36 - 2013-08-29 19:37 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Paris 2011
2013-08-29 03:00 - 2013-08-29 03:00 - 00004353 _____ C:\WINDOWS\KB2803821-v2.log
2013-08-29 03:00 - 2013-08-29 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2013-08-28 11:10 - 2013-08-28 11:14 - 00096313 _____ C:\Documents and Settings\Owner\My Documents\Copy of WMCA Tournament.xlsx
2013-08-20 15:46 - 2013-08-20 15:47 - 00009747 _____ C:\Documents and Settings\Owner\My Documents\Collections report.xlsx
2013-08-20 13:33 - 2013-08-20 15:35 - 00036137 _____ C:\Documents and Settings\Owner\My Documents\Mail Merge.xlsx
2013-08-19 13:57 - 2013-08-19 14:04 - 00026709 _____ C:\Documents and Settings\Owner\My Documents\Donations.xlsx
2013-08-19 12:23 - 2013-08-19 12:23 - 00031382 _____ C:\Documents and Settings\Owner\My Documents\Copy of PayPal account.xlsx
2013-08-18 11:57 - 2013-08-18 11:57 - 00010711 _____ C:\Documents and Settings\Owner\My Documents\More Donations.xlsx
2013-08-15 03:04 - 2013-08-15 03:05 - 00013287 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-15 03:01 - 2013-08-15 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-15 03:01 - 2013-08-15 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-15 03:00 - 2013-08-15 03:00 - 00005121 _____ C:\WINDOWS\KB2863058.log
2013-08-15 03:00 - 2013-08-15 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 03:00 - 2013-08-15 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-14 06:39 - 2013-08-15 03:01 - 00010705 _____ C:\WINDOWS\KB2859537.log
2013-08-14 06:39 - 2013-08-15 03:01 - 00008958 _____ C:\WINDOWS\KB2850869.log
2013-08-13 19:14 - 2013-08-13 19:14 - 00001892 _____ C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
2013-08-13 19:14 - 2013-08-13 19:14 - 00000000 ____D C:\Program Files\Microsoft Download Manager
2013-08-13 15:40 - 2013-08-18 12:09 - 00011017 _____ C:\Documents and Settings\Owner\My Documents\WCMA Results.xlsx
2013-08-12 16:37 - 2013-08-12 16:38 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\WCMA

==================== One Month Modified Files and Folders =======

2013-09-10 12:14 - 2013-09-10 12:14 - 00000000 ____D C:\FRST
2013-09-10 12:13 - 2012-03-25 15:30 - 01342698 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-10 12:11 - 2013-07-25 14:20 - 00000004 _____ C:\Documents and Settings\Owner\Application Data\cache.ini
2013-09-10 12:11 - 2012-05-30 16:42 - 00000275 _____ C:\WINDOWS\wiadebug.log
2013-09-10 12:11 - 2012-05-30 16:42 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-09-10 12:11 - 2012-05-25 20:57 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2013-09-10 12:11 - 2012-03-25 15:51 - 00032628 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-10 12:11 - 2012-03-25 15:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-10 12:10 - 2013-08-29 20:18 - 00000426 _____ C:\WINDOWS\Tasks\PC Optimizer Pro startups.job
2013-09-10 12:10 - 2012-06-08 14:06 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 12:10 - 2008-04-13 19:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-04 10:46 - 2012-06-08 14:06 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-03 16:03 - 2012-06-29 10:27 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-03 16:02 - 2013-07-11 14:20 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-08-29 20:21 - 2013-08-29 20:18 - 00000454 _____ C:\WINDOWS\Tasks\PC Optimizer Pro Updates.job
2013-08-29 20:21 - 2013-08-29 20:18 - 00000422 _____ C:\WINDOWS\Tasks\PC Optimizer Pro Scan.job
2013-08-29 20:21 - 2012-03-25 15:51 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-08-29 20:20 - 2013-08-29 20:16 - 00000000 ____D C:\0d3dd0de31284b195acdb905a88e
2013-08-29 20:19 - 2012-03-25 15:51 - 00001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2013-08-29 20:18 - 2013-08-29 20:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
2013-08-29 20:18 - 2013-08-29 20:08 - 00000000 ____D C:\Program Files\PC Optimizer Pro
2013-08-29 20:17 - 2013-08-29 20:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-08-29 20:17 - 2013-08-29 20:16 - 09186416 _____ (SurfRight B.V.) C:\Documents and Settings\Administrator\Desktop\HitmanPro.exe
2013-08-29 20:16 - 2013-08-29 20:16 - 00000000 ____D C:\df4d5a82700c30c3ffda0774ae9b2e3e
2013-08-29 20:11 - 2013-08-29 20:11 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sun
2013-08-29 20:10 - 2013-08-29 20:09 - 00000000 ____D C:\Program Files\7-Zip
2013-08-29 20:09 - 2013-08-29 20:09 - 00000860 _____ C:\Documents and Settings\Administrator\Desktop\Driver Genius.lnk
2013-08-29 20:09 - 2013-08-29 20:09 - 00000000 ____D C:\Program Files\Driver-Soft
2013-08-29 20:09 - 2013-08-29 20:09 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\7-Zip
2013-08-29 20:08 - 2013-08-29 20:08 - 00000768 _____ C:\Documents and Settings\All Users\Desktop\PC Optimizer Pro.lnk
2013-08-29 20:02 - 2013-08-29 20:02 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-08-29 20:02 - 2013-08-29 20:02 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-08-29 19:37 - 2013-08-29 19:36 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Paris 2011
2013-08-29 14:15 - 2012-05-25 20:57 - 00000000 ____D C:\Documents and Settings\Owner
2013-08-29 14:14 - 2012-12-05 18:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ATTYToolbar
2013-08-29 03:00 - 2013-08-29 03:00 - 00004353 _____ C:\WINDOWS\KB2803821-v2.log
2013-08-29 03:00 - 2013-08-29 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2013-08-29 03:00 - 2012-06-02 12:14 - 00415130 _____ C:\WINDOWS\iis6.log
2013-08-29 03:00 - 2012-06-02 12:14 - 00390021 _____ C:\WINDOWS\FaxSetup.log
2013-08-29 03:00 - 2012-06-02 12:14 - 00186228 _____ C:\WINDOWS\ocgen.log
2013-08-29 03:00 - 2012-06-02 12:14 - 00177726 _____ C:\WINDOWS\tsoc.log
2013-08-29 03:00 - 2012-06-02 12:14 - 00127609 _____ C:\WINDOWS\comsetup.log
2013-08-29 03:00 - 2012-06-02 12:14 - 00117068 _____ C:\WINDOWS\msmqinst.log
2013-08-29 03:00 - 2012-06-02 12:14 - 00077515 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-29 03:00 - 2012-06-02 12:14 - 00068229 _____ C:\WINDOWS\netfxocm.log
2013-08-29 03:00 - 2012-06-02 12:14 - 00026775 _____ C:\WINDOWS\MedCtrOC.log
2013-08-29 03:00 - 2012-06-02 12:14 - 00021546 _____ C:\WINDOWS\ocmsn.log
2013-08-29 03:00 - 2012-06-02 12:14 - 00019593 _____ C:\WINDOWS\tabletoc.log
2013-08-29 03:00 - 2012-06-02 12:14 - 00019467 _____ C:\WINDOWS\msgsocm.log
2013-08-29 03:00 - 2012-06-02 12:14 - 00001374 _____ C:\WINDOWS\imsins.log
2013-08-28 17:02 - 2013-03-31 17:25 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-08-28 11:14 - 2013-08-28 11:10 - 00096313 _____ C:\Documents and Settings\Owner\My Documents\Copy of WMCA Tournament.xlsx
2013-08-28 11:09 - 2013-06-20 17:43 - 00102451 _____ C:\Documents and Settings\Owner\My Documents\WMCA Tournament.xlsx
2013-08-28 10:57 - 2012-06-12 20:00 - 00002473 _____ C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2007.lnk
2013-08-23 16:18 - 2012-07-25 11:37 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Image Zone Express
2013-08-23 16:18 - 2012-06-21 19:43 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Scans
2013-08-20 19:03 - 2012-06-29 10:27 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-20 19:03 - 2012-06-29 10:27 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-08-20 15:47 - 2013-08-20 15:46 - 00009747 _____ C:\Documents and Settings\Owner\My Documents\Collections report.xlsx
2013-08-20 15:35 - 2013-08-20 13:33 - 00036137 _____ C:\Documents and Settings\Owner\My Documents\Mail Merge.xlsx
2013-08-19 14:47 - 2012-06-12 20:00 - 00002515 _____ C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
2013-08-19 14:04 - 2013-08-19 13:57 - 00026709 _____ C:\Documents and Settings\Owner\My Documents\Donations.xlsx
2013-08-19 12:23 - 2013-08-19 12:23 - 00031382 _____ C:\Documents and Settings\Owner\My Documents\Copy of PayPal account.xlsx
2013-08-18 12:09 - 2013-08-13 15:40 - 00011017 _____ C:\Documents and Settings\Owner\My Documents\WCMA Results.xlsx
2013-08-18 11:57 - 2013-08-18 11:57 - 00010711 _____ C:\Documents and Settings\Owner\My Documents\More Donations.xlsx
2013-08-15 03:05 - 2013-08-15 03:04 - 00013287 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-15 03:05 - 2012-06-05 03:01 - 00037304 _____ C:\WINDOWS\updspapi.log
2013-08-15 03:05 - 2012-06-02 12:14 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-08-15 03:04 - 2013-08-01 03:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-15 03:02 - 2012-06-12 19:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-08-15 03:02 - 2012-05-25 19:08 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-15 03:01 - 2013-08-15 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-15 03:01 - 2013-08-15 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-15 03:01 - 2013-08-14 06:39 - 00010705 _____ C:\WINDOWS\KB2859537.log
2013-08-15 03:01 - 2013-08-14 06:39 - 00008958 _____ C:\WINDOWS\KB2850869.log
2013-08-15 03:00 - 2013-08-15 03:00 - 00005121 _____ C:\WINDOWS\KB2863058.log
2013-08-15 03:00 - 2013-08-15 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 03:00 - 2013-08-15 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-15 03:00 - 2012-05-25 19:05 - 00023506 _____ C:\WINDOWS\system32\TZLog.log
2013-08-13 19:14 - 2013-08-13 19:14 - 00001892 _____ C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
2013-08-13 19:14 - 2013-08-13 19:14 - 00000000 ____D C:\Program Files\Microsoft Download Manager
2013-08-13 19:14 - 2012-05-30 16:35 - 00184596 _____ C:\WINDOWS\setupapi.log
2013-08-12 16:38 - 2013-08-12 16:37 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\WCMA

Files to move or delete:
====================
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dotnetfx35.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HitmanPro_x64.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IeSearchProvider.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jreInstall.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kickstarter.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\updater_uninstall.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Owner\Local Settings\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

dditional scan result of Farbar Recovery Scan Tool (x86) Version: 09-09-2013 01
Ran by Administrator at 2013-09-10 12:16:04
Running from E:\
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Installed Programs =======================

5600 (Version: 50.0.206.000)
5600_Help (Version: 50.0.206.000)
5600Trb (Version: 50.0.206.000)
7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Reader X (10.1.7) (Version: 10.1.7)
AiO_Scan (Version: 50.0.206.000)
AiOSoftware (Version: 50.0.206.000)
Apple Software Update (Version: 2.1.3.127)
att.net Internet Mail
att.net Toolbar
Bonjour (Version: 2.0.2.0)
Bonjour Print Services (Version: 2.0.2.0)
BufferChm (Version: 53.0.13.000)
CCleaner (Version: 3.19)
CDDRV_Installer (Version: 1.00.0000)
Cisco WebEx Meetings
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
Destinations (Version: 53.0.13.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 5.2.0.0)
Driver Genius (Version: 12.0)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 50.0.206.000)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Google Update Helper (Version: 1.3.21.153)
HP Image Zone Express (Version: 1.5.1.29)
HP Imaging Device Functions 5.3 (Version: 5.3)
HP PSC & OfficeJet 5.3.B
HP Software Update (Version: 3.0.5.001)
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3)
HPProductAssistant (Version: 53.0.13.000)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4410)
Intel® PRO Network Connections Drivers
KhalSetup (Version: 3.30.165)
Logitech SetPoint (Version: 3.3)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NewCopy (Version: 50.0.206.000)
Notation Musician 2.6.3 (Version: 2.6.3)
PC Optimizer Pro (Version: 6.4.6.4)
ProductContext (Version: 50.0.206.000)
Readme (Version: 50.0.206.000)
Scan (Version: 5.2.0.0)
ScannerCopy (Version: 5.2.0.0)
SketchUp 8 (Version: 3.0.15158)
SolutionCenter (Version: 50.0.152.000)
SoundMAX (Version: 5.12.01.5246)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 53.0.13.000)
TrayApp (Version: 53.0.13.000)
Unload (Version: 5.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
WIDI Recognition System Pro 4.3 (remove only)
WIDI Recognition System Standard 4.3 (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Yahoo! Software Update
 

==================== Restore Points  =========================

05-06-2013 23:57:40 Software Distribution Service 3.0
06-06-2013 23:57:46 Software Distribution Service 3.0
08-06-2013 23:33:05 Software Distribution Service 3.0
09-06-2013 06:10:46 Software Distribution Service 3.0
09-06-2013 23:32:47 Software Distribution Service 3.0
10-06-2013 23:32:53 Software Distribution Service 3.0
11-06-2013 23:32:51 Software Distribution Service 3.0
12-06-2013 07:00:17 Software Distribution Service 3.0
13-06-2013 07:53:59 System Checkpoint
13-06-2013 17:13:07 Software Distribution Service 3.0
14-06-2013 17:13:20 Software Distribution Service 3.0
15-06-2013 17:13:22 Software Distribution Service 3.0
16-06-2013 06:12:05 Software Distribution Service 3.0
16-06-2013 17:13:18 Software Distribution Service 3.0
17-06-2013 17:13:30 Software Distribution Service 3.0
18-06-2013 17:38:26 System Checkpoint
18-06-2013 18:57:34 Software Distribution Service 3.0
19-06-2013 18:57:32 Software Distribution Service 3.0
20-06-2013 18:57:27 Software Distribution Service 3.0
21-06-2013 19:06:40 System Checkpoint
21-06-2013 19:13:58 Software Distribution Service 3.0
22-06-2013 19:13:42 Software Distribution Service 3.0
23-06-2013 05:49:45 Software Distribution Service 3.0
23-06-2013 19:13:30 Software Distribution Service 3.0
24-06-2013 19:13:34 Software Distribution Service 3.0
25-06-2013 19:13:30 Software Distribution Service 3.0
26-06-2013 20:11:33 System Checkpoint
27-06-2013 17:18:42 Software Distribution Service 3.0
28-06-2013 17:18:43 Software Distribution Service 3.0
29-06-2013 17:18:35 Software Distribution Service 3.0
30-06-2013 06:20:42 Software Distribution Service 3.0
30-06-2013 17:18:20 Software Distribution Service 3.0
01-07-2013 17:17:57 Software Distribution Service 3.0
02-07-2013 17:33:15 System Checkpoint
02-07-2013 22:01:13 Software Distribution Service 3.0
03-07-2013 22:00:21 Software Distribution Service 3.0
04-07-2013 22:29:10 System Checkpoint
05-07-2013 17:36:27 Software Distribution Service 3.0
06-07-2013 17:36:10 Software Distribution Service 3.0
07-07-2013 05:34:40 Software Distribution Service 3.0
07-07-2013 17:36:13 Software Distribution Service 3.0
08-07-2013 17:36:13 Software Distribution Service 3.0
09-07-2013 18:00:25 System Checkpoint
09-07-2013 20:08:14 Software Distribution Service 3.0
10-07-2013 20:08:08 Software Distribution Service 3.0
11-07-2013 17:59:46 Software Distribution Service 3.0
12-07-2013 18:01:30 System Checkpoint
12-07-2013 18:20:56 Software Distribution Service 3.0
13-07-2013 18:20:42 Software Distribution Service 3.0
14-07-2013 06:13:17 Software Distribution Service 3.0
14-07-2013 18:20:42 Software Distribution Service 3.0
15-07-2013 18:20:47 Software Distribution Service 3.0
16-07-2013 18:20:46 Software Distribution Service 3.0
17-07-2013 18:20:33 Software Distribution Service 3.0
18-07-2013 18:20:32 Software Distribution Service 3.0
19-07-2013 18:19:58 Software Distribution Service 3.0
20-07-2013 18:20:31 Software Distribution Service 3.0
21-07-2013 06:13:16 Software Distribution Service 3.0
21-07-2013 18:20:32 Software Distribution Service 3.0
22-07-2013 18:20:39 Software Distribution Service 3.0
23-07-2013 18:20:13 Software Distribution Service 3.0
24-07-2013 18:36:26 System Checkpoint
25-07-2013 16:42:51 Software Distribution Service 3.0
26-07-2013 17:59:49 System Checkpoint
26-07-2013 19:35:30 Software Distribution Service 3.0
27-07-2013 19:34:33 Software Distribution Service 3.0
28-07-2013 06:07:28 Software Distribution Service 3.0
28-07-2013 19:34:30 Software Distribution Service 3.0
29-07-2013 19:34:43 Software Distribution Service 3.0
30-07-2013 19:34:30 Software Distribution Service 3.0
31-07-2013 20:15:06 System Checkpoint
01-08-2013 07:00:15 Software Distribution Service 3.0
01-08-2013 18:22:28 Software Distribution Service 3.0
02-08-2013 18:22:25 Software Distribution Service 3.0
03-08-2013 18:22:31 Software Distribution Service 3.0
04-08-2013 06:28:08 Software Distribution Service 3.0
04-08-2013 18:22:20 Software Distribution Service 3.0
05-08-2013 18:22:28 Software Distribution Service 3.0
06-08-2013 18:22:23 Software Distribution Service 3.0
07-08-2013 18:22:15 Software Distribution Service 3.0
08-08-2013 18:22:10 Software Distribution Service 3.0
09-08-2013 18:22:07 Software Distribution Service 3.0
10-08-2013 18:22:09 Software Distribution Service 3.0
11-08-2013 06:28:35 Software Distribution Service 3.0
12-08-2013 07:03:15 System Checkpoint
12-08-2013 13:10:55 Software Distribution Service 3.0
13-08-2013 13:13:47 System Checkpoint
13-08-2013 20:21:01 Software Distribution Service 3.0
13-08-2013 23:13:59 Installed Microsoft Download Manager
14-08-2013 23:10:41 Software Distribution Service 3.0
15-08-2013 07:00:20 Software Distribution Service 3.0
16-08-2013 07:25:06 System Checkpoint
16-08-2013 07:32:26 Software Distribution Service 3.0
17-08-2013 07:31:59 Software Distribution Service 3.0
18-08-2013 06:22:06 Software Distribution Service 3.0
19-08-2013 06:25:06 System Checkpoint
19-08-2013 07:32:16 Software Distribution Service 3.0
20-08-2013 07:32:00 Software Distribution Service 3.0
21-08-2013 07:32:06 Software Distribution Service 3.0
22-08-2013 07:32:00 Software Distribution Service 3.0
23-08-2013 07:31:50 Software Distribution Service 3.0
24-08-2013 07:31:50 Software Distribution Service 3.0
25-08-2013 06:22:13 Software Distribution Service 3.0
25-08-2013 07:31:50 Software Distribution Service 3.0
26-08-2013 07:31:52 Software Distribution Service 3.0
27-08-2013 07:32:36 Software Distribution Service 3.0
28-08-2013 07:31:40 Software Distribution Service 3.0
29-08-2013 07:00:15 Software Distribution Service 3.0
29-08-2013 07:31:50 Software Distribution Service 3.0
03-09-2013 20:03:24 Software Distribution Service 3.0

==================== Hosts content: ==========================

2008-04-13 19:00 - 2012-05-29 11:03 - 00442832 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\PC Optimizer Pro Scan.job => C:\Program Files\PC Optimizer Pro\StartApps.exe
Task: C:\WINDOWS\Tasks\PC Optimizer Pro startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe
Task: C:\WINDOWS\Tasks\PC Optimizer Pro Updates.job => C:\Program Files\PC Optimizer Pro\StartApps.exe

==================== Loaded Modules (whitelisted) =============

2013-09-03 16:03 - 2013-08-06 03:28 - 07166848 _____ (Microsoft Corporation) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A0BDF8F-6AA9-4C65-85B6-63160474F1FC}\mpengine.dll
2012-03-25 15:27 - 2008-04-13 19:00 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbem\wbemcons.dll

==================== Alternate Data Streams (whitelisted) ==========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2013 00:10:27 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000f71b.
Processing media-specific event for [explorer.exe!ws!]

Error: (09/03/2013 03:53:52 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.9800.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (09/03/2013 03:49:39 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000e47c.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/29/2013 08:21:01 PM) (Source: MsiInstaller) (User: DIMENSION4700)
Description: The installation of c:\df4d5a82700c30c3ffda0774ae9b2e3e\vs_setup.ms_ is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (08/29/2013 08:21:01 PM) (Source: MsiInstaller) (User: DIMENSION4700)
Description: The installation of c:\df4d5a82700c30c3ffda0774ae9b2e3e\vs_setup.ms_ is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (08/29/2013 08:21:01 PM) (Source: MsiInstaller) (User: DIMENSION4700)
Description: The installation of c:\df4d5a82700c30c3ffda0774ae9b2e3e\vs_setup.ms_ is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (08/29/2013 08:21:01 PM) (Source: MsiInstaller) (User: DIMENSION4700)
Description: The installation of c:\df4d5a82700c30c3ffda0774ae9b2e3e\vs_setup.ms_ is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (08/29/2013 08:21:01 PM) (Source: MsiInstaller) (User: DIMENSION4700)
Description: The installation of c:\df4d5a82700c30c3ffda0774ae9b2e3e\vs_setup.ms_ is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (08/29/2013 08:21:01 PM) (Source: MsiInstaller) (User: DIMENSION4700)
Description: The installation of c:\df4d5a82700c30c3ffda0774ae9b2e3e\vs_setup.ms_ is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (08/29/2013 08:21:01 PM) (Source: MsiInstaller) (User: DIMENSION4700)
Description: The installation of c:\df4d5a82700c30c3ffda0774ae9b2e3e\vs_setup.ms_ is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

System errors:
=============
Error: (09/10/2013 00:14:10 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
MpFilter
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Error: (09/10/2013 00:14:10 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (09/10/2013 00:14:10 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (09/10/2013 00:14:10 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (09/10/2013 00:14:10 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (09/10/2013 00:14:10 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (09/10/2013 00:13:28 PM) (Source: DCOM) (User: DIMENSION4700)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/10/2013 00:13:25 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/10/2013 00:13:12 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.157.1049.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.3.0215.00

 Source Path: 4.3.0215.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (09/10/2013 00:13:12 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.157.1049.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.3.0215.00

 Source Path: 4.3.0215.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Microsoft Office Sessions:
=========================
Error: (07/11/2013 00:02:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 31 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/11/2013 11:59:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/11/2013 11:47:01 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 697 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (07/10/2013 00:23:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 25 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/10/2013 00:22:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/10/2013 00:21:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/10/2013 00:20:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/10/2013 00:20:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/10/2013 00:20:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 542 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (07/10/2013 00:10:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 54 seconds with 0 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 2550.07 MB
Available physical RAM: 2276.43 MB
Total Pagefile: 4443.54 MB
Available Pagefile: 4338.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:133.25 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (HITMANPRO) (Removable) (Total:0.11 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: B92BB92B)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 125 MB) (Disk ID: FAF47BAB)
Partition 1: (Active) - (Size=118 MB) - (Type=0B)

==================== End Of Log ============================



#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:40 PM

Posted 10 September 2013 - 02:12 PM

Hello again,

Okay, lets run this fix:

Download attached Attached File  fixlist.txt   955bytes   2 downloads and save it to the flashdrive.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now plug the flashdrive back into the infected machine:

 

Run FRST just as you did before but this time, press the Fix button just once and wait.
When finished FRST will generate a log (Fixlog.txt) in the same location the tool is run from. Please post it to your reply.

==========

Also please let me know if the computer boots normally now! Once we're booting again, then we can continue the cleaning.

bloopie



#8 Whywise

Whywise
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 10 September 2013 - 03:34 PM

bloopie,

 

I am booting normally and here is the log>

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-09-2013 01
Ran by Administrator at 2013-09-10 16:28:11 Run:1
Running from E:\
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Owner\Application Data\cache.dat [ 2010-12-09] () <==== ATTENTION
C:\Documents and Settings\Owner\Application Data\cache.dat
SearchScopes: HKCU - {A6026B06-6060-431E-8F2D-E84E01B92318} URL = http://search.genieo.com/results.html?v=w3i18W_29&wtag=W3i_IA,206,0_01,DefaultSearch,20130835,19432,6,0,&q={searchTerms}
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dotnetfx35.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HitmanPro_x64.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IeSearchProvider.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jreInstall.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kickstarter.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\updater_uninstall.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Owner\Local Settings\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll
Folder: C:\0d3dd0de31284b195acdb905a88e
Folder: C:\df4d5a82700c30c3ffda0774ae9b2e3e
*****************

HKU\Owner\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Documents and Settings\Owner\Application Data\cache.dat => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A6026B06-6060-431E-8F2D-E84E01B92318} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A6026B06-6060-431E-8F2D-E84E01B92318} => Key not found.
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dotnetfx35.exe => Moved successfully.
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HitmanPro_x64.exe => Moved successfully.
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IeSearchProvider.exe => Moved successfully.
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jreInstall.exe => Moved successfully.
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kickstarter.exe => Moved successfully.
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\updater_uninstall.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ose00000.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll => Moved successfully.

========================= Folder: C:\0d3dd0de31284b195acdb905a88e ========================

2013-08-29 20:16 - 2013-08-29 20:16 - 0000000 ____D () C:\0d3dd0de31284b195acdb905a88e\wcu
2013-08-29 20:16 - 2013-08-29 20:16 - 0000000 ____D () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework
2013-08-29 20:16 - 2013-08-29 20:16 - 0000000 ____D () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20
2013-08-29 20:16 - 2013-08-29 20:16 - 0000000 ____D () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30
2013-08-29 20:16 - 2013-08-29 20:16 - 0000000 ____D () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX35
2013-08-29 20:16 - 2013-08-29 20:16 - 0000000 ____D () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP
2013-08-29 20:16 - 2013-08-29 20:16 - 0000000 ____D () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\Tools
2013-08-29 20:16 - 2013-08-29 20:16 - 0000000 ____D () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\x64
2013-08-29 20:16 - 2013-08-29 20:16 - 0000000 ____D () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\x86
2013-08-29 20:16 - 2013-08-29 20:16 - 0000000 ____D () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX35\ia64
2013-08-29 20:16 - 2013-08-29 20:16 - 0000000 ____D () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX35\x64
2013-08-29 20:16 - 2013-08-29 20:16 - 0000000 ____D () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX35\x86
2013-08-29 20:16 - 2013-08-29 20:16 - 0000000 ____D () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP\ia64
2013-08-29 20:16 - 2013-08-29 20:16 - 0000000 ____D () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP\x64
2013-08-29 20:16 - 2013-08-29 20:16 - 0000000 ____D () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP\x86
2008-07-30 00:26 - 2008-07-30 00:26 - 2959376 ____A (Microsoft Corporation) C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFx35setup.exe
2008-07-29 18:43 - 2008-07-29 18:43 - 0114200 ____A (Microsoft Corporation) C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\Tools\clwireg.exe
2008-07-29 18:43 - 2008-07-29 18:43 - 0295448 ____A (Microsoft Corporation) C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\Tools\clwireg_ia64.exe
2008-07-29 18:43 - 2008-07-29 18:43 - 0131608 ____A (Microsoft Corporation) C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\Tools\clwireg_x64.exe
2008-07-29 18:43 - 2008-07-29 18:43 - 0110141 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP\NetFx_20_SP1_ENU_License.rtf
2008-07-29 22:40 - 2008-07-29 22:40 - 0110242 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP\NetFx_30_SP1_ENU_License.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0143404 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP\x86\NetFX2.0-KB936704-v6000-x86_RTM_en.msu
2008-07-29 23:15 - 2008-07-29 23:15 - 19571330 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP\x86\NetFX2.0-KB948609-v6001-x86.msu
2008-07-29 23:15 - 2008-07-29 23:15 - 0429638 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP\x86\NetFX3.0-KB936705-v6000-x86_RTM_en.msu
2008-07-29 23:15 - 2008-07-29 23:15 - 11045073 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP\x86\NetFX3.0-KB948610-v6001-x86.msu
2008-07-29 23:15 - 2008-07-29 23:15 - 0142159 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP\x64\NetFX2.0-KB936704-v6000-x64_RTM_en.msu
2008-07-29 23:15 - 2008-07-29 23:15 - 30479328 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP\x64\NetFX2.0-KB948609-v6001-x64.msu
2008-07-29 23:15 - 2008-07-29 23:15 - 0433823 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP\x64\NetFX3.0-KB936705-v6000-x64_RTM_en.msu
2008-07-29 23:15 - 2008-07-29 23:15 - 16139733 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP\x64\NetFX3.0-KB948610-v6001-x64.msu
2008-07-29 23:15 - 2008-07-29 23:15 - 32478298 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP\ia64\NetFX2.0-KB948609-v6001-ia64.msu
2008-07-29 23:15 - 2008-07-29 23:15 - 5574854 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetMSP\ia64\NetFX3.0-KB948610-v6001-ia64.msu
2008-07-29 23:47 - 2008-07-29 23:47 - 8164360 ____A (Microsoft Corporation) C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX35\x86\netfx35_x86.exe
2008-07-29 23:58 - 2008-07-29 23:58 - 11396104 ____A (Microsoft Corporation) C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX35\x64\netfx35_x64.exe
2008-07-30 00:11 - 2008-07-30 00:11 - 13473288 ____A (Microsoft Corporation) C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX35\ia64\netfx35_ia64.exe
2008-07-29 19:14 - 2008-07-29 19:14 - 0153600 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\Netfx30a_x64.msi
2008-07-29 19:12 - 2008-07-29 19:12 - 0142336 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\Netfx30a_x86.msi
2008-07-29 22:40 - 2008-07-29 22:40 - 0184832 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\RGB9RAST_x64.msi
2008-07-29 22:40 - 2008-07-29 22:40 - 0094720 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\RGB9RAST_x86.msi
2008-07-29 19:18 - 2008-07-29 19:18 - 3376640 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WCF.msp
2008-07-29 19:22 - 2008-07-29 19:22 - 3207168 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WCF_64.msp
2008-07-29 19:26 - 2008-07-29 19:26 - 1043456 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WCS.msp
2008-07-29 19:30 - 2008-07-29 19:30 - 1307136 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WCS_64.msp
2008-07-29 19:34 - 2008-07-29 19:34 - 1448448 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WF.msp
2008-07-29 19:40 - 2008-07-29 19:40 - 0291840 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WF_32.msp
2008-07-29 19:38 - 2008-07-29 19:38 - 1372160 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WF_64.msp
2008-07-29 22:40 - 2008-07-29 22:40 - 1911592 ____A (Microsoft Corporation) C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WIC_x64_enu.exe
2008-07-29 22:40 - 2008-07-29 22:40 - 1227048 ____A (Microsoft Corporation) C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WIC_x86_enu.exe
2008-07-29 20:22 - 2008-07-29 20:22 - 4137984 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WPF1.msp
2008-07-29 20:28 - 2008-07-29 20:28 - 4328960 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WPF1_64.msp
2008-07-29 20:37 - 2008-07-29 20:37 - 2679808 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WPF2.msp
2008-07-29 21:07 - 2008-07-29 21:07 - 0023040 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WPF2_32.msp
2008-07-29 21:04 - 2008-07-29 21:04 - 2515968 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WPF2_64.msp
2008-07-29 21:15 - 2008-07-29 21:15 - 3697664 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WPF_Other.msp
2008-07-29 21:23 - 2008-07-29 21:23 - 0250880 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WPF_Other_32.msp
2008-07-29 21:19 - 2008-07-29 21:19 - 4541440 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\WPF_Other_64.msp
2008-07-29 21:28 - 2008-07-29 21:28 - 0278016 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\XPS.msp
2008-07-29 22:40 - 2008-07-29 22:40 - 3685424 ____A (Microsoft Corporation) C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\XPSEPSC-amd64-en-US.exe
2008-07-29 22:40 - 2008-07-29 22:40 - 3049000 ____A (Microsoft Corporation) C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\XPSEPSC-x86-en-US.exe
2008-07-29 23:13 - 2008-07-29 23:13 - 1527296 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\x86\msxml6.msi
2008-07-29 23:13 - 2008-07-29 23:13 - 2678272 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX30\x64\msxml6.msi
2008-07-29 17:29 - 2008-07-29 17:29 - 2926080 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\ASPNET.msp
2008-07-29 17:54 - 2008-07-29 17:54 - 3011584 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\ASPNET_64.msp
2008-07-29 17:31 - 2008-07-29 17:31 - 6083072 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\clr.msp
2008-07-29 17:57 - 2008-07-29 17:57 - 8585216 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\clr_64.msp
2008-07-29 17:33 - 2008-07-29 17:33 - 0506368 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\crt.msp
2008-07-29 17:59 - 2008-07-29 17:59 - 0046592 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\crt_64.msp
2008-07-29 17:35 - 2008-07-29 17:35 - 0553472 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\dw.msp
2008-07-29 18:01 - 2008-07-29 18:01 - 1297920 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\dw_64.msp
2008-07-29 17:52 - 2008-07-29 17:52 - 0099840 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\Netfx20a_x64.msi
2008-07-29 17:27 - 2008-07-29 17:27 - 0093184 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\Netfx20a_x86.msi
2008-07-29 17:37 - 2008-07-29 17:37 - 0911360 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\NetFX_CA.msp
2008-07-29 17:39 - 2008-07-29 17:39 - 3403264 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\NetFX_Core.msp
2008-07-29 18:03 - 2008-07-29 18:03 - 3527680 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\NetFX_Core_64.msp
2008-07-29 17:41 - 2008-07-29 17:41 - 6487040 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\NetFX_Other.msp
2008-07-29 18:05 - 2008-07-29 18:05 - 6376448 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\NetFX_Other_64.msp
2008-07-29 17:43 - 2008-07-29 17:43 - 1013248 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\prexp.msp
2008-07-29 17:45 - 2008-07-29 17:45 - 2543616 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\winforms.msp
2008-07-29 18:07 - 2008-07-29 18:07 - 2542592 ____A () C:\0d3dd0de31284b195acdb905a88e\wcu\dotNetFramework\dotNetFX20\winforms_64.msp

====== End of Folder: ======

========================= Folder: C:\df4d5a82700c30c3ffda0774ae9b2e3e ========================

2008-07-29 23:15 - 2008-07-29 23:15 - 0225490 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\baseline.dat
2008-07-29 23:15 - 2008-07-29 23:15 - 0000796 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\deffactory.dat
2008-07-29 18:47 - 2008-07-29 18:47 - 0097280 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\DeleteTemp.exe
2008-07-29 18:47 - 2008-07-29 18:47 - 0276984 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\dlmgr.dll
2008-07-30 00:23 - 2008-07-30 00:23 - 0633848 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\DW20.EXE
2008-07-30 00:23 - 2008-07-30 00:23 - 0111616 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\DWINTL20.DLL
2008-07-29 23:15 - 2008-07-29 23:15 - 0046893 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1025.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0053519 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1028.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0043814 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1029.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0041822 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1030.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0041798 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1031.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0053977 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1032.rtf
2008-07-29 16:03 - 2008-07-29 16:03 - 0110130 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1033.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0043216 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1035.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0042457 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1036.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0077913 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1037.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0044918 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1038.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0041708 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1040.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0061595 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1041.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0127418 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1042.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0040763 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1043.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0040854 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1044.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0045015 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1045.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0040995 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1046.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0074626 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1049.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0041314 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1053.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0046870 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.1055.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0051680 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.2052.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0043434 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.2070.rtf
2008-07-29 23:15 - 2008-07-29 23:15 - 0041495 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\eula.3082.rtf
2008-07-29 18:47 - 2008-07-29 18:47 - 1064448 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\gencomp.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0177152 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\HtmlLite.dll
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1025.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1028.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1029.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1030.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1031.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1032.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1035.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1036.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1037.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1038.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1040.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1041.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1042.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1043.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1044.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1045.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1046.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1049.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1053.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.1055.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.2052.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.2070.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.3082.ini
2008-07-29 23:15 - 2008-07-29 23:15 - 0016978 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\locdata.ini
2008-07-29 18:43 - 2008-07-29 18:43 - 0005208 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\logo.bmp
2008-07-29 18:47 - 2008-07-29 18:47 - 0269304 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setup.exe
2008-07-29 23:15 - 2008-07-29 23:15 - 0076356 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\setup.sdb
2008-07-29 18:47 - 2008-07-29 18:47 - 0113152 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1025.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0084992 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1028.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0125440 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1029.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0126464 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1030.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0130048 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1031.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0137728 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1032.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0122368 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1035.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0133120 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1036.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0111104 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1037.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0132096 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1038.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0128512 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1040.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0097792 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1041.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0094720 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1042.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0129024 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1043.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0121856 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1044.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0128512 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1045.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0122880 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1046.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0123904 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1049.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0121344 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1053.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0121344 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.1055.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0084480 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.2052.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0131072 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.2070.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0131584 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.3082.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0110080 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\setupres.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 1364992 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\SITSetup.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0632320 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\vs70uimgr.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0413184 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\vsbasereqs.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0689152 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\vsscenario.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 1054208 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\vs_setup.dll
2008-07-30 00:23 - 2008-07-30 00:23 - 0626688 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\vs_setup.MS_
2008-07-29 23:15 - 2008-07-29 23:15 - 0021744 ____A () C:\df4d5a82700c30c3ffda0774ae9b2e3e\vs_setup.pdi
2008-07-29 18:47 - 2008-07-29 18:47 - 0102904 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1025.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0089592 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1028.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0108536 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1029.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0108536 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1030.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0111608 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1031.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0113656 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1032.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0106488 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1035.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0112120 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1036.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0101368 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1037.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0111096 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1038.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0110072 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1040.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0095224 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1041.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0092664 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1042.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0108536 ____A (Setup) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1043.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0106488 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1044.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0109048 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1045.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0107512 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1046.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0107000 ____A (Корпорация Майкрософт) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1049.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0105976 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1053.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0106488 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.1055.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0089080 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.2052.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0110072 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.2070.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0111096 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.3082.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0107512 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapRes.dll
2008-07-29 18:47 - 2008-07-29 18:47 - 0984056 ____A (Microsoft Corporation) C:\df4d5a82700c30c3ffda0774ae9b2e3e\WapUI.dll

====== End of Folder: ======

==== End of Fixlog ====



#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:40 PM

Posted 10 September 2013 - 05:27 PM

Hello again,

Okay, glad it's booting normally. Now let's run Combofix. These steps are to be done from normal boot mode:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.

  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

After posting the new log, please let me know how the computer is running now!

bloopie



#10 Whywise

Whywise
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 11 September 2013 - 09:27 AM

The computer seems to be working fine now. I have one question. I have Security Essentials and AVG running on the machine. Do I need both, and if not, which do you recommend?

Thanks for the help and here is the log.

ComboFix 13-09-10.03 - Owner 09/11/2013 9:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.2047 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\drvrtmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PCCMSERVICE
-------\Service_pcCMService
.
.
((((((((((((((((((((((((( Files Created from 2013-08-11 to 2013-09-11 )))))))))))))))))))))))))))))))
.
.
2013-09-11 13:48 . 2013-09-11 13:48 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-09-10 21:00 . 2013-09-10 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverGenius
2013-09-10 16:20 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27747BA2-3F40-4D4C-933F-6D9AADA3B7AB}\mpengine.dll
2013-09-10 16:14 . 2013-09-10 16:14 -------- d-----w- C:\FRST
2013-09-03 20:03 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-30 00:18 . 2013-08-30 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2013-08-30 00:17 . 2013-08-30 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-08-30 00:16 . 2013-08-30 00:16 -------- d-----w- C:\df4d5a82700c30c3ffda0774ae9b2e3e
2013-08-30 00:16 . 2013-08-30 00:20 -------- d-----w- C:\0d3dd0de31284b195acdb905a88e
2013-08-30 00:09 . 2013-08-30 00:10 -------- d-----w- c:\program files\7-Zip
2013-08-30 00:09 . 2013-08-30 00:09 -------- d-----w- c:\program files\Driver-Soft
2013-08-30 00:08 . 2013-08-30 00:18 -------- d-----w- c:\program files\PC Optimizer Pro
2013-08-13 23:14 . 2013-08-13 23:14 -------- d-----w- c:\program files\Microsoft Download Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-10 17:03 . 2012-06-29 14:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-10 17:03 . 2012-06-29 14:27 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-31 19:11 . 2008-04-13 23:00 810496 ----a-w- c:\windows\system32\wmvdmod.dll
2013-07-26 02:47 . 2008-04-13 23:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47 . 2008-04-13 23:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52 . 2008-04-13 23:00 385024 ------w- c:\windows\system32\html.iec
2013-07-10 10:37 . 2008-04-13 23:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2008-04-13 23:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-19 01:50 . 2012-03-21 00:44 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2013-07-10 1508120]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-08 39408]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"AmazonMP3DownloaderHelper"="c:\documents and settings\Owner\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Starter"="c:\program files\Driver-Soft\DriverGenius\StarterW3i.exe" [2012-02-15 79728]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-6-2 688128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
.
S0 cerc6;cerc6; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/11/2013 9:48 AM 40776]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 17:03]
.
2013-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-08 18:05]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-08 18:05]
.
2013-09-11 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 22:05]
.
2013-08-30 c:\windows\Tasks\PC Optimizer Pro Scan.job
- c:\program files\PC Optimizer Pro\StartApps.exe [2013-03-05 06:58]
.
2013-09-11 c:\windows\Tasks\PC Optimizer Pro startups.job
- c:\program files\PC Optimizer Pro\StartApps.exe [2013-03-05 06:58]
.
2013-08-30 c:\windows\Tasks\PC Optimizer Pro Updates.job
- c:\program files\PC Optimizer Pro\StartApps.exe [2013-03-05 06:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-11 10:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2013-09-11 10:03:08 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-11 14:03
.
Pre-Run: 143,301,681,152 bytes free
Post-Run: 144,382,836,736 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 923335269A6D14F2EBF5FC59AFD6FDA0
8F558EB6672622401DA993E1E865C861

#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:40 PM

Posted 11 September 2013 - 01:35 PM

Hello again,
 

I have Security Essentials and AVG running on the machine. Do I need both, and if not, which do you recommend?

I do not see any evidence of AVG in either of your logs...could you please confirm that?
 
If so, I would suggest you remove AVG and keep MSE. If you don't show AVG in your add/remove programs list, but you still see it on the machine, then run the AVG Remover. You can find that here: http://www.bleepingcomputer.com/download/avg-remover-2012/
 
You don't want to have more than one Antivirus program running simultaneously.
 
==========

Aside from AVG, I do see some adware toolbars on your machine...would you like to keep your toolbars, or shall we remove them too? I've never been a big fan of toolbars but many people enjoy them.

==========

Now, let's run a script with Combofix:

Run a Combofix Script


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy the text in the codebox below, then paste it into the empty notepad:
 
ClearJavaCache::
Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

bloopie

#12 Whywise

Whywise
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 12 September 2013 - 09:08 AM

You were right, I added AVG after the last time we talked, but have since removed it.  Here is the log after the last run of combofix.

 

ComboFix 13-09-10.03 - Owner 09/12/2013   9:59.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2550.2067 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\My Documents\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-12 to 2013-09-12  )))))))))))))))))))))))))))))))
.
.
2013-09-12 13:21 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA7349AE-CD59-472B-ABE9-23F9A605FF7C}\mpengine.dll
2013-09-11 14:17 . 2013-09-11 14:17 -------- d-----w- c:\documents and settings\Owner\Application Data\TuneUp Software
2013-09-11 14:14 . 2013-09-11 14:14 -------- d-----w- c:\program files\AVG
2013-09-11 14:12 . 2013-09-12 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-09-11 14:12 . 2013-09-11 14:12 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-09-11 14:12 . 2013-09-11 14:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MFAData
2013-09-11 14:08 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-10 16:14 . 2013-09-10 16:14 -------- d-----w- C:\FRST
2013-08-30 00:18 . 2013-08-30 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2013-08-30 00:17 . 2013-08-30 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-08-30 00:16 . 2013-08-30 00:16 -------- d-----w- C:\df4d5a82700c30c3ffda0774ae9b2e3e
2013-08-30 00:16 . 2013-08-30 00:20 -------- d-----w- C:\0d3dd0de31284b195acdb905a88e
2013-08-30 00:09 . 2013-08-30 00:10 -------- d-----w- c:\program files\7-Zip
2013-08-30 00:08 . 2013-08-30 00:18 -------- d-----w- c:\program files\PC Optimizer Pro
2013-08-13 23:14 . 2013-08-13 23:14 -------- d-----w- c:\program files\Microsoft Download Manager
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))



#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:40 PM

Posted 12 September 2013 - 09:14 AM

Hello again,

 

That log is incomplete. Could you please post the complete log for me?

 

Thanks,

 

bloopie



#14 Whywise

Whywise
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 12 September 2013 - 10:22 AM

I thought I copied it all, and now I can't find it.  Do I do it again? Shouldn't it be in the same directory as Combofix?

 

ed



#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:40 PM

Posted 12 September 2013 - 10:32 AM

Hi again,

 

The log should be located on root drive... C:\Combofix.txt :)

 

bloopie






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users