Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hijackthis log review [Solved]

Started by jetface , Jun 04 2010 02:14 PM

  • This topic is locked This topic is locked

#16
jetface
Posted 08 June 2010 - 01:25 PM

jetface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
OTL logfile created on: 6/8/2010 2:23:55 PM - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\B **********\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 360.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 53.78 Gb Free Space | 72.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 433.55 Gb Free Space | 93.08% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AtHomeUser
Current User Name: B **********
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Modules (SafeList) ==========

MOD - [2010/06/08 14:22:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B **********\Desktop\OTL.exe
MOD - [2010/05/16 19:49:35 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2010/02/02 09:13:54 | 000,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2009/10/30 12:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/05/02 02:39:14 | 000,017,424 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\IMHook.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/11/29 22:41:44 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Disabled | Stopped] -- -- (CLTNetCnService)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2004/02/13 05:40:54 | 000,802,868 | ---- | M] (AHEAD Software) [On_Demand | Stopped] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/06/08 13:38:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/04/03 05:15:33 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/04/03 05:15:33 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/04/03 05:15:33 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/04/03 05:15:33 | 000,000,000 | ---D | M]
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1136886876359 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://72.16.234.152/activex/AMC.cab (AxisMediaControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://72.32.179.44/...ewer/isetup.cab (Reg Error: Key error.)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06101001.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/03 16:41:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== LOP Check ==========

[2009/05/24 05:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\17128
[2009/06/27 12:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\17290
[2009/05/02 14:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\23213
[2009/06/12 04:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\32222
[2009/06/02 03:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\337D
[2010/03/08 11:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/02/24 04:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/05/24 05:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FCB
[2004/08/04 14:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/11/17 16:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/01/28 16:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/06/08 14:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/24 04:20:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
[2010/04/02 17:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/27 16:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/28 15:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/20 07:14:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
[2010/02/24 04:20:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D14E1729-0739-4F39-B596-FFA67A704D10}
[2007/12/15 23:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B **********\Application Data\Aquatica Azure
[2010/05/27 20:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B **********\Application Data\FoxyTunes
[2010/04/21 11:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B **********\Application Data\GOOD AFTERNOON
[2005/05/31 16:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B **********\Application Data\GriffinTechnology
[2008/11/15 07:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B **********\Application Data\Hi
[2004/08/04 14:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B **********\Application Data\InterVideo
[2004/08/04 14:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B **********\Application Data\Leadertech
[2009/11/06 01:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B **********\Application Data\LimeWire
[2009/11/06 02:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B **********\Application Data\Mobipocket
[2006/12/16 06:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B **********\Application Data\Newsbin
[2007/04/30 18:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B **********\Application Data\NewsBinGN
[2009/07/13 16:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B **********\Application Data\System Tweaker
[2010/03/03 09:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B **********\Application Data\Uniblue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
  • 0

Advertisements

#17
andrewuk
Posted 08 June 2010 - 04:08 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
====STEP 1====
it appears as though you used to have Norton installed and have removed it? if this is the case then follow this step where we will remove the remainder of norton and then move into Step 2, if not let me know and move onto Step 2.

Go HERE and choose the product that is installed and then download the removal tool.
Run it and reboot.
This should get rid of Norton.


====STEP 2====
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

REGNULL::
[HKEY_USERS\S-1-5-21-484763869-861567501-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B32C36C1-7BAA-0C99-D151-A07601D76E56}*]

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{90C9629E-CD32-11D3-BBFB-00105A1F0D68}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


====STEP 3====
We will run OTL , but go for a shortened log.
  • Close all windows and open it by double clicking on the icon
  • we are targetting a selective output, hence:
    • on the left hand side, in the box titled "Processes" select none
    • on the left hand side, in the box titled "Drivers" select none
    • on the left hand side, in the box titled "Extra Registry" select none
    • on the right hand side, in the box titled "Files created within" select none
    • on the right hand side, in the box titled "Files modified within" select none
    • >>>> so, you should only have "Services", "Standard Registry" and "Modules" selected for Use Safelist
    • tick both the boxes marked Purity check and Lop check
  • Click Run Scan and let the program run uninterrupted
  • It will produce one log for you called OTL.txt. Please post that log here in reply.
  • You may need to use two posts to get it all on the forum


====STEP 4====
i would like to scan some files that i do not recognise:

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page (you may have to use the browse button):

    • C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. . . . . if the copy function does not work then copy the url link in your reply.
  • Paste the contents of the Clipboard in your next reply (you will need to paste the link onto a notepad before you do the other scans below, else the contents of your clipboard will be written over with the new links).
Could you do the same for the following files:
  • c:\windows\system32\i420vfw.dll
  • c:\windows\system32\yv12vfw.dll



In your next reply could i see:
1. the combofix log
2. the OTL log
3. the 3 virscan logs or links

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#18
jetface
Posted 09 June 2010 - 11:12 AM

jetface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
you are correct about Norton not uninstalled all the way. The fix you reference seemed to remove it completely.

ComboFix 10-06-08.03 - B ********* 06/09/2010 3:13.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.578 [GMT -5:00]
Running from: c:\documents and settings\B *********\Desktop\Malware Repair Tools\ComboFix.exe
Command switches used :: c:\documents and settings\B *********\Desktop\Malware Repair Tools\CFScript.txt
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.

2010-06-09 08:03 . 2010-06-09 08:03 411712 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-09 07:23 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-04 20:02 . 2010-06-04 20:02 -------- d-----w- c:\documents and settings\B *********\log
2010-06-04 17:02 . 2010-06-04 17:04 -------- dc-h--w- c:\windows\ie8
2010-05-28 01:31 . 2010-05-28 01:31 -------- d-----w- c:\documents and settings\B *********\Local Settings\Application Data\Yahoo!
2010-05-28 01:21 . 2010-05-28 01:21 -------- d-----w- c:\program files\MiniLyrics
2010-05-28 01:00 . 2010-05-28 01:00 -------- d-----w- c:\documents and settings\B *********\Application Data\FoxyTunes
2010-05-28 01:00 . 2010-05-28 01:00 -------- d-----w- c:\program files\FoxyTunes
2010-05-17 00:41 . 2010-02-02 14:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-05-17 00:41 . 2010-02-02 14:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-05-17 00:41 . 2010-02-02 14:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-05-15 07:41 . 2010-05-15 07:41 -------- d-----w- c:\program files\iTunes
2010-05-15 07:40 . 2010-04-16 13:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-05-15 07:40 . 2010-04-16 13:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-05-15 07:40 . 2010-05-15 07:40 -------- d-----w- c:\program files\Bonjour
2010-05-15 07:39 . 2010-05-15 07:41 -------- d-----w- c:\program files\Common Files\Apple
2010-05-13 20:28 . 2010-05-13 20:28 -------- d-----w- c:\documents and settings\B *********_2\Local Settings\Application Data\Threat Expert
2010-05-13 20:28 . 2010-05-13 20:28 -------- d-sh--w- c:\documents and settings\B *********_2\PrivacIE
2010-05-13 20:28 . 2010-05-13 20:28 -------- d-----w- c:\documents and settings\B *********_2\Local Settings\Application Data\Yahoo
2010-05-13 20:28 . 2010-05-13 20:28 -------- d-----w- c:\documents and settings\B *********_2\Application Data\Yahoo!
2010-05-13 20:27 . 2010-05-13 20:27 -------- d-----w- c:\documents and settings\B *********_2\Local Settings\Application Data\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 08:22 . 2006-12-17 07:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-09 08:04 . 2004-08-24 21:22 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-00531102}.dat
2010-06-09 08:04 . 2004-08-24 21:22 384 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000B-00001102-00000004-00531102}.dat
2010-06-09 07:55 . 2004-08-04 18:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-08 19:36 . 2010-04-02 22:38 -------- d-----w- c:\program files\QuickTime
2010-06-08 16:14 . 2005-05-31 21:18 -------- d-----w- c:\program files\Griffin Technology
2010-06-08 02:16 . 2010-01-17 14:56 763832 ----a-w- c:\windows\BDTSupport.dll
2010-06-08 01:49 . 2009-07-14 05:05 -------- d-----w- c:\program files\Spyware Doctor
2010-06-08 00:21 . 2010-01-17 14:56 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-06-07 17:13 . 2004-08-03 21:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-04 17:19 . 2009-03-26 23:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 17:04 . 2005-09-04 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-02 05:00 . 2004-08-05 07:53 -------- d-----w- c:\program files\PokerStars
2010-05-28 01:08 . 2004-08-27 10:25 -------- d-----w- c:\documents and settings\B *********\Application Data\Yahoo!
2010-05-26 08:14 . 2009-07-14 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-15 07:41 . 2006-01-31 08:44 -------- d-----w- c:\program files\iPod
2010-05-15 07:40 . 2006-12-17 10:46 -------- d-----w- c:\program files\Apple Software Update
2010-05-13 20:27 . 2007-10-04 22:19 -------- d-----w- c:\program files\Common Files\Logitech
2010-05-13 20:25 . 2010-05-13 20:25 -------- d-----w- c:\documents and settings\B *********_2\Application Data\Apple Computer
2010-05-13 20:25 . 2010-05-13 20:25 -------- d-----w- c:\documents and settings\B *********_2\Application Data\Logitech
2010-05-13 20:25 . 2010-05-13 20:25 -------- d-----w- c:\documents and settings\B *********_2\Application Data\Share-to-Web Upload Folder
2010-05-13 20:25 . 2010-05-13 20:25 74056 ----a-w- c:\documents and settings\B *********_2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-07 02:05 . 2009-08-15 08:44 -------- d-----w- c:\program files\SQLite ODBC Driver
2010-05-06 10:41 . 2004-02-07 00:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-24 23:33 . 2010-04-24 23:33 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe
2010-04-21 16:05 . 2010-04-21 16:05 -------- d-----w- c:\documents and settings\B *********\Application Data\GOOD AFTERNOON
2010-04-20 05:30 . 2002-08-29 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 19:29 . 2009-07-14 05:05 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-29 15:06 . 2009-07-14 05:05 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-27 00:31 . 2010-03-27 00:31 666112 ----a-w- c:\documents and settings\B *********\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306hw-1003220-0-main.dll
2010-03-12 18:31 . 2010-03-12 18:31 144160 ----a-w- c:\documents and settings\B *********\Application Data\Move Networks\uninstall.exe
2010-03-12 18:31 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\B *********\Application Data\Move Networks\plugins\npqmp071505000011.dll
2005-05-13 23:12 . 2005-05-13 23:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 17:13 . 2005-10-24 17:13 66560 --sha-r- c:\windows\MOTA113.exe
2002-08-29 12:00 . 2002-08-29 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 . 2002-08-29 12:00 50688 --sh--w- c:\windows\twain_32.dll
2005-10-14 03:27 . 2005-10-14 03:27 422400 --sha-r- c:\windows\x2.64.exe
2005-10-08 01:14 . 2005-10-08 01:14 308224 --sha-r- c:\windows\system32\avisynth.dll
2005-07-14 18:31 . 2005-07-14 18:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 21:32 . 2005-06-26 21:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 04:37 . 2005-06-22 04:37 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-25 06:00 . 2004-01-25 06:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2008-04-14 00:12 . 2002-08-29 12:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2002-08-29 12:00 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2002-08-29 12:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2002-08-29 12:00 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 . 2002-08-29 12:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
2006-04-27 16:24 . 2006-04-27 16:24 2945024 --sha-r- c:\windows\system32\Smab.dll
2005-02-28 19:16 . 2005-02-28 19:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 06:00 . 2004-01-25 06:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
2009-07-14 05:35 . 2009-07-14 04:37 9658400 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-06-08_18.39.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-09 08:05 . 2010-06-09 08:05 16384 c:\windows\Temp\Perflib_Perfdata_c0.dat
+ 2002-08-29 12:00 . 2010-06-09 08:09 84536 c:\windows\system32\perfc009.dat
+ 2009-11-06 03:17 . 2009-11-06 03:17 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2006-10-17 18:33 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-10-17 18:33 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
- 2002-08-29 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2002-08-29 12:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
- 2009-06-10 07:32 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-10 07:32 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
- 2007-05-09 00:20 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 00:20 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-05-10 05:22 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-03 21:43 . 2010-06-09 07:27 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-08-03 21:43 . 2010-06-09 07:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-08-03 21:43 . 2010-02-11 04:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-06-09 07:27 . 2010-06-09 07:27 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-03 21:43 . 2010-02-11 04:47 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2002-08-29 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-04-01 16:42 . 2010-04-01 16:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 00:19 . 2003-02-21 00:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2004-08-04 19:13 . 2010-06-09 07:51 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2004-08-04 19:13 . 2010-05-12 13:56 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2004-08-04 19:13 . 2010-06-09 07:51 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2004-08-04 19:13 . 2010-05-12 13:56 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2004-08-04 19:13 . 2010-06-09 07:51 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2004-08-04 19:13 . 2010-05-12 13:56 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2004-08-04 19:13 . 2010-06-09 07:51 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2004-08-04 19:13 . 2010-05-12 13:56 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2004-08-04 19:13 . 2010-06-09 07:51 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2004-08-04 19:13 . 2010-05-12 13:56 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-06-09 07:47 . 2010-06-09 07:47 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-04-14 15:19 . 2010-04-14 15:19 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-09 07:44 . 2010-02-25 06:24 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-09 07:44 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-09 07:44 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-06-09 07:48 . 2010-06-09 07:48 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_37497767\System.Drawing.Design.dll
+ 2010-06-09 07:48 . 2010-06-09 07:48 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_d855f61f\CustomMarshalers.dll
+ 2010-06-09 07:38 . 2010-06-09 07:38 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe
+ 2010-06-09 07:40 . 2010-06-09 07:40 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-09 07:38 . 2010-06-09 07:38 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-08-15 18:04 . 2009-08-15 18:04 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-02-23 03:11 . 2010-02-23 03:11 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-09 07:48 . 2010-06-09 07:48 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2004-08-04 19:13 . 2010-05-12 13:56 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2004-08-04 19:13 . 2010-06-09 07:51 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-02-23 03:10 . 2010-02-23 03:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-02-23 03:11 . 2010-02-23 03:11 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2002-08-29 12:00 . 2010-06-09 08:09 474532 c:\windows\system32\perfh009.dat
+ 2002-08-29 12:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
- 2002-08-29 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
- 2002-08-29 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2002-08-29 12:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2006-10-17 18:33 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
- 2002-08-29 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2002-08-29 12:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
+ 2002-08-29 12:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
- 2002-08-29 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
- 2002-08-29 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2002-08-29 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-03 16:11 . 2010-02-23 05:55 278152 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-03 16:11 . 2010-06-09 08:05 278152 c:\windows\system32\FNTCACHE.DAT
- 2006-05-10 05:23 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-05-10 05:23 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-10-17 18:04 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 18:04 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
- 2006-05-10 05:23 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:23 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-05-09 00:20 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-10 07:32 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-10 07:32 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-05-10 05:22 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-05-10 05:22 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-10-17 18:01 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-10-17 18:01 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-10-17 18:00 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-10-17 18:00 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 17:22 . 2010-02-09 17:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 19:49 . 2010-03-31 19:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-02-25 05:14 . 2010-02-25 05:14 543232 c:\windows\Installer\2929293.msp
- 2004-08-04 19:13 . 2010-05-12 13:56 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2004-08-04 19:13 . 2010-06-09 07:51 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2004-08-04 19:13 . 2010-05-12 13:56 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2004-08-04 19:13 . 2010-06-09 07:51 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2004-08-04 19:13 . 2010-05-12 13:56 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2004-08-04 19:13 . 2010-06-09 07:51 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2004-08-04 19:13 . 2010-05-12 13:56 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2004-08-04 19:13 . 2010-06-09 07:51 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2004-08-04 19:13 . 2010-05-12 13:56 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2004-08-04 19:13 . 2010-06-09 07:51 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-06-09 07:44 . 2010-02-25 06:24 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-09 07:44 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-09 07:44 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-09 07:44 . 2010-02-25 06:24 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-09 07:44 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-09 07:44 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-09 07:44 . 2010-02-25 06:24 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-09 07:44 . 2010-02-25 06:24 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-09 07:44 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-09 07:44 . 2010-02-25 06:24 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-09 07:44 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-06-09 07:49 . 2010-06-09 07:49 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_761844cd\System.Drawing.dll
+ 2010-06-09 07:49 . 2010-06-09 07:49 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_a2cb15f1\System.Drawing.Design.dll
+ 2010-06-09 07:49 . 2010-06-09 07:49 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_67fa7f25\CustomMarshalers.dll
+ 2010-06-09 07:44 . 2010-06-09 07:44 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7c702f75d47bf841b9587e582c2d0b2\WindowsFormsIntegration.ni.dll
+ 2010-06-09 07:43 . 2010-06-09 07:43 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\3a78043c85333d5af49a0d958912ae4a\UIAutomationClient.ni.dll
+ 2010-06-09 07:43 . 2010-06-09 07:43 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-09 07:42 . 2010-06-09 07:42 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-09 07:39 . 2010-06-09 07:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-09 07:39 . 2010-06-09 07:39 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-06-09 07:39 . 2010-06-09 07:39 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-09 07:42 . 2010-06-09 07:42 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll
+ 2010-06-09 07:42 . 2010-06-09 07:42 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-09 07:42 . 2010-06-09 07:42 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-09 07:43 . 2010-06-09 07:43 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-09 07:43 . 2010-06-09 07:43 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-09 07:39 . 2010-06-09 07:39 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-06-09 07:39 . 2010-06-09 07:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-09 07:43 . 2010-06-09 07:43 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll
+ 2010-06-09 07:43 . 2010-06-09 07:43 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad524016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll
+ 2010-06-09 07:43 . 2010-06-09 07:43 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll
+ 2010-06-09 07:43 . 2010-06-09 07:43 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll
+ 2010-06-09 07:40 . 2010-06-09 07:40 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-09 07:38 . 2010-06-09 07:38 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-09 07:38 . 2010-06-09 07:38 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-02-23 03:11 . 2010-02-23 03:11 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-02-23 03:11 . 2010-02-23 03:11 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-02-23 03:11 . 2010-02-23 03:11 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-02-23 03:11 . 2010-02-23 03:11 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-08-15 18:04 . 2009-08-15 18:04 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-06-09 07:38 . 2010-06-09 07:38 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-02-23 03:11 . 2010-02-23 03:11 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2004-08-04 18:58 . 2010-04-06 09:52 2462720 c:\windows\system32\WMVCore.dll
- 2004-01-21 22:20 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
+ 2004-01-21 22:20 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
- 2004-08-04 15:17 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2004-08-04 15:17 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
+ 2004-07-07 23:37 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
- 2006-10-17 17:57 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2006-10-17 17:57 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2004-08-04 18:58 . 2010-04-06 09:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-10-14 19:44 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
- 2006-05-10 05:23 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-10 05:23 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:12 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2006-05-19 15:08 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 00:20 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2007-05-09 00:20 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-05-03 21:27 . 2010-05-03 21:27 6825472 c:\windows\Installer\2929326.msp
+ 2010-05-03 21:11 . 2010-05-03 21:11 4149760 c:\windows\Installer\29292eb.msp
+ 2010-05-05 03:25 . 2010-05-05 03:25 7681024 c:\windows\Installer\29292d7.msp
+ 2010-05-10 22:17 . 2010-05-10 22:17 5520896 c:\windows\Installer\29292c3.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 2607104 c:\windows\Installer\29292a0.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 4210688 c:\windows\Installer\292929f.msp
+ 2010-04-24 22:10 . 2010-04-24 22:10 8486400 c:\windows\Installer\2929286.msp
+ 2010-05-03 21:06 . 2010-05-03 21:06 5053952 c:\windows\Installer\292927d.msp
+ 2010-06-09 07:44 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-09 07:44 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-09 07:44 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-06-09 07:49 . 2010-06-09 07:49 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_3af0ff05\System.dll
+ 2010-06-09 07:48 . 2010-06-09 07:48 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_13db8917\System.dll
+ 2010-06-09 07:49 . 2010-06-09 07:49 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b99f1816\System.Xml.dll
+ 2010-06-09 07:49 . 2010-06-09 07:49 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_692dc3df\System.Xml.dll
+ 2010-06-09 07:48 . 2010-06-09 07:48 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_adf8b103\System.Windows.Forms.dll
+ 2010-06-09 07:49 . 2010-06-09 07:49 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_4f5ee81e\System.Windows.Forms.dll
+ 2010-06-09 07:49 . 2010-06-09 07:49 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_4f89c06a\System.Drawing.dll
+ 2010-06-09 07:49 . 2010-06-09 07:49 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2e6a2660\System.Design.dll
+ 2010-06-09 07:49 . 2010-06-09 07:49 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2bf3bab9\System.Design.dll
+ 2010-06-09 07:49 . 2010-06-09 07:49 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5d510519\mscorlib.dll
+ 2010-06-09 07:49 . 2010-06-09 07:49 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0d262159\mscorlib.dll
+ 2010-06-09 07:40 . 2010-06-09 07:40 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll
+ 2010-06-09 07:43 . 2010-06-09 07:43 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\48b66876f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll
+ 2010-06-09 07:38 . 2010-06-09 07:38 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-09 07:39 . 2010-06-09 07:39 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-09 07:42 . 2010-06-09 07:42 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-09 07:42 . 2010-06-09 07:42 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\161b423dc4e86e569af019e838d39de5\System.Printing.ni.dll
+ 2010-06-09 07:39 . 2010-06-09 07:39 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-09 07:42 . 2010-06-09 07:42 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-09 07:40 . 2010-06-09 07:40 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-09 07:42 . 2010-06-09 07:42 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-09 07:39 . 2010-06-09 07:39 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-09 07:43 . 2010-06-09 07:43 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f249a2dbc8dcb91860d0997c163c73ff\System.Data.OracleClient.ni.dll
+ 2010-06-09 07:43 . 2010-06-09 07:43 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-09 07:43 . 2010-06-09 07:43 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-09 07:41 . 2010-06-09 07:41 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\fc373f0a8dbd173c63b6b95551b1c673\ReachFramework.ni.dll
+ 2010-06-09 07:41 . 2010-06-09 07:41 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ead93b6a4f0101cb99d09f3e3fc6491c\PresentationUI.ni.dll
+ 2010-06-09 07:40 . 2010-06-09 07:40 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-02-23 03:11 . 2010-02-23 03:11 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-09 07:38 . 2010-06-09 07:38 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-02-23 03:10 . 2010-02-23 03:10 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-02-23 03:11 . 2010-02-23 03:11 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-02-23 03:11 . 2010-02-23 03:11 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-09 07:37 . 2010-06-09 07:37 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-10-16 08:57 . 2009-10-16 08:57 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-06-09 07:48 . 2010-06-09 07:48 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-16 08:57 . 2009-10-16 08:57 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-09 07:48 . 2010-06-09 07:48 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2005-05-11 17:32 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe
+ 2006-10-17 18:33 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2007-05-09 00:20 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-03 00:29 . 2010-04-03 00:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-05-11 16:30 . 2010-05-11 16:30 11194880 c:\windows\Installer\292933a.msp
+ 2010-04-02 17:30 . 2010-04-02 17:30 17456640 c:\windows\Installer\2929313.msp
+ 2010-04-24 22:09 . 2010-04-24 22:09 11750912 c:\windows\Installer\29292f4.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 14599680 c:\windows\Installer\29292af.msp
+ 2010-06-09 07:44 . 2010-02-25 16:54 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-06-09 07:39 . 2010-06-09 07:39 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-09 07:42 . 2010-06-09 07:42 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-09 07:43 . 2010-06-09 07:43 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-09 07:41 . 2010-06-09 07:41 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ca898d942e4d85af4c3d5f14a77c359a\PresentationFramework.ni.dll
+ 2010-06-09 07:40 . 2010-06-09 07:40 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89d7afa8885c2a326379f03\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

c:\documents and settings\B *********\Start Menu\Programs\Startup\
radioSHARK.lnk - c:\program files\Griffin Technology\radioSHARK\radioSHARK.exe [2007-12-20 1568768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]
HPAiODevice(hp officejet 7100 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2003-6-24 495682]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-13 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Smart Wizard Wireless Settings.lnk]
backup=c:\windows\pss\Smart Wizard Wireless Settings.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^B *********^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^B *********^Start Menu^Programs^Startup^Setup.LNK]
backup=c:\windows\pss\Setup.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-09-13 02:10 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2004-02-13 10:40 1241138 ------w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-06-01 02:35 1287120 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-24 22:54 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 08:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-04-29 21:59 5248312 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2004-02-13 10:41 155648 ----a-r- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
2009-12-09 14:36 866200 ----a-w- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 10:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"YahooAUService"=2 (0x2)
"Symantec RemoteAssist"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Documents and Settings\\B *********\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57005:TCP"= 57005:TCP:PS2
"57005:UDP"= 57005:UDP:PS2
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/14/2009 12:05 AM 218592]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [5/16/2010 7:41 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [5/16/2010 7:41 PM 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [7/14/2009 12:06 AM 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/17/2010 9:56 AM 112592]
R3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [4/23/2007 4:49 PM 347648]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [7/14/2009 12:05 AM 63360]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [12/5/2008 3:56 PM 39704]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/14/2009 12:05 AM 366840]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [5/16/2010 7:41 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2004-11-24 c:\windows\Tasks\HPFRU Task 2003-06-24 19:40ewlett-Packard2003-06-24 19:40p officejet 7100 series2889F2163A36016833EE17BCE444564664912314093381545.job
- c:\program files\Hewlett-Packard\AiO\Shared\bin\hpqfrucl.exe [2003-06-25 06:10]
.
.
------- Supplementary Scan -------
.
uStart Page = yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 03:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-861567501-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(748)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\WININET.dll
c:\docume~1\BW~1\LOCALS~1\Temp\catchme.dll
c:\program files\Logitech\SetPoint\IMHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\btmmhook.dll
.
Completion time: 2010-06-09 03:27:16
ComboFix-quarantined-files.txt 2010-06-09 08:26
ComboFix2.txt 2010-06-08 19:00

Pre-Run: 56,685,793,280 bytes free
Post-Run: 56,828,452,864 bytes free

- - End Of File - - 0EF8415CC458DE1CDD987E1EFF70C77E
  • 0

#19
jetface
Posted 09 June 2010 - 11:14 AM

jetface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
OTL logfile created on: 6/9/2010 12:13:35 PM - Run 3
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\B ********\Desktop\Malware Repair Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 598.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 52.92 Gb Free Space | 71.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 433.55 Gb Free Space | 93.08% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AtHomeUser
Current User Name: B ********
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Modules (SafeList) ==========

MOD - [2010/06/08 14:22:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B ********\Desktop\Malware Repair Tools\OTL.exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/05/02 02:39:14 | 000,017,424 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\IMHook.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/11/29 22:41:44 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2003/10/06 14:57:50 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2004/02/13 05:40:54 | 000,802,868 | ---- | M] (AHEAD Software) [On_Demand | Stopped] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/06/08 13:38:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\B ********\Start Menu\Programs\Startup\radioSHARK.lnk = C:\Program Files\Griffin Technology\radioSHARK\radioSHARK.exe (Griffin Technology)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/04/03 05:15:33 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/04/03 05:15:33 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/04/03 05:15:33 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/04/03 05:15:33 | 000,000,000 | ---D | M]
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1136886876359 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://72.16.234.152/activex/AMC.cab (AxisMediaControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/03 16:41:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== LOP Check ==========

[2009/05/24 05:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\17128
[2009/06/27 12:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\17290
[2009/05/02 14:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\23213
[2009/06/12 04:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\32222
[2009/06/02 03:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\337D
[2010/03/08 11:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/02/24 04:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/05/24 05:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FCB
[2004/08/04 14:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/11/17 16:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/01/28 16:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/06/09 12:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/24 04:20:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
[2010/04/02 17:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/27 16:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/28 15:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/20 07:14:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
[2010/02/24 04:20:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D14E1729-0739-4F39-B596-FFA67A704D10}
[2007/12/15 23:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B ********\Application Data\Aquatica Azure
[2010/05/27 20:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B ********\Application Data\FoxyTunes
[2010/04/21 11:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B ********\Application Data\GOOD AFTERNOON
[2005/05/31 16:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B ********\Application Data\GriffinTechnology
[2008/11/15 07:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B ********\Application Data\Hi
[2004/08/04 14:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B ********\Application Data\InterVideo
[2004/08/04 14:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B ********\Application Data\Leadertech
[2009/11/06 01:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B ********\Application Data\LimeWire
[2009/11/06 02:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B ********\Application Data\Mobipocket
[2006/12/16 06:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B ********\Application Data\Newsbin
[2007/04/30 18:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B ********\Application Data\NewsBinGN
[2009/07/13 16:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B ********\Application Data\System Tweaker
[2010/03/03 09:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B ********\Application Data\Uniblue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
  • 0

#20
jetface
Posted 09 June 2010 - 11:59 AM

jetface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
VirSCAN.org Scanned Report :
Scanned time : 2010/06/09 12:56:13 (CDT)
Scanner results: Scanners did not find malware!
File Name : hpogrp07.exe
File Size : 495682 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 00b2647a3eeffc116e329d6971aeb8c6
SHA1 : 8b9549676a6f170c86b4441e6b8cc022ff084902
Online report : http://virscan.org/r...28c740900b.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.11 20100609145854 2010-06-09 3.84 -
AhnLab V3 2010.06.10.00 2010.06.10 2010-06-10 1.22 -
AntiVir 8.2.2.6 7.10.8.30 2010-06-09 0.26 -
Antiy 2.0.18 20100602.4613711 2010-06-02 0.02 -
Arcavir 2009 201006091342 2010-06-09 0.09 -
Authentium 5.1.1 201006091113 2010-06-09 1.80 -
AVAST! 4.7.4 100609-1 2010-06-09 0.03 -
AVG 8.5.793 271.1.1/2927 2010-06-09 0.26 -
BitDefender 7.90123.6165280 7.32126 2010-06-10 4.04 -
ClamAV 0.96.1 11164 2010-06-09 0.21 -
Comodo 3.13.579 5041 2010-06-09 0.92 -
CP Secure 1.3.0.5 2010.06.09 2010-06-09 0.10 -
Dr.Web 5.0.2.3300 2010.06.10 2010-06-10 7.95 -
F-Prot 4.4.4.56 20100609 2010-06-09 1.82 -
F-Secure 7.02.73807 2010.06.09.03 2010-06-09 0.25 -
Fortinet 4.1.133 12.35 2010-06-09 0.18 -
GData 21.325/21.108 20100609 2010-06-09 6.98 -
ViRobot 20100609 2010.06.09 2010-06-09 0.36 -
Ikarus T3.1.01.84 2010.06.09.76032 2010-06-09 13.30 -
JiangMin 13.0.900 2010.06.09 2010-06-09 1.23 -
Kaspersky 5.5.10 2010.06.09 2010-06-09 0.14 -
KingSoft 2009.2.5.15 2010.6.9.18 2010-06-09 0.63 -
McAfee 5400.1158 6006 2010-06-07 18.22 -
Microsoft 1.5802 2010.06.09 2010-06-09 6.55 -
Norman 6.04.12 6.04.00 2010-06-07 6.01 -
Panda 9.05.01 2010.06.09 2010-06-09 4.19 -
Trend Micro 9.120-1004 7.228.08 2010-06-09 0.04 -
Quick Heal 10.00 2010.06.09 2010-06-09 1.85 -
Rising 20.0 22.51.02.03 2010-06-09 1.23 -
Sophos 3.07.1 4.54 2010-06-10 3.43 -
Sunbelt 3.9.2424.2 6423 2010-06-09 7.48 -
Symantec 1.3.0.24 20100608.004 2010-06-08 0.06 -
nProtect 20100609.02 8604465 2010-06-09 8.05 -
The Hacker 6.5.2.0 v00296 2010-06-08 0.33 -
VBA32 3.12.12.5 20100608.2014 2010-06-08 2.74 -
VirusBuster 4.5.11.10 10.126.73/2034429 2010-06-09 2.66 -
  • 0

#21
jetface
Posted 09 June 2010 - 01:21 PM

jetface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I could not locate the following files, perhaps they got deleted in an earlier step?

•c:\windows\system32\i420vfw.dll
•c:\windows\system32\yv12vfw.dll
  • 0

#22
andrewuk
Posted 09 June 2010 - 04:51 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
in this post we will do some general scans to clear out the remnants and ensure nothing else sneaked onto your machine.

the scans will likely take 4 hours, quite possibly much longer. so just let them run.

we will also update your java


====STEP 1====
Run OTL.exe by double clicking the icon on your desktop
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the log that it produces

====STEP 2====
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page (you may have to use the browse button):

    • C:\Program Files\Griffin Technology\radioSHARK\radioSHARK.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. . . . . if the copy function does not work then copy the url link in your reply.
  • Paste the contents of the Clipboard in your next reply (you will need to paste the link onto a notepad before you do the other scans below, else the contents of your clipboard will be written over with the new links).

====STEP 3====
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :comment
Make sure you copy *all* the text in this codebox.
:filefind
*i420vfw.dll*
*yv12vfw.dll*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



====STEP 4====
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


====STEP 5====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


====STEP 6====
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

====STEP 7====
Upgrading Java
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 20 .
  • Click the JDK 6 Update 20 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u20-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u20-windows-i586.exe and select "Run as an Administrator.")
====STEP 8====
Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post)

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java if required:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 20 .
  • Click the JDK 6 Update 20 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u20-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u20-windows-i586.exe and select "Run as an Administrator.")
In your next reply could i see:
1. the OTL log
2. the Virscan log or link
3. the systemlook.txt log
4. the malwarebytes log
5. the superantispyware log
6. the kaspersky log
7. some idea of how your machine is running now

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#23
jetface
Posted 09 June 2010 - 06:48 PM

jetface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User:
->Temp folder emptied: 2598101 bytes
->Temporary Internet Files folder emptied: 33002267 bytes
->Java cache emptied: 133970451 bytes
->Flash cache emptied: 4290952 bytes

User: _2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 405 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33597 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1160903 bytes
%systemroot%\System32 .tmp files removed: 3621905 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 3780343 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 174.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User:
->Flash cache emptied: 0 bytes

User: _2
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

User: postgres

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06092010_182028

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\\Local Settings\Temp\fla6A.tmp not found!
C:\Documents and Settings\\Local Settings\Temp\~DF8541.tmp moved successfully.
C:\Documents and Settings\\Local Settings\Temp\~DFDD29.tmp moved successfully.
C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\V0PPSU8V\iframe[1].htm moved successfully.
C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\RLSYH8LQ\pixel[1].gif moved successfully.
C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\QKOUUV7R\hijackthis-log-review-t278650[1].html&st=15 moved successfully.
C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\DQ1DY7PW\iframe[1].htm moved successfully.
C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\3FK09R3J\sports_yahoo_com[1].txt moved successfully.
C:\Documents and Settings\\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Edited by jetface, 09 June 2010 - 09:06 PM.

  • 0

#24
jetface
Posted 09 June 2010 - 06:53 PM

jetface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
VirSCAN.org Scanned Report :
Scanned time : 2010/06/09 19:50:23 (CDT)
Scanner results: Scanners did not find malware!
File Name : radioSHARK.exe
File Size : 1568768 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 44b1110e6d537eda802c4cbd8691f300
SHA1 : b5a08a09b34f6e01ccda29ecc60c21d2ae557b8d
Online report : http://virscan.org/r...0b75c6def0.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.11 20100610053142 2010-06-10 0.44 -
AhnLab V3 2010.06.10.00 2010.06.10 2010-06-10 1.43 -
AntiVir 8.2.2.6 7.10.8.30 2010-06-09 0.26 -
Antiy 2.0.18 20100602.4613711 2010-06-02 0.02 -
Arcavir 2009 201006091342 2010-06-09 0.06 -
Authentium 5.1.1 201006091113 2010-06-09 1.37 -
AVAST! 4.7.4 100609-1 2010-06-09 0.06 -
AVG 8.5.793 271.1.1/2928 2010-06-10 0.24 -
BitDefender 7.90123.6165507 7.32130 2010-06-10 3.91 -
ClamAV 0.96.1 11168 2010-06-10 0.53 -
Comodo 3.13.579 5044 2010-06-09 1.16 -
CP Secure 1.3.0.5 2010.06.10 2010-06-10 0.42 -
Dr.Web 5.0.2.3300 2010.06.10 2010-06-10 7.91 -
F-Prot 4.4.4.56 20100609 2010-06-09 1.43 -
F-Secure 7.02.73807 2010.06.09.05 2010-06-09 0.36 -
Fortinet 4.1.133 12.36 2010-06-09 0.21 -
GData 21.325/21.108 20100609 2010-06-09 6.92 -
ViRobot 20100609 2010.06.09 2010-06-09 0.38 -
Ikarus T3.1.01.84 2010.06.09.76035 2010-06-09 6.77 -
JiangMin 13.0.900 2010.06.09 2010-06-09 1.21 -
Kaspersky 5.5.10 2010.06.09 2010-06-09 0.09 -
KingSoft 2009.2.5.15 2010.6.9.18 2010-06-09 0.65 -
McAfee 5400.1158 6008 2010-06-09 16.70 -
Microsoft 1.5802 2010.06.10 2010-06-10 6.75 -
Norman 6.04.12 6.04.00 2010-06-09 4.01 -
Panda 9.05.01 2010.06.09 2010-06-09 2.63 -
Trend Micro 9.120-1004 7.228.21 2010-06-09 0.05 -
Quick Heal 10.00 2010.06.09 2010-06-09 3.29 -
Rising 20.0 22.51.02.03 2010-06-09 0.78 -
Sophos 3.07.1 4.54 2010-06-10 3.40 -
Sunbelt 3.9.2424.2 6427 2010-06-09 9.38 -
Symantec 1.3.0.24 20100609.003 2010-06-09 0.07 -
nProtect 20100609.02 8604465 2010-06-09 8.67 -
The Hacker 6.5.2.0 v00296 2010-06-08 0.38 -
VBA32 3.12.12.5 20100608.2014 2010-06-08 2.78 -
VirusBuster 4.5.11.10 10.126.74/2035073 2010-06-10 2.96 -
  • 0

#25
jetface
Posted 09 June 2010 - 07:01 PM

jetface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I selected show hidden files and still could not find the below files in C:\WINDOWS\system32 via windows explorer or find files option within in Windows.



SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:55 on 09/06/2010 by (Administrator - Elevation successful)

========== filefind ==========

Searching for "*i420vfw.dll*"
C:\WINDOWS\system32\i420vfw.dll -rahs- 70656 bytes [06:00 25/01/2004] [06:00 25/01/2004] F4D500D9ADC17058F2A8C31F01FDE592

Searching for "*yv12vfw.dll*"
C:\WINDOWS\system32\yv12vfw.dll -rahs- 70656 bytes [06:00 25/01/2004] [06:00 25/01/2004] 7029A7634C8DFA8EE619E79B1B9A378F

-=End Of File=-

Edited by jetface, 09 June 2010 - 09:09 PM.

  • 0

Advertisements

#26
jetface
Posted 09 June 2010 - 08:54 PM

jetface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4184

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/9/2010 9:50:42 PM
mbam-log-2010-06-09 (21-50-42).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 239806
Time elapsed: 1 hour(s), 32 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#27
jetface
Posted 09 June 2010 - 10:13 PM

jetface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/09/2010 at 11:06 PM

Application Version : 4.38.1004

Core Rules Database Version : 5055
Trace Rules Database Version: 2867

Scan type : Complete Scan
Total Scan Time : 02:37:00

Memory items scanned : 535
Memory threats detected : 0
Registry items scanned : 5991
Registry threats detected : 2
File items scanned : 101014
File threats detected : 1

Trojan.NewDotNet
HKU\.DEFAULT\Software\New.net
HKU\S-1-5-18\Software\New.net

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE
  • 0

#28
jetface
Posted 09 June 2010 - 10:26 PM

jetface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I removed (deleted) the following from 2 entries from quarantine:

Trojan.NewDotNet
HKU\.DEFAULT\Software\New.net
HKU\S-1-5-18\Software\New.net


As for Bearshare I kept it and did the following VirSCAN for your review:

VirSCAN.org Scanned Report :
Scanned time : 2010/06/09 23:24:18 (CDT)
Scanner results: Scanners did not find malware!
File Name : BearShare.exe
File Size : 17758136 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 2c95faafece59f19ad3553c2d65d18e3
SHA1 : f00424b449fe07c52dad317a9c7d8154bce2e2d4
Online report : http://virscan.org/r...d7a8718fb3.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.11 20100610053142 2010-06-10 1.72 -
AhnLab V3 2010.06.10.01 2010.06.10 2010-06-10 1.40 -
AntiVir 8.2.2.6 7.10.8.30 2010-06-09 0.26 -
Antiy 2.0.18 20100610.4733733 2010-06-10 0.12 -
Arcavir 2009 201006091342 2010-06-09 0.11 -
Authentium 5.1.1 201006092128 2010-06-09 2.83 -
AVAST! 4.7.4 100609-1 2010-06-09 0.99 -
AVG 8.5.793 271.1.1/2928 2010-06-10 0.41 -
BitDefender 7.90123.6165550 7.32134 2010-06-10 4.01 -
ClamAV 0.96.1 11170 2010-06-10 2.73 -
Comodo 3.13.579 5047 2010-06-10 0.94 -
CP Secure 1.3.0.5 2010.06.10 2010-06-10 1.39 -
Dr.Web 5.0.2.3300 2010.06.10 2010-06-10 9.90 -
F-Prot 4.4.4.56 20100609 2010-06-09 2.66 -
F-Secure 7.02.73807 2010.06.09.05 2010-06-09 0.23 -
Fortinet 4.1.133 12.36 2010-06-09 0.34 -
GData 21.326/21.108 20100610 2010-06-10 7.22 -
ViRobot 20100609 2010.06.09 2010-06-09 0.37 -
Ikarus T3.1.01.84 2010.06.10.76036 2010-06-10 7.70 -
JiangMin 13.0.900 2010.06.09 2010-06-09 1.36 -
Kaspersky 5.5.10 2010.06.10 2010-06-10 0.09 -
KingSoft 2009.2.5.15 2010.6.9.18 2010-06-09 0.61 -
McAfee 5400.1158 6008 2010-06-09 16.92 -
Microsoft 1.5802 2010.06.10 2010-06-10 7.28 -
Norman 6.04.12 6.04.00 2010-06-09 6.01 -
Panda 9.05.01 2010.06.09 2010-06-09 2.48 -
Trend Micro 9.120-1004 7.228.21 2010-06-09 0.23 -
Quick Heal 10.00 2010.06.10 2010-06-10 7.36 -
Rising 20.0 22.51.02.03 2010-06-09 2.56 -
Sophos 3.07.1 4.54 2010-06-10 3.99 -
Sunbelt 3.9.2424.2 6427 2010-06-09 7.45 -
Symantec 1.3.0.24 20100609.003 2010-06-09 1.19 -
nProtect 20100609.02 8604465 2010-06-09 9.01 -
The Hacker 6.5.2.0 v00296 2010-06-08 0.42 -
VBA32 3.12.12.5 20100608.2014 2010-06-08 5.06 -
VirusBuster 4.5.11.10 10.126.74/2035073 2010-06-10 13.00 -
  • 0

#29
jetface
Posted 10 June 2010 - 03:43 PM

jetface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I upgraded JAVA and deleted all old versions. Kaspersky online scanner has been run 3 times and bombs/times out at 40% after 3.5 hours. No files found on those scans but Im trying again to get a complete run.


.........


Kaspersky online scanner bombed again, same place. downloaded Active X and Panda is executing now....

Edited by jetface, 10 June 2010 - 08:42 PM.

  • 0

#30
andrewuk
Posted 10 June 2010 - 05:34 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
try this one:

Please go HERE to run Panda's TotalScan
  • Select the bubble for Scan now
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report
andrewuk
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP