Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

possible about blank BHO


  • This topic is locked This topic is locked

#1
headlever1

headlever1

    New Member

  • Member
  • Pip
  • 9 posts
The symptoms are: Windows Security tells me auto updates are off. Sometimes Firewall is off.The computer runs very slowly. When I am browsing about:blank comes up between sites and redirects me to the wrong site. It has not changed my home page. It seems like it has been slowing down for about 4 days. I ran Avira antivir, Malware bytes,
Spybot S&D, None seem to have found it. I have a HJT log and when I went to their site I found this one. I made a OTL list and will post below. Thanks in advance for your help.

OTL logfile created on: 8/9/2011 5:33:38 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.04 Mb Total Physical Memory | 91.07 Mb Available Physical Memory | 18.14% Memory free
1.19 Gb Paging File | 0.52 Gb Available in Paging File | 43.80% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.70 Gb Free Space | 28.72% Space Free | Partition Type: NTFS
Drive E: | 37.25 Gb Total Space | 26.25 Gb Free Space | 70.47% Space Free | Partition Type: NTFS

Computer Name: HOME-A9F7118A1B | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
PRC - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (WudfPf) -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys ()
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atapi) -- C:\WINDOWS\system32\drivers\atapi_TM.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (MOSUMAC) -- C:\WINDOWS\system32\drivers\MOSUMAC.SYS (--)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/09/09 11:53:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/09/12 03:12:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6F637693-8379-458F-891B-2E0FEFF996B1}: C:\Documents and Settings\User\Local Settings\Application Data\{6F637693-8379-458F-891B-2E0FEFF996B1} [2011/07/05 21:55:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{65D79DFF-1E15-4A86-9D40-901A6C698317}: C:\Documents and Settings\Rita\Local Settings\Application Data\{65D79DFF-1E15-4A86-9D40-901A6C698317} [2011/07/05 22:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/05 21:59:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/05 21:59:36 | 000,000,000 | ---D | M]

[2010/10/14 08:32:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/10/14 08:32:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/07/01 10:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bh0jb6m2.default\extensions
[2010/09/12 18:34:44 | 000,000,000 | ---D | M] ("Microsoft .NET Framework Assistant") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bh0jb6m2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/10 18:42:53 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bh0jb6m2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/23 09:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/24 11:33:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
[2011/07/05 22:44:11 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\RITA\LOCAL SETTINGS\APPLICATION DATA\{65D79DFF-1E15-4A86-9D40-901A6C698317}
[2011/07/05 21:55:05 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\{6F637693-8379-458F-891B-2E0FEFF996B1}
[2010/09/09 11:53:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/24 11:33:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003/07/14 22:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2011/06/06 12:55:30 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/01/01 04:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2010/01/01 04:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2010/01/01 04:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/07/06 00:22:18 | 000,434,718 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14986 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [bipro] File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Qnegarikomemapi] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKCU\..Trusted Domains: amazon.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bluemountain.com ([www] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1283982864737 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/08 17:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/09 17:05:35 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/08/07 19:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\direct TV
[2011/08/02 15:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Mikogo4
[2011/08/01 21:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Atlas Property mgt RFQ
[2011/07/28 14:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\HP
[2011/07/26 16:54:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2011/07/16 13:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Malware receipt
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/09 17:02:21 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/08/09 16:22:21 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Outlook 2003.lnk
[2011/08/09 14:53:02 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk
[2011/08/09 13:03:11 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/09 09:42:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/09 09:38:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/08 02:00:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/08/07 22:23:49 | 2165,465,710 | ---- | M] () -- C:\Documents and Settings\User\My Documents\My Music.7z
[2011/08/07 18:50:52 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/07/28 15:05:56 | 000,178,390 | ---- | M] () -- C:\WINDOWS\hpwins20.dat
[2011/07/20 17:50:08 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rgiqepe.dat
[2011/07/20 07:38:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Flemu.bin
[2011/07/16 12:29:02 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/16 12:29:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/07 19:12:14 | 2165,465,710 | ---- | C] () -- C:\Documents and Settings\User\My Documents\My Music.7z
[2011/07/16 12:29:02 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/16 12:29:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/08 09:25:03 | 000,178,390 | ---- | C] () -- C:\WINDOWS\hpwins20.dat
[2011/07/08 09:25:02 | 000,002,428 | R--- | C] () -- C:\WINDOWS\hpwmdl20.dat
[2011/07/01 08:54:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rgiqepe.dat
[2011/07/01 08:54:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Flemu.bin
[2011/06/15 18:53:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011/05/29 21:09:35 | 000,000,633 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/15 15:07:07 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\MAS
[2011/05/15 15:07:07 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/05/15 15:07:06 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Logs
[2011/05/15 15:07:06 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/05/15 15:07:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Limiter
[2011/05/15 15:07:05 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/04/15 03:27:30 | 002,517,136 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/28 14:52:42 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\keyfile3.drm
[2010/09/23 08:05:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/11 10:21:33 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/09 21:15:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/09 18:35:45 | 000,012,054 | R--- | C] () -- C:\WINDOWS\hpwscr20.dat
[2010/09/09 11:34:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/08 17:50:36 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2010/09/08 17:50:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/09/08 17:26:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/08 17:20:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/08 12:22:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/08 12:21:02 | 000,280,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,435,590 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,068,360 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/09/28 18:55:50 | 000,077,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\WudfPf.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/04/13 23:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2011/05/15 15:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Analog Mono
[2011/05/15 15:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Application
[2011/05/15 15:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Automatic Filter
[2011/05/15 15:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/07/08 08:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/05/23 00:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/07/01 10:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/07/02 09:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/15 15:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/04/08 09:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers
[2011/01/16 15:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FrostWire
[2011/02/06 21:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GARMIN
[2011/04/01 08:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo
[2011/06/16 08:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nikon
[2011/04/23 05:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PriceGong
[2011/04/01 07:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TeamViewer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 8/9/2011 5:06:33 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.04 Mb Total Physical Memory | 47.10 Mb Available Physical Memory | 9.38% Memory free
1.19 Gb Paging File | 0.58 Gb Available in Paging File | 48.72% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.70 Gb Free Space | 28.73% Space Free | Partition Type: NTFS
Drive E: | 37.25 Gb Total Space | 26.25 Gb Free Space | 70.47% Space Free | Partition Type: NTFS

Computer Name: HOME-A9F7118A1B | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}" = Nero 7 Essentials
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7010632-E5EE-4263-B80E-BC9D45439EB0}" = TurboTax 2010 winiper
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SpywareBlaster_is1" = SpywareBlaster 4.4
"TurboTax 2010" = TurboTax 2010
"USB-Ethernet Adapter Device" = USB-Ethernet Adapter Device
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 8/5/2011 11:53:08 PM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 8/8/2011 4:02:29 PM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7034
Description = The Distributed Transaction Coordinator service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/8/2011 4:02:51 PM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7034
Description = The Volume Shadow Copy service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/8/2011 6:06:13 PM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/8/2011 6:06:13 PM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 8/9/2011 9:19:22 AM | Computer Name = HOME-A9F7118A1B | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/9/2011 9:21:37 AM | Computer Name = HOME-A9F7118A1B | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/9/2011 9:30:58 AM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7034
Description = The Amazon Download Agent service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/9/2011 9:41:39 AM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/9/2011 9:41:39 AM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

[ System Events ]
Error - 8/5/2011 11:53:08 PM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 8/8/2011 4:02:29 PM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7034
Description = The Distributed Transaction Coordinator service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/8/2011 4:02:51 PM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7034
Description = The Volume Shadow Copy service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/8/2011 6:06:13 PM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/8/2011 6:06:13 PM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 8/9/2011 9:19:22 AM | Computer Name = HOME-A9F7118A1B | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/9/2011 9:21:37 AM | Computer Name = HOME-A9F7118A1B | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/9/2011 9:30:58 AM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7034
Description = The Amazon Download Agent service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/9/2011 9:41:39 AM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/9/2011 9:41:39 AM | Computer Name = HOME-A9F7118A1B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon


< End of report >
  • 0

Advertisements


#2
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi
:unsure: . I'm Michael and I'm going to help you fix your computer :yes:

Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.



Next:


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here :)



Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6F637693-8379-458F-891B-2E0FEFF996B1}: C:\Documents and Settings\User\Local Settings\Application Data\{6F637693-8379-458F-891B-2E0FEFF996B1} [2011/07/05 21:55:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{65D79DFF-1E15-4A86-9D40-901A6C698317}: C:\Documents and Settings\Rita\Local Settings\Application Data\{65D79DFF-1E15-4A86-9D40-901A6C698317} [2011/07/05 22:44:11 | 000,000,000 | ---D | M]
    [2011/07/05 22:44:11 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\RITA\LOCAL SETTINGS\APPLICATION DATA\{65D79DFF-1E15-4A86-9D40-901A6C698317}
    [2011/07/05 21:55:05 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\{6F637693-8379-458F-891B-2E0FEFF996B1}
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Qnegarikomemapi] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2011/07/01 08:54:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rgiqepe.dat
    [2011/07/01 08:54:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Flemu.bin

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.



Next:

Please uninstall the following programs:

Conduit Engine
DVDVideoSoftTB Toolbar
Java™ 6 Update 20
HiJackThis



Then go here and download the latest version of java
  • 0

#3
headlever1

headlever1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for the help. The computer locked up in Windows shutting down mode during the reboot. So, I turned it off and back on. I hope this didn't ruin the effort. Here are the Logs:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-14 09:25:55
-----------------------------
09:25:55.140 OS Version: Windows 5.1.2600 Service Pack 3
09:25:55.140 Number of processors: 1 586 0x409
09:25:55.140 ComputerName: HOME-A9F7118A1B UserName: User
09:25:55.718 Initialize success
09:27:03.656 AVAST engine defs: 11081400
09:27:09.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
09:27:09.453 Disk 0 Vendor: WDC_WD400BD-22LRA0 06.01D06 Size: 38166MB BusType: 3
09:27:09.468 Device \Driver\atapi -> DriverStartIo atapi_TM.sys f839e864
09:27:11.500 Disk 0 MBR read successfully
09:27:11.515 Disk 0 MBR scan
09:27:11.796 Disk 0 Windows XP default MBR code
09:27:11.812 Disk 0 scanning sectors +78140160
09:27:12.281 Disk 0 scanning C:\WINDOWS\system32\drivers
09:27:29.406 File: C:\WINDOWS\system32\drivers\WudfPf.sys **INFECTED** Win32:Alureon-FZ
09:27:29.546 Service scanning
09:27:31.453 Modules scanning
09:27:43.218 Disk 0 trace - called modules:
09:27:43.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi_TM.sys hal.dll intelide.sys PCIIDEX.SYS
09:27:43.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f62030]
09:27:43.625 3 CLASSPNP.SYS[f8574fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x82f5ed98]
09:27:43.828 AVAST engine scan C:\WINDOWS
09:27:51.390 AVAST engine scan C:\WINDOWS\system32
09:30:07.203 AVAST engine scan C:\WINDOWS\system32\drivers
09:30:18.671 File: C:\WINDOWS\system32\drivers\WudfPf.sys **INFECTED** Win32:Alureon-FZ
09:30:19.562 AVAST engine scan C:\Documents and Settings\User
09:40:31.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
09:40:31.859 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"


I received an error not permitted to upload this kind of file when I zipped and attached the aswmbr dat file. I used 7zip. What should I do?


OTL logfile created on: 8/14/2011 10:34:47 AM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\All Users\Desktop\RUN US WEEKLY
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.04 Mb Total Physical Memory | 68.30 Mb Available Physical Memory | 13.60% Memory free
1.19 Gb Paging File | 0.64 Gb Available in Paging File | 53.86% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 12.17 Gb Free Space | 32.67% Space Free | Partition Type: NTFS
Drive E: | 37.25 Gb Total Space | 26.25 Gb Free Space | 70.47% Space Free | Partition Type: NTFS

Computer Name: HOME-A9F7118A1B | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Documents and Settings\All Users\Desktop\RUN US WEEKLY\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
PRC - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\All Users\Desktop\RUN US WEEKLY\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)


========== Driver Services (SafeList) ==========

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (WudfPf) -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys ()
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atapi) -- C:\WINDOWS\system32\drivers\atapi_TM.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (MOSUMAC) -- C:\WINDOWS\system32\drivers\MOSUMAC.SYS (--)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-583907252-1957994488-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-583907252-1957994488-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6F637693-8379-458F-891B-2E0FEFF996B1}: C:\Documents and Settings\User\Local Settings\Application Data\{6F637693-8379-458F-891B-2E0FEFF996B1}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{65D79DFF-1E15-4A86-9D40-901A6C698317}: C:\Documents and Settings\Rita\Local Settings\Application Data\{65D79DFF-1E15-4A86-9D40-901A6C698317}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/05 21:59:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/05 21:59:36 | 000,000,000 | ---D | M]

[2010/10/14 08:32:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/08/12 14:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bh0jb6m2.default\extensions
[2011/04/23 09:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\RITA\LOCAL SETTINGS\APPLICATION DATA\{65D79DFF-1E15-4A86-9D40-901A6C698317}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\{6F637693-8379-458F-891B-2E0FEFF996B1}
[2010/09/09 11:53:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/24 11:33:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/14 09:54:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-583907252-1957994488-1644491937-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [bipro] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKU\S-1-5-21-583907252-1957994488-1644491937-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-1957994488-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-583907252-1957994488-1644491937-1003\..Trusted Domains: amazon.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-583907252-1957994488-1644491937-1003\..Trusted Domains: bluemountain.com ([www] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1283982864737 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/08 17:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-583907252-1957994488-1644491937-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-583907252-1957994488-1644491937-1003\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/14 09:53:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/14 09:25:20 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswMBR.exe
[2011/08/13 16:55:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/08/12 12:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2011/08/12 12:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/08/12 12:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/12 12:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/12 12:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/09 22:14:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2011/08/07 19:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\direct TV
[2011/08/02 15:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Mikogo4
[2011/08/01 21:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Atlas Property mgt RFQ
[2011/07/28 14:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\HP
[2011/07/16 13:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Malware receipt

========== Files - Modified Within 30 Days ==========

[2011/08/14 10:30:29 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/14 10:28:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/14 09:54:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/14 09:50:03 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk
[2011/08/14 09:40:31 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2011/08/14 09:25:12 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswMBR.exe
[2011/08/12 15:57:55 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Outlook 2003.lnk
[2011/08/09 22:17:45 | 000,189,662 | ---- | M] () -- C:\Documents and Settings\User\My Documents\cc_20110809_221553.reg
[2011/08/09 13:03:11 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/08 02:00:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/08/07 22:23:49 | 2165,465,710 | ---- | M] () -- C:\Documents and Settings\User\My Documents\My Music.7z
[2011/08/07 18:50:52 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/07/28 15:05:56 | 000,178,390 | ---- | M] () -- C:\WINDOWS\hpwins20.dat
[2011/07/16 12:29:02 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/08/14 09:40:31 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2011/08/09 22:15:57 | 000,189,662 | ---- | C] () -- C:\Documents and Settings\User\My Documents\cc_20110809_221553.reg
[2011/08/07 19:12:14 | 2165,465,710 | ---- | C] () -- C:\Documents and Settings\User\My Documents\My Music.7z
[2011/07/16 12:29:02 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/08 09:25:03 | 000,178,390 | ---- | C] () -- C:\WINDOWS\hpwins20.dat
[2011/07/08 09:25:02 | 000,002,428 | R--- | C] () -- C:\WINDOWS\hpwmdl20.dat
[2011/06/15 18:53:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011/05/29 21:09:35 | 000,000,633 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/15 15:07:07 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\MAS
[2011/05/15 15:07:07 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/05/15 15:07:06 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Logs
[2011/05/15 15:07:06 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/05/15 15:07:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Limiter
[2011/05/15 15:07:05 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/04/15 03:27:30 | 002,517,136 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/28 14:52:42 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\keyfile3.drm
[2010/09/23 08:05:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/11 10:21:33 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/09 21:15:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/09 18:35:45 | 000,012,054 | R--- | C] () -- C:\WINDOWS\hpwscr20.dat
[2010/09/09 11:34:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/08 17:50:36 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2010/09/08 17:50:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/09/08 17:26:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/08 17:20:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/08 12:22:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/08 12:21:02 | 000,280,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,435,590 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,068,360 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/09/28 18:55:50 | 000,077,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\WudfPf.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/08/12 12:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/04/13 23:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2011/05/15 15:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Analog Mono
[2011/05/15 15:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Application
[2011/05/15 15:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Automatic Filter
[2011/05/15 15:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/07/08 08:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/05/23 00:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/07/01 10:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/08/14 09:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/15 15:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/05/15 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rita\Application Data\Nikon
[2011/04/21 19:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rita\Application Data\PriceGong
[2010/09/10 17:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rita\Application Data\TeamViewer
[2011/04/08 09:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers
[2011/01/16 15:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FrostWire
[2011/02/06 21:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GARMIN
[2011/04/01 08:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo
[2011/06/16 08:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nikon
[2011/04/23 05:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PriceGong
[2011/04/01 07:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TeamViewer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#4
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,


Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Next:



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
headlever1

headlever1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
New Problem: When I tried to uninstall those programs Conduit engine and DVDVideosoftTBwould not remove. I clicked remove and nothing happened.
  • 0

#6
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

OK, leave them for now and continue with the new instructions and we'll take care of them after :)
  • 0

#7
headlever1

headlever1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OK Thanks.

TDSSkiller log

2011/08/14 14:54:43.0687 0248 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/14 14:54:44.0046 0248 ================================================================================
2011/08/14 14:54:44.0046 0248 SystemInfo:
2011/08/14 14:54:44.0046 0248
2011/08/14 14:54:44.0046 0248 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/14 14:54:44.0046 0248 Product type: Workstation
2011/08/14 14:54:44.0046 0248 ComputerName: HOME-A9F7118A1B
2011/08/14 14:54:44.0046 0248 UserName: User
2011/08/14 14:54:44.0046 0248 Windows directory: C:\WINDOWS
2011/08/14 14:54:44.0046 0248 System windows directory: C:\WINDOWS
2011/08/14 14:54:44.0046 0248 Processor architecture: Intel x86
2011/08/14 14:54:44.0046 0248 Number of processors: 1
2011/08/14 14:54:44.0046 0248 Page size: 0x1000
2011/08/14 14:54:44.0046 0248 Boot type: Normal boot
2011/08/14 14:54:44.0046 0248 ================================================================================
2011/08/14 14:54:46.0031 0248 Initialize success
2011/08/14 14:54:52.0296 2564 ================================================================================
2011/08/14 14:54:52.0296 2564 Scan started
2011/08/14 14:54:52.0296 2564 Mode: Manual;
2011/08/14 14:54:52.0296 2564 ================================================================================
2011/08/14 14:54:53.0359 2564 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/14 14:54:53.0453 2564 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/14 14:54:53.0578 2564 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/14 14:54:53.0687 2564 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/08/14 14:54:54.0156 2564 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/14 14:54:54.0218 2564 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi_TM.sys
2011/08/14 14:54:54.0359 2564 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/14 14:54:54.0453 2564 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/14 14:54:54.0593 2564 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/08/14 14:54:54.0703 2564 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/08/14 14:54:54.0750 2564 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/08/14 14:54:54.0906 2564 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/14 14:54:54.0984 2564 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/14 14:54:55.0140 2564 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/14 14:54:55.0218 2564 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/14 14:54:55.0328 2564 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/14 14:54:55.0593 2564 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/14 14:54:55.0734 2564 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/14 14:54:55.0875 2564 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/14 14:54:55.0937 2564 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/14 14:54:56.0078 2564 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/14 14:54:56.0203 2564 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/14 14:54:56.0359 2564 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/14 14:54:56.0468 2564 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/14 14:54:56.0531 2564 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/14 14:54:56.0640 2564 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/14 14:54:56.0718 2564 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/14 14:54:56.0843 2564 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/14 14:54:56.0906 2564 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/14 14:54:57.0031 2564 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/14 14:54:57.0125 2564 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/14 14:54:57.0250 2564 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/14 14:54:57.0406 2564 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/14 14:54:57.0453 2564 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/14 14:54:57.0562 2564 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/14 14:54:57.0625 2564 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/14 14:54:57.0843 2564 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/14 14:54:57.0968 2564 ialm (d95eb1c9b3a5c2f6fdeab05dd03736fe) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/14 14:54:58.0093 2564 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/14 14:54:58.0421 2564 IntcAzAudAddService (1265393299a72ada509f5973040bb93f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/14 14:54:58.0671 2564 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/14 14:54:58.0750 2564 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/14 14:54:58.0859 2564 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/14 14:54:58.0937 2564 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/14 14:54:59.0015 2564 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/14 14:54:59.0093 2564 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/14 14:54:59.0171 2564 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/14 14:54:59.0281 2564 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/14 14:54:59.0343 2564 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/14 14:54:59.0437 2564 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/14 14:54:59.0484 2564 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/14 14:54:59.0593 2564 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/14 14:54:59.0812 2564 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/14 14:54:59.0875 2564 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/14 14:54:59.0984 2564 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/14 14:55:00.0062 2564 MOSUMAC (51b4387297730cde09ccd207386ffde2) C:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS
2011/08/14 14:55:00.0171 2564 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/14 14:55:00.0234 2564 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/14 14:55:00.0343 2564 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/14 14:55:00.0671 2564 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/14 14:55:00.0781 2564 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/14 14:55:00.0968 2564 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/14 14:55:01.0046 2564 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/14 14:55:01.0156 2564 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/14 14:55:01.0234 2564 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/14 14:55:01.0281 2564 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/14 14:55:01.0406 2564 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/14 14:55:01.0515 2564 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/14 14:55:01.0640 2564 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/14 14:55:01.0718 2564 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/14 14:55:01.0828 2564 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/14 14:55:01.0890 2564 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/14 14:55:02.0015 2564 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/14 14:55:02.0062 2564 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/14 14:55:02.0203 2564 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/14 14:55:02.0328 2564 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/14 14:55:02.0468 2564 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/14 14:55:02.0531 2564 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/14 14:55:02.0609 2564 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/14 14:55:02.0734 2564 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/14 14:55:02.0859 2564 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/14 14:55:02.0921 2564 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/14 14:55:03.0031 2564 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/14 14:55:03.0109 2564 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/08/14 14:55:03.0187 2564 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/14 14:55:03.0515 2564 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/14 14:55:03.0593 2564 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/14 14:55:03.0671 2564 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/14 14:55:03.0781 2564 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/14 14:55:04.0031 2564 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/14 14:55:04.0156 2564 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/14 14:55:04.0203 2564 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/14 14:55:04.0328 2564 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/14 14:55:04.0421 2564 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/14 14:55:04.0531 2564 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/14 14:55:04.0609 2564 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/14 14:55:04.0718 2564 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/14 14:55:04.0859 2564 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/14 14:55:05.0015 2564 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/14 14:55:05.0046 2564 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/14 14:55:05.0171 2564 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/14 14:55:05.0265 2564 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/14 14:55:05.0343 2564 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/14 14:55:05.0484 2564 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/14 14:55:05.0609 2564 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/14 14:55:05.0750 2564 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/14 14:55:05.0843 2564 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/14 14:55:06.0000 2564 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/08/14 14:55:06.0078 2564 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/14 14:55:06.0187 2564 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/14 14:55:06.0406 2564 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/14 14:55:06.0546 2564 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/14 14:55:06.0671 2564 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/14 14:55:06.0734 2564 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/14 14:55:06.0781 2564 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/14 14:55:07.0046 2564 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/14 14:55:07.0187 2564 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/14 14:55:07.0328 2564 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/14 14:55:07.0390 2564 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/14 14:55:07.0515 2564 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/14 14:55:07.0578 2564 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/14 14:55:07.0703 2564 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/14 14:55:07.0781 2564 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/14 14:55:07.0843 2564 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/14 14:55:07.0968 2564 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/14 14:55:08.0078 2564 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/14 14:55:08.0250 2564 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/14 14:55:08.0343 2564 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/14 14:55:08.0562 2564 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/14 14:55:08.0656 2564 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/14 14:55:08.0781 2564 WudfPf (643a3b9e70bdfda50034d2ef66a46003) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/14 14:55:08.0843 2564 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/14 14:55:09.0000 2564 yukonwxp (277c9d37f7c04b038d93d076dc7ef354) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/08/14 14:55:09.0078 2564 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/14 14:55:09.0203 2564 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
2011/08/14 14:55:09.0234 2564 Boot (0x1200) (6747656cd07c38b9837c8f6ca25d68dc) \Device\Harddisk0\DR0\Partition0
2011/08/14 14:55:09.0250 2564 Boot (0x1200) (23ecbead29d1e54b441aacb067db20b5) \Device\Harddisk1\DR2\Partition0
2011/08/14 14:55:09.0265 2564 ================================================================================
2011/08/14 14:55:09.0265 2564 Scan finished
2011/08/14 14:55:09.0265 2564 ================================================================================
2011/08/14 14:55:09.0281 3036 Detected object count: 0
2011/08/14 14:55:09.0281 3036 Actual detected object count: 0
  • 0

#8
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Nice, waiting for the combofix log :)
  • 0

#9
headlever1

headlever1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I had a problem running the combofix log. Avira kept interrupting. I had turned it off according to the instructions provided, but somehow it was still grabbing C:\Combofix\sed.cfxxe. Here is the log. I don't know if it is complete or good.


ComboFix 11-08-15.06 - User 08/14/2011 16:08:15.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.202 [GMT -4:00]
Running from: c:\documents and settings\All Users\Desktop\RUN US WEEKLY\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\Rita\Application Data\PriceGong
c:\documents and settings\Rita\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Rita\Application Data\PriceGong\Data\z.xml
c:\documents and settings\User\Application Data\PriceGong
c:\documents and settings\User\Application Data\PriceGong\Data\1.xml
c:\documents and settings\User\Application Data\PriceGong\Data\a.xml
c:\documents and settings\User\Application Data\PriceGong\Data\b.xml
c:\documents and settings\User\Application Data\PriceGong\Data\c.xml
c:\documents and settings\User\Application Data\PriceGong\Data\d.xml
c:\documents and settings\User\Application Data\PriceGong\Data\e.xml
c:\documents and settings\User\Application Data\PriceGong\Data\f.xml
c:\documents and settings\User\Application Data\PriceGong\Data\g.xml
c:\documents and settings\User\Application Data\PriceGong\Data\h.xml
c:\documents and settings\User\Application Data\PriceGong\Data\i.xml
c:\documents and settings\User\Application Data\PriceGong\Data\J.xml
c:\documents and settings\User\Application Data\PriceGong\Data\k.xml
c:\documents and settings\User\Application Data\PriceGong\Data\l.xml
c:\documents and settings\User\Application Data\PriceGong\Data\m.xml
c:\documents and settings\User\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\User\Application Data\PriceGong\Data\n.xml
c:\documents and settings\User\Application Data\PriceGong\Data\o.xml
c:\documents and settings\User\Application Data\PriceGong\Data\p.xml
c:\documents and settings\User\Application Data\PriceGong\Data\q.xml
c:\documents and settings\User\Application Data\PriceGong\Data\r.xml
c:\documents and settings\User\Application Data\PriceGong\Data\s.xml
c:\documents and settings\User\Application Data\PriceGong\Data\t.xml
c:\documents and settings\User\Application Data\PriceGong\Data\u.xml
c:\documents and settings\User\Application Data\PriceGong\Data\v.xml
c:\documents and settings\User\Application Data\PriceGong\Data\w.xml
c:\documents and settings\User\Application Data\PriceGong\Data\x.xml
c:\documents and settings\User\Application Data\PriceGong\Data\y.xml
c:\documents and settings\User\Application Data\PriceGong\Data\z.xml
c:\windows\system32\axxt32.dll
c:\windows\system32\cryptmd5.dll
c:\windows\system32\emul65.dll
c:\windows\system32\java2.sys
c:\windows\system32\ke32psag.sys
c:\windows\system32\md5hsh.dll
c:\windows\system32\mmmnqgnq.dll
c:\windows\system32\ntpdxt.dll
c:\windows\system32\vdnt32.sys
c:\windows\system32\xdudtt.dll
c:\windows\system32\xliftm.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-14 20:56 . 2011-08-14 20:56 -------- d-----w- c:\windows\temp
2011-08-14 20:12 . 2011-08-14 20:12 0 ----a-w- c:\windows\system32\winprint.dll
2011-08-14 20:12 . 2011-08-14 20:12 0 ----a-w- c:\windows\system32\sdcardX2.sys
2011-08-14 20:12 . 2011-08-14 20:12 0 ----a-w- c:\windows\system32\flashdrv3.sys
2011-08-14 20:12 . 2011-08-14 20:12 0 ----a-w- c:\windows\system32\asusrx25.sys
2011-08-14 19:47 . 2011-08-14 19:47 -------- d-----w- c:\windows\LastGood
2011-08-14 19:29 . 2010-11-07 17:20 208896 ----a-w- c:\windows\MBR.exe
2011-08-14 13:53 . 2011-08-14 13:53 -------- dc----w- C:\_OTL
2011-08-12 16:25 . 2011-08-12 16:25 -------- dc----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2011-08-12 16:24 . 2011-08-12 16:24 -------- dc----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-08-12 16:24 . 2011-08-12 16:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-12 16:24 . 2011-08-12 16:24 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-09 12:15 . 2011-08-09 12:15 -------- dc----w- c:\documents and settings\Rita\Local Settings\Application Data\PackageAware
2011-08-02 19:06 . 2011-08-02 19:06 -------- dc----w- c:\documents and settings\User\Local Settings\Application Data\Mikogo4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2010-09-09 15:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-09-09 15:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 11:43 . 2011-06-30 11:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-29 03:46 . 2010-09-09 16:05 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-29 03:46 . 2010-09-09 16:05 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-24 15:33 . 2011-04-23 13:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4600704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-25 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-25 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-07-16 281768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/18/2011 8:02 PM 116608]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [4/13/2011 11:50 PM 401920]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/9/2010 12:05 PM 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/9/2010 11:58 AM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/9/2010 11:58 AM 22712]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 MpKsl3cd5d232;MpKsl3cd5d232;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BAA5973-2416-4EA1-B61B-810C88D6D410}\MpKsl3cd5d232.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BAA5973-2416-4EA1-B61B-810C88D6D410}\MpKsl3cd5d232.sys [?]
S1 MpKsl46a58dd0;MpKsl46a58dd0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BAA5973-2416-4EA1-B61B-810C88D6D410}\MpKsl46a58dd0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BAA5973-2416-4EA1-B61B-810C88D6D410}\MpKsl46a58dd0.sys [?]
S1 MpKsl73e74456;MpKsl73e74456;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BAA5973-2416-4EA1-B61B-810C88D6D410}\MpKsl73e74456.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BAA5973-2416-4EA1-B61B-810C88D6D410}\MpKsl73e74456.sys [?]
S1 MpKsla0167aa8;MpKsla0167aa8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06361A31-03EB-4F24-88DF-53E1DEA476DF}\MpKsla0167aa8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06361A31-03EB-4F24-88DF-53E1DEA476DF}\MpKsla0167aa8.sys [?]
S1 MpKslafa6690c;MpKslafa6690c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BAA5973-2416-4EA1-B61B-810C88D6D410}\MpKslafa6690c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BAA5973-2416-4EA1-B61B-810C88D6D410}\MpKslafa6690c.sys [?]
S1 MpKslc926b24e;MpKslc926b24e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06361A31-03EB-4F24-88DF-53E1DEA476DF}\MpKslc926b24e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06361A31-03EB-4F24-88DF-53E1DEA476DF}\MpKslc926b24e.sys [?]
S1 MpKsld642fc00;MpKsld642fc00;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06361A31-03EB-4F24-88DF-53E1DEA476DF}\MpKsld642fc00.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06361A31-03EB-4F24-88DF-53E1DEA476DF}\MpKsld642fc00.sys [?]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/16/2011 12:59 PM 340136]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [6/28/2011 11:47 PM 428200]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [3/22/2010 2:32 PM 27002]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-08 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-09-09 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
Trusted Zone: amazon.com\www
Trusted Zone: bluemountain.com\www
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\bh0jb6m2.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-bipro - (no file)
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-14 16:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-08-14 17:02:00
ComboFix-quarantined-files.txt 2011-08-14 21:01
.
Pre-Run: 12,909,764,608 bytes free
Post-Run: 12,877,586,432 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 272A090575C4B64F45054734D42281B4
  • 0

#10
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Warning!!
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.
  • All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.



Next:


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If Avira interferes, you can add all programs that are picked up by it to the ignore list

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\winprint.dll
c:\windows\system32\sdcardX2.sys
c:\windows\system32\flashdrv3.sys
c:\windows\system32\asusrx25.sys

Folder::
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates

Registry::

Driver::
MpKsl3cd5d232
MpKsl46a58dd0
MpKsl73e74456
MpKsla0167aa8
MpKslafa6690c
MpKslc926b24e
MpKsld642fc00


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Next:


Posted Image OTL Custom Scan
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box copy and paste this in:

    /md5start
    WudfPf.sys
    /md5stop

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

Advertisements


#11
headlever1

headlever1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks, Do we know the name of this Trojan? Also, I tried adding the program that was being stopped to the ignore list and it didn't work. It was still picking C:\Combofix\sed.cfxxe as a suspicious activity. Could you help me with that?

I will have to go to a different computer to change passwords first.
  • 0

#12
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
The name of the infection is Goldun, you can read about the infection here and here

Read here how to add an exception to the guard of Avira. Read the instructions under Avira Scanner and Guard Exceptions and add the exception to the guard only, not the scanner. However, when the detection pops up, there is the option to ignore it and that should normally work
  • 0

#13
headlever1

headlever1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here is the OTL Combofix log.

ComboFix 11-08-15.06 - User 08/17/2011 8:09.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.195 [GMT -4:00]
Running from: c:\documents and settings\All Users\Desktop\RUN US WEEKLY\ComboFix.exe
Command switches used :: c:\documents and settings\All Users\Desktop\RUN US WEEKLY\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
FILE ::
"c:\windows\system32\asusrx25.sys"
"c:\windows\system32\flashdrv3.sys"
"c:\windows\system32\sdcardX2.sys"
"c:\windows\system32\winprint.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\asusrx25.sys
c:\windows\system32\flashdrv3.sys
c:\windows\system32\sdcardX2.sys
c:\windows\system32\winprint.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL3CD5D232
-------\Legacy_MPKSL46A58DD0
-------\Legacy_MPKSL73E74456
-------\Legacy_MPKSLA0167AA8
-------\Legacy_MPKSLAFA6690C
-------\Legacy_MPKSLC926B24E
-------\Legacy_MPKSLD642FC00
-------\Service_MpKsl3cd5d232
-------\Service_MpKsl46a58dd0
-------\Service_MpKsl73e74456
-------\Service_MpKsla0167aa8
-------\Service_MpKslafa6690c
-------\Service_MpKslc926b24e
-------\Service_MpKsld642fc00
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-15 02:19 . 2011-08-15 02:19 -------- dc----w- c:\documents and settings\User\Local Settings\Application Data\PCHealth
2011-08-14 13:53 . 2011-08-14 13:53 -------- dc----w- C:\_OTL
2011-08-12 16:25 . 2011-08-12 16:25 -------- dc----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2011-08-12 16:24 . 2011-08-12 16:24 -------- dc----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-08-12 16:24 . 2011-08-12 16:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-12 16:24 . 2011-08-12 16:24 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-09 12:15 . 2011-08-09 12:15 -------- dc----w- c:\documents and settings\Rita\Local Settings\Application Data\PackageAware
2011-08-02 19:06 . 2011-08-02 19:06 -------- dc----w- c:\documents and settings\User\Local Settings\Application Data\Mikogo4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52 . 2010-09-09 15:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-09-09 15:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 11:43 . 2011-06-30 11:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-29 03:46 . 2010-09-09 16:05 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-29 03:46 . 2010-09-09 16:05 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-24 14:10 . 2010-09-08 21:19 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-24 15:33 . 2011-04-23 13:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_20.56.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 12:00 . 2011-08-15 02:59 68360 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2011-04-15 07:08 68360 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 08:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 08:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
+ 2010-09-09 14:53 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-09-09 14:53 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-04-14 12:00 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
- 2008-04-14 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-09-09 14:53 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-09-09 14:53 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2008-04-14 12:00 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-14 12:00 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
- 2008-04-14 12:00 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2011-08-15 01:52 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-08-15 01:52 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-08-15 01:52 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-08-15 01:52 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-08-15 01:52 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-08-15 02:27 . 2011-08-15 02:27 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 26112 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\05b5be4f492a4adaf920e9ce4931cefb\TVM.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\343c52b741531ce9ae874ea7508831a7\System.Windows.Presentation.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ace861fe8dbf146c3e449abaa7691e9f\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
+ 2011-08-15 03:02 . 2011-08-15 03:02 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\40ee65aacd9d7472cd6f8dddbfca604b\PresentationFontCache.ni.exe
+ 2011-08-15 02:11 . 2011-08-15 02:11 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\50594d232a125478b37cfdece0747986\PresentationCFFRasterizer.ni.dll
+ 2011-08-15 03:01 . 2011-08-15 03:01 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\12c424eed7ee0e9c017bf72ff09eb78c\PresentationCFFRasterizer.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll
+ 2011-08-15 04:09 . 2011-08-15 04:09 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a8844048139471f4c7914a41f36a7e81\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9804c5ec5e7a8945d4da1c7e3caf40c7\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0fe4eb7e116bacc97d476713af23f42e\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\01eba2bdd4d6baa3102dc8610e8cec92\Microsoft.PowerShell.Security.resources.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
+ 2011-08-15 02:48 . 2011-08-15 02:48 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-04-15 07:08 . 2011-04-15 07:08 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-08-15 02:59 . 2011-08-15 02:59 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-08-15 02:59 . 2011-08-15 02:59 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-04-15 07:08 . 2011-04-15 07:08 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-08-15 02:59 . 2011-08-15 02:59 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-15 07:08 . 2011-04-15 07:08 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-01 07:03 . 2011-04-15 07:07 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-08-15 02:59 . 2011-08-15 02:59 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-15 07:08 . 2011-04-15 07:08 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-15 07:07 . 2011-04-15 07:07 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-01 07:03 . 2011-04-15 07:08 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-08-15 02:08 . 2011-08-15 02:58 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-08-15 02:08 . 2011-08-15 02:58 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-10-01 07:03 . 2011-04-15 07:08 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll
- 2008-04-14 12:00 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll
+ 2008-04-14 12:00 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll
+ 2008-04-14 12:00 . 2011-08-15 02:59 435590 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2011-04-15 07:08 435590 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 551936 c:\windows\system32\oleaut32.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 08:32 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 08:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
- 2010-09-08 21:21 . 2011-03-07 05:33 692736 c:\windows\system32\inetcomm.dll
+ 2010-09-08 21:21 . 2011-05-02 15:31 692736 c:\windows\system32\inetcomm.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 12:00 . 2011-06-23 12:05 173568 c:\windows\system32\ie4uinit.exe
- 2008-04-14 12:00 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
- 2010-09-08 16:21 . 2011-04-15 07:28 280536 c:\windows\system32\FNTCACHE.DAT
+ 2010-09-08 16:21 . 2011-08-15 02:13 280536 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 12:00 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
- 2008-04-14 12:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
+ 2008-04-14 12:00 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
- 2008-04-14 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2008-04-14 12:00 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-09-08 21:21 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
- 2008-04-14 12:00 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll
+ 2008-04-14 12:00 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
+ 2010-09-08 21:19 . 2011-06-24 14:10 139656 c:\windows\system32\dllcache\rdpwd.sys
- 2010-09-08 21:19 . 2008-04-14 12:00 139656 c:\windows\system32\dllcache\rdpwd.sys
- 2008-04-14 12:00 . 2008-04-14 12:00 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2008-04-14 12:00 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys
+ 2008-04-14 12:00 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-09-09 14:53 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2010-09-09 14:53 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-09-08 22:01 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-09-08 21:21 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2010-09-08 21:21 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2010-09-09 14:53 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-09-09 14:53 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-09-09 14:53 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-09-09 14:53 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-14 12:00 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-14 12:00 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 12:00 . 2011-06-23 12:05 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-14 12:00 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-04-14 12:00 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
+ 2011-03-25 10:15 . 2011-03-25 10:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-08-15 01:52 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-08-15 01:52 . 2009-03-08 08:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-08-15 01:52 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-08-15 01:52 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-08-15 01:52 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-08-15 01:52 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-08-15 01:52 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-08-15 01:52 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-08-15 01:52 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-08-15 01:52 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-08-15 01:52 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-08-15 01:52 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
+ 2011-08-15 01:53 . 2009-03-08 08:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2011-08-15 01:53 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2011-08-15 01:53 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2010-09-08 22:01 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-08-15 02:08 . 2011-08-15 02:08 114688 c:\windows\assembly\temp\S07EKRX4BI\System.ServiceProcess.dll
+ 2011-08-15 02:09 . 2011-08-15 02:09 303104 c:\windows\assembly\temp\OW3AGNTZ6D\System.Runtime.Remoting.dll
+ 2011-08-15 02:08 . 2011-08-15 02:08 261632 c:\windows\assembly\temp\JSY5BIPV28\System.Transactions.dll
+ 2011-08-15 02:08 . 2011-08-15 02:09 113664 c:\windows\assembly\temp\HPV28FLSZ5\System.EnterpriseServices.Wrapper.dll
+ 2011-08-15 02:08 . 2011-08-15 02:08 258048 c:\windows\assembly\temp\HPV28FLSZ5\System.EnterpriseServices.dll
+ 2011-08-15 02:09 . 2011-08-15 02:09 626688 c:\windows\assembly\temp\DLRY4BHOU1\System.Drawing.dll
+ 2011-08-15 02:09 . 2011-08-15 02:09 425984 c:\windows\assembly\temp\BJPW29GNT0\System.configuration.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe
+ 2011-08-15 03:04 . 2011-08-15 03:04 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\39ce0c9c9cc294c0ee26c4ff01522961\WindowsFormsIntegration.ni.dll
+ 2011-08-15 02:27 . 2011-08-15 02:27 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
+ 2011-08-15 03:04 . 2011-08-15 03:04 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\431e918aee8da919f5b9e3a5195ccf93\UIAutomationClient.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\946eefb99bc116ee68e0e7c69a5a8a5c\System.Xml.Linq.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 116736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Inte#\01da3a9ba14a15491efa087b5dac4692\System.Windows.Interactivity.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\a82eef3128b9527dc05b3c8667e713bc\System.Web.Routing.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54\System.Web.Extensions.Design.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2314ff800782dc85224e69e802a073f7\System.Web.Entity.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f690a8f5d784a5bb20f2cbaa7277eb6c\System.Web.Entity.Design.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5c96400424b85536443623f96f64581\System.Web.DynamicData.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5f8e87b47465a038403e73012c6d102a\System.Web.Abstractions.ni.dll
+ 2011-08-15 04:09 . 2011-08-15 04:09 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
+ 2011-08-15 04:09 . 2011-08-15 04:09 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\480ea914e13fe41cdd8fb542bb1f7e81\System.Net.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\dc72c7581f1b3794c0ea595ba02ff7ad\System.Management.Instrumentation.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\35b34a452180a868171e1364bcc02208\System.Management.Automation.resources.ni.dll
+ 2011-08-15 04:08 . 2011-08-15 04:08 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll
+ 2011-08-15 04:08 . 2011-08-15 04:08 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll
+ 2011-08-15 04:09 . 2011-08-15 04:09 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll
+ 2011-08-15 04:09 . 2011-08-15 04:09 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
+ 2011-08-15 03:03 . 2011-08-15 03:03 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\f7cd3d07c15366b76fe4c38d24455d6b\System.Drawing.Design.ni.dll
+ 2011-08-15 04:12 . 2011-08-15 04:12 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\822c996e6ad4901219b7de399a6f78bf\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-15 04:12 . 2011-08-15 04:12 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e1c009b2c9becdb732a2ea45f32a46b8\System.Data.Services.Design.ni.dll
+ 2011-08-15 04:12 . 2011-08-15 04:12 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1defd94e1662a4478ccf2cd0b1b4e6a6\System.Data.Services.Client.ni.dll
+ 2011-08-15 04:12 . 2011-08-15 04:12 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04267c1dbdcdd8ec37e1518126767ead\System.Data.Entity.Design.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\f2a6d41b3f6e26eea6dcac9298aa637b\System.Data.DataSetExtensions.ni.dll
+ 2011-08-15 04:09 . 2011-08-15 04:09 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fbf6ef12d1456058acde29f2640092fb\System.AddIn.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe
+ 2011-08-15 04:10 . 2011-08-15 04:10 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe
+ 2011-08-15 03:02 . 2011-08-15 03:02 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f52e48f55258d0a04fbab3a1f93752e9\PresentationFramework.Classic.ni.dll
+ 2011-08-15 03:02 . 2011-08-15 03:02 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cf812b99f587ab514afb36fa9d4c1567\PresentationFramework.Aero.ni.dll
+ 2011-08-15 03:02 . 2011-08-15 03:02 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll
+ 2011-08-15 03:02 . 2011-08-15 03:02 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09f5af61ea2af04eb32c04b3091ffc86\PresentationFramework.Royale.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe
+ 2011-08-15 04:10 . 2011-08-15 04:10 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eae2ab662e4b44aacd4cebd3f9b6c34f\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9bcb002ea577b825f7c7872ec21b78a3\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\97869a9a27244319a1bcb5c2d446a1cc\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4d166154a2d5a4497acccfcd08355267\Microsoft.PowerShell.Security.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9250f038410f0d6432e3ccb0b046862b\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\37db660a84ee52b61a7ca55812581bbd\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 955392 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\eb9a82bfdc10027044461f83cdf2544b\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe
+ 2011-08-15 04:08 . 2011-08-15 04:08 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-08-15 02:08 . 2011-08-15 02:58 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-01 07:03 . 2011-04-15 07:07 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-04-15 07:08 . 2011-04-15 07:08 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-04-15 07:08 . 2011-04-15 07:08 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-10-01 07:03 . 2011-04-15 07:08 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-08-15 02:09 . 2011-08-15 02:58 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-08-15 02:59 . 2011-08-15 02:59 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-15 07:08 . 2011-04-15 07:08 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-15 07:08 . 2011-04-15 07:08 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-08-15 02:59 . 2011-08-15 02:59 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-08-15 02:09 . 2011-08-15 02:59 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-01 07:03 . 2011-04-15 07:08 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-08-15 02:59 . 2011-08-15 02:59 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-04-15 07:08 . 2011-04-15 07:08 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-08-15 02:59 . 2011-08-15 02:59 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-15 07:08 . 2011-04-15 07:08 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-08-15 02:09 . 2011-08-15 02:59 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-01 07:03 . 2011-04-15 07:08 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-08-15 02:59 . 2011-08-15 02:59 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-04-15 07:08 . 2011-04-15 07:08 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-08-15 02:59 . 2011-08-15 02:59 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-04-15 07:08 . 2011-04-15 07:08 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-15 07:08 . 2011-04-15 07:08 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-08-15 02:08 . 2011-08-15 02:58 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-01 07:03 . 2011-04-15 07:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-08-15 02:08 . 2011-08-15 02:58 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-01 07:03 . 2011-04-15 07:08 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-08-15 02:08 . 2011-08-15 02:58 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-01 07:03 . 2011-04-15 07:08 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-08-15 02:59 . 2011-08-15 02:59 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-04-15 07:08 . 2011-04-15 07:08 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-14 12:00 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll
- 2009-03-08 08:32 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
+ 2009-03-08 08:32 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll
+ 2008-04-14 12:00 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 12:00 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll
- 2010-09-09 14:53 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2010-09-09 14:53 . 2011-06-23 18:36 1991680 c:\windows\system32\dllcache\iertutil.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-04-29 01:50 . 2011-04-29 01:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-05-02 04:06 . 2011-05-02 04:06 2705920 c:\windows\Installer\2634b9.msp
+ 2011-05-02 04:06 . 2011-05-02 04:06 2705920 c:\windows\Installer\15bebdf.msp
+ 2011-08-15 01:52 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-08-15 01:52 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-08-15 01:52 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-08-15 02:08 . 2011-08-15 02:08 5025792 c:\windows\assembly\temp\W4BHOU17EK\System.Windows.Forms.dll
+ 2011-08-15 02:09 . 2011-08-15 02:09 2048000 c:\windows\assembly\temp\T18FLSY5CI\System.XML.dll
+ 2011-08-15 02:09 . 2011-08-15 02:09 2933248 c:\windows\assembly\temp\T18ELRY4BH\System.Data.dll
+ 2011-08-15 02:09 . 2011-08-15 02:09 3182592 c:\windows\assembly\temp\AIPV29FMSZ\System.dll
+ 2011-08-15 03:01 . 2011-08-15 03:01 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
+ 2011-08-15 02:12 . 2011-08-15 02:12 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\62697d40f5959797097a6da086e96556\WindowsBase.ni.dll
+ 2011-08-15 03:04 . 2011-08-15 03:04 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\162600dde59fbaa0c048a949158ecba3\UIAutomationClientsideProviders.ni.dll
+ 2011-08-15 04:09 . 2011-08-15 04:09 3445248 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\ff7ec3028a85472011d1b37a38e750ee\ttax.ni.dll
+ 2011-08-15 03:01 . 2011-08-15 03:01 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
+ 2011-08-15 02:11 . 2011-08-15 02:11 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\dd162cf88594628eb1f3d7c0a9f65f7f\System.ni.dll
+ 2011-08-15 03:04 . 2011-08-15 03:04 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
+ 2011-08-15 04:14 . 2011-08-15 04:14 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\22229a30650a9afbac984e1093898b13\System.WorkflowServices.ni.dll
+ 2011-08-15 04:14 . 2011-08-15 04:14 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\4d6b3cc1fc7a4788612241af7966715a\System.Workflow.Runtime.ni.dll
+ 2011-08-15 04:14 . 2011-08-15 04:14 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e4c9853af945c9cfede19f3faf18af6e\System.Workflow.ComponentModel.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ab4b50c7c789e46a485903365765fde8\System.Workflow.Activities.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3da92a0b9b8ac97e11ca8bf4df671a78\System.Web.Mobile.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1\System.Web.Extensions.ni.dll
+ 2011-08-15 03:04 . 2011-08-15 03:04 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e1208f0d981c420fc59f806bfbaa713b\System.Speech.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll
+ 2011-08-15 04:08 . 2011-08-15 04:08 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
+ 2011-08-15 03:03 . 2011-08-15 03:03 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\90b444d02047ef27921153d46967ef0e\System.Printing.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\8a9589fd87302a1333af22962bb5f1f1\System.Management.Automation.ni.dll
+ 2011-08-15 04:08 . 2011-08-15 04:08 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
+ 2011-08-15 03:03 . 2011-08-15 03:03 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll
+ 2011-08-15 03:03 . 2011-08-15 03:03 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
+ 2011-08-15 04:09 . 2011-08-15 04:09 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll
+ 2011-08-15 04:12 . 2011-08-15 04:12 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c1b9b8ce390548dcca661a5e6a908408\System.Data.Services.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\c729750d54f6e7427230622bcccd4709\System.Data.OracleClient.ni.dll
+ 2011-08-15 03:03 . 2011-08-15 03:03 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\571af34939797a7c1cd05b0b925a45bf\System.Data.Linq.ni.dll
+ 2011-08-15 04:12 . 2011-08-15 04:12 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\2b58cc071d6bf0c741e91f86c09de5d7\System.Data.Entity.ni.dll
+ 2011-08-15 03:03 . 2011-08-15 03:03 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e54e013315849f5e34d8f2a8e7fdb450\System.Core.ni.dll
+ 2011-08-15 03:02 . 2011-08-15 03:02 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\24ab0cacc77e8696ceff3157942a2de4\ReachFramework.ni.dll
+ 2011-08-15 03:02 . 2011-08-15 03:02 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fac1ca86f4fea17de40d7fdaba38563e\PresentationUI.ni.dll
+ 2011-08-15 02:11 . 2011-08-15 02:11 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f1e4b6342d81b95efdfd86126e6fc1a0\PresentationBuildTasks.ni.dll
+ 2011-08-15 03:01 . 2011-08-15 03:01 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b187becbc388c4ce7f33ede4da76e7b1\PresentationBuildTasks.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-15 04:13 . 2011-08-15 04:13 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\345abd035c9378667b1cac54c1f21c97\Microsoft.JScript.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\906cd5555b79e4e0486dc8ef2a748b13\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll
+ 2011-08-15 04:11 . 2011-08-15 04:11 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 1554944 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\ce57a5fb2cf18bae2c6ec3194d113647\Intuit.Ctg.Map.ni.dll
+ 2011-08-15 02:09 . 2011-08-15 02:59 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-01 07:03 . 2011-04-15 07:08 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-08-15 02:09 . 2011-08-15 02:59 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-10-01 07:03 . 2011-04-15 07:07 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-10-01 07:03 . 2011-04-15 07:07 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-08-15 02:08 . 2011-08-15 02:58 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-04-15 07:07 . 2011-04-15 07:07 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-01 07:03 . 2011-04-15 07:07 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-08-15 02:58 . 2011-08-15 02:58 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-10-01 07:03 . 2011-04-15 07:08 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-08-15 02:09 . 2011-08-15 02:59 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-08-15 02:09 . 2011-08-15 02:59 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-10-01 07:03 . 2011-04-15 07:08 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-09-08 23:42 . 2011-07-30 14:05 52390856 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
+ 2010-09-09 14:53 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-03-28 07:27 . 2011-03-28 07:27 15456256 c:\windows\Installer\15bebf0.msp
+ 2011-08-15 01:52 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
+ 2011-08-15 03:04 . 2011-08-15 03:04 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
+ 2011-08-15 04:10 . 2011-08-15 04:10 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
+ 2011-08-15 04:09 . 2011-08-15 04:09 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
+ 2011-08-15 03:03 . 2011-08-15 03:03 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\63ad0cd9b5e038c8e2e41415657db8fc\System.Design.ni.dll
+ 2011-08-15 03:02 . 2011-08-15 03:02 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\704556e34128441ea9f1a81cc89f8a79\PresentationFramework.ni.dll
+ 2011-08-15 03:02 . 2011-08-15 03:02 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
+ 2011-08-15 02:10 . 2011-08-15 02:10 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4600704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-25 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-25 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-07-16 281768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/18/2011 8:02 PM 116608]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [4/13/2011 11:50 PM 401920]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/9/2010 12:05 PM 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/9/2010 11:58 AM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/9/2010 11:58 AM 22712]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/16/2011 12:59 PM 340136]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [6/28/2011 11:47 PM 428200]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [3/22/2010 2:32 PM 27002]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-15 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-09-09 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
Trusted Zone: amazon.com\www
Trusted Zone: bluemountain.com\www
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\bh0jb6m2.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-17 08:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1556)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-08-17 08:40:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-17 12:40
ComboFix2.txt 2011-08-14 21:02
.
Pre-Run: 12,277,592,064 bytes free
Post-Run: 12,181,598,208 bytes free
.
- - End Of File - - 04FCDFA9879B0D028B7D54ADA3486E8E
  • 0

#14
headlever1

headlever1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I don't know what is up now, but I can not get onto websites other than Google. Google finds the site. Then I get an error code that says server not found. Do you think there is a setting wrong? Or, are my multiple virus programs fighting each other?
  • 0

#15
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Most probably it's TDL 3 that is interfering with the search results, but I need the OTL scan from post #10 so i can remove it in the next step :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP