Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Recurring infections after MBAM, SAS

Started by jd_hupp , Apr 11 2011 06:51 PM

  • Please log in to reply

#1
jd_hupp
Posted 11 April 2011 - 06:51 PM

jd_hupp

    New Member

  • Member
  • Pip
  • 7 posts
I'm getting recurring infections after removals by MBAM and SAS. Also search redirects. Could someone please have a look? Here are my OTL and Extras results (Quick Scan, All Users):

OTL logfile created on: 4/11/2011 8:34:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 16.43 Gb Free Space | 56.09% Space Free | Partition Type: NTFS
Drive D: | 119.75 Gb Total Space | 10.49 Gb Free Space | 8.76% Space Free | Partition Type: NTFS

Computer Name: RICK | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/11 20:33:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/01/17 17:15:32 | 000,822,560 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2011/01/17 16:15:32 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/05/14 12:56:46 | 000,602,112 | ---- | M] (Remote Backup Systems, Inc.) -- C:\Program Files\Remote Backup\rbackup.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/07 17:30:56 | 000,864,256 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2003/02/11 18:48:40 | 001,741,280 | ---- | M] () -- C:\Service2000DBS\DLC\bin\_mprshut.exe
PRC - [2003/02/11 18:48:26 | 001,371,312 | ---- | M] () -- C:\Service2000DBS\DLC\bin\_mprosrv.exe
PRC - [2002/05/06 21:05:32 | 000,020,480 | ---- | M] () -- C:\Service2000DBS\DLC\bin\admsrvc.exe
PRC - [2000/06/02 14:11:36 | 000,020,542 | ---- | M] () -- C:\Service2000DBS\DLC\jre\bin\java.exe


========== Modules (SafeList) ==========

MOD - [2011/04/11 20:33:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
MOD - [2011/03/09 16:54:14 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/05 18:15:07 | 000,215,552 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\itlpfw32.dll -- (itlperf)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/05/14 12:56:46 | 000,602,112 | ---- | M] (Remote Backup Systems, Inc.) [Auto | Running] -- C:\Program Files\Remote Backup\rbackup.exe -- (Remote Backup 2007)
SRV - [2002/05/06 21:05:32 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Service2000DBS\DLC\bin\admsrvc.exe -- (AdminService9.1D)


========== Driver Services (SafeList) ==========

DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/10/13 23:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 23:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 23:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 23:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 23:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 23:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 23:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 23:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 23:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 23:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/03/14 09:38:31 | 000,016,512 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/07/24 19:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/21 17:20:06 | 000,097,816 | ---- | M] (FAMv4) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\FAMv4.sys -- (FAMv4)
DRV - [2007/11/10 04:20:02 | 000,029,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2007/09/20 19:07:40 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 19:07:38 | 000,053,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/09/19 05:16:32 | 004,617,728 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...007&form=ZGAPHP
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...007&form=ZGAPHP
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1606980848-1454471165-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nexpart.com/login.php
IE - HKU\S-1-5-21-1606980848-1454471165-682003330-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1606980848-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{85A5768E-D111-4DB3-B3C7-E2D6DCF684E6}: D:\Documents and Settings\Rick\Local Settings\Application Data\{85A5768E-D111-4DB3-B3C7-E2D6DCF684E6} [2011/04/05 15:17:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/04/07 10:53:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/28 21:03:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/24 08:51:44 | 000,000,000 | ---D | M]

[2009/03/14 13:55:02 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Rick\Application Data\Mozilla\Extensions
[2011/01/13 13:16:35 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\tntfiq57.default\extensions
[2009/11/05 18:19:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\tntfiq57.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/13 13:16:35 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- D:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\tntfiq57.default\extensions\[email protected]
[2011/01/03 20:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/25 18:45:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/03 20:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/03/16 09:50:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/07 10:53:49 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/07 11:32:38 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

Hosts file not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110228200346.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1606980848-1454471165-682003330-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1606980848-1454471165-682003330-1003\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-1454471165-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-1606980848-1454471165-682003330-1003\..Trusted Domains: server ([]* in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1237040245250 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/15 00:23:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1606980848-1454471165-682003330-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1606980848-1454471165-682003330-1003\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 20:24:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/04/11 18:54:40 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Rick\Recent
[2011/04/11 18:52:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/11 18:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/11 07:15:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/04/09 19:11:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/04/09 19:11:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Google
[2011/04/09 10:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/04/08 02:15:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Identities
[2011/04/07 20:01:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/04/07 11:32:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Mozilla
[2011/04/06 22:25:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/06 22:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/06 08:48:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/06 08:33:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/05 19:18:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/05 19:18:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/05 15:34:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/05 15:33:59 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/05 15:17:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Rick\Local Settings\Application Data\{85A5768E-D111-4DB3-B3C7-E2D6DCF684E6}
[2011/04/05 15:15:59 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Rick\Application Data\Liobid
[2011/04/05 15:15:59 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Rick\Application Data\Ekam
[4 D:\Documents and Settings\Rick\My Documents\*.tmp files -> D:\Documents and Settings\Rick\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/11 20:28:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/11 20:24:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/11 20:24:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/11 20:23:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/11 20:23:55 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\Cafczyevo.job
[2011/04/11 20:23:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/11 20:08:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\CopyNetworkBackupsToArchive.job
[2011/04/11 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/04/11 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/04/11 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/04/11 17:15:49 | 000,010,752 | ---- | M] () -- D:\Documents and Settings\Rick\My Documents\Board.xlr
[2011/04/11 17:15:49 | 000,005,702 | ---- | M] () -- D:\Documents and Settings\Rick\Application Data\wklnhst.dat
[2011/04/11 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/04/11 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/04/11 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/04/11 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/04/11 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/04/11 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/04/11 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/04/11 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/04/11 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/04/11 08:53:53 | 000,024,576 | ---- | M] () -- D:\Documents and Settings\Rick\My Documents\dailytime.xlr
[2011/04/11 08:52:55 | 000,025,088 | ---- | M] () -- D:\Documents and Settings\Rick\My Documents\dailytime2.xlr
[2011/04/11 08:39:10 | 000,012,800 | ---- | M] () -- D:\Documents and Settings\Rick\My Documents\bankbal.xlr
[2011/04/11 08:06:21 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\Class15
[2011/04/11 08:06:21 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\Band4
[2011/04/11 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/04/11 07:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/04/11 06:49:18 | 000,000,112 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\kAp70y4.dat
[2011/04/11 06:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/04/11 05:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/04/11 04:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/04/11 03:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/04/11 02:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/04/11 01:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/04/11 00:18:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/04/11 00:16:27 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\rb-Incr_Daily.job
[2011/04/11 00:00:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Backup Service2000.job
[2011/04/10 23:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/04/10 22:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/04/10 21:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/04/10 02:03:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/09 00:16:36 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\rb-Incr_Sat.job
[2011/04/08 22:31:13 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\CopyTomsBackupToServer.job
[2011/04/08 21:03:37 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\1 Friday Full Backup.job
[2011/04/07 21:01:44 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\5 Thursday Incremental Backup.job
[2011/04/07 15:08:41 | 000,018,944 | ---- | M] () -- D:\Documents and Settings\Rick\My Documents\03.31.11.xlr
[2011/04/06 21:03:43 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\4 Wednesday Incremental Backup.job
[2011/04/06 13:50:19 | 000,049,152 | ---- | M] () -- D:\Documents and Settings\Rick\My Documents\RentalCars.xlr
[2011/04/06 09:53:46 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wlukakoyupune.dat
[2011/04/06 09:30:32 | 000,014,630 | -HS- | M] () -- D:\Documents and Settings\Rick\Local Settings\Application Data\3s01332t76tp114a55yo
[2011/04/06 09:30:32 | 000,014,630 | -HS- | M] () -- D:\Documents and Settings\All Users\Application Data\3s01332t76tp114a55yo
[2011/04/06 09:12:57 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/04/06 07:15:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lpavaci.bin
[2011/04/05 21:00:07 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\3 Tuesday Incremental Backup.job
[2011/04/05 16:16:19 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/05 16:16:19 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/05 15:23:42 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\rb-Full.job
[2011/04/05 15:16:13 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Rick\NULL
[2011/04/05 15:14:41 | 000,143,360 | RHS- | M] () -- C:\WINDOWS\System32\TsWpfWrpg.dll
[2011/04/05 13:38:01 | 000,015,872 | ---- | M] () -- D:\Documents and Settings\Rick\My Documents\fax.wps
[2011/04/04 21:01:32 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\2 Monday Incremental Backup.job
[2011/04/04 15:04:12 | 000,017,920 | ---- | M] () -- D:\Documents and Settings\Rick\My Documents\Rental402.2008.xlr
[2011/04/03 05:01:41 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\First Sunday Image of C.job
[2011/04/03 04:37:43 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\FirstSundayCopyImagesOfC.job
[2011/04/01 09:13:01 | 000,015,872 | ---- | M] () -- D:\Documents and Settings\Rick\My Documents\AR.xlr
[2011/03/30 11:57:42 | 000,010,752 | ---- | M] () -- D:\Documents and Settings\Rick\My Documents\InkCartridge.xlr
[2011/03/25 16:50:22 | 000,010,752 | ---- | M] () -- D:\Documents and Settings\Rick\My Documents\oilchange.xlr
[2011/03/25 08:44:17 | 000,010,752 | ---- | M] () -- D:\Documents and Settings\Rick\My Documents\password.xlr
[2011/03/18 09:43:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\protrace.1684
[2011/03/15 14:09:44 | 000,000,548 | ---- | M] () -- D:\Documents and Settings\Rick\Desktop\Shortcut to 03.31.11.xlr.lnk
[2011/03/15 14:09:01 | 000,018,944 | ---- | M] () -- D:\Documents and Settings\Rick\My Documents\02.28.11.xlr
[4 D:\Documents and Settings\Rick\My Documents\*.tmp files -> D:\Documents and Settings\Rick\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/11 08:06:21 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\Class15
[2011/04/11 08:06:21 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\Band4
[2011/04/09 19:23:21 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/09 19:23:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/04/06 08:23:01 | 000,014,630 | -HS- | C] () -- D:\Documents and Settings\Rick\Local Settings\Application Data\3s01332t76tp114a55yo
[2011/04/06 08:23:01 | 000,014,630 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\3s01332t76tp114a55yo
[2011/04/05 15:36:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/05 15:26:03 | 000,000,112 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\kAp70y4.dat
[2011/04/05 15:18:02 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wlukakoyupune.dat
[2011/04/05 15:18:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lpavaci.bin
[2011/04/05 15:16:13 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Rick\NULL
[2011/04/05 15:14:41 | 000,143,360 | RHS- | C] () -- C:\WINDOWS\System32\TsWpfWrpg.dll
[2011/04/05 15:14:41 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\Cafczyevo.job
[2011/03/18 09:43:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\protrace.1684
[2011/03/15 14:09:44 | 000,000,548 | ---- | C] () -- D:\Documents and Settings\Rick\Desktop\Shortcut to 03.31.11.xlr.lnk
[2011/03/15 14:09:19 | 000,018,944 | ---- | C] () -- D:\Documents and Settings\Rick\My Documents\03.31.11.xlr
[2010/06/18 15:16:55 | 000,005,702 | ---- | C] () -- D:\Documents and Settings\Rick\Application Data\wklnhst.dat
[2009/11/06 13:54:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2009/10/22 13:23:37 | 000,000,024 | ---- | C] () -- C:\WINDOWS\brqikmon.ini
[2009/10/19 11:42:41 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BO6050D.INI
[2009/10/19 11:36:49 | 000,000,296 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2009/10/19 11:36:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/10/19 11:36:49 | 000,000,015 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/10/19 11:36:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bw6050d.ini
[2009/10/19 11:36:48 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2009/10/19 11:36:48 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2009/10/19 11:35:00 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/10/14 10:45:51 | 000,003,584 | ---- | C] () -- D:\Documents and Settings\Rick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 16:53:18 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/09/11 16:53:18 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/09/11 16:46:07 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/09/11 16:46:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/09/11 16:35:38 | 000,000,209 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/09/11 16:35:38 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/09/11 16:35:38 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7420.dat
[2009/09/11 16:35:38 | 000,000,064 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/11 16:33:36 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/09/11 16:17:02 | 000,000,467 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/28 09:52:26 | 000,000,162 | -H-- | C] () -- C:\Program Files\Common Files\client.lcs
[2009/03/23 13:04:29 | 000,000,106 | ---- | C] () -- D:\Documents and Settings\Rick\Application Data\AVSDVDPlayer.m3u
[2009/03/16 10:00:33 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/16 10:00:32 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/15 00:25:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/15 00:20:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/14 16:00:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/14 15:57:33 | 000,177,056 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/14 13:55:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/14 13:33:42 | 000,000,195 | ---- | C] () -- C:\WINDOWS\OPLW.INI
[2009/03/14 12:41:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/14 11:35:16 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\ProExtra.dll
[2009/03/14 11:35:15 | 003,080,237 | ---- | C] () -- C:\WINDOWS\System32\Msowc.dll
[2009/03/14 09:39:59 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/03/14 08:43:27 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/10/04 04:14:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/04 04:14:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/04 04:14:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/04 04:14:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/04 04:14:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/04 04:14:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/04 04:14:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/04 04:14:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/10/04 04:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/03 21:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 10:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/08/23 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 16:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 16:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/04/30 12:33:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Applications
[2011/04/11 07:15:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/09/11 16:33:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/01/08 16:59:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/17 12:04:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Rick\Application Data\Bullzip
[2010/01/05 15:10:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Rick\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/05 15:17:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Rick\Application Data\Ekam
[2011/04/06 10:40:38 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Rick\Application Data\Liobid
[2010/11/16 09:07:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Rick\Application Data\ScanSoft
[2009/08/28 09:50:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Rick\Application Data\TeamViewer
[2009/03/26 13:53:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Rick\Application Data\Template
[2011/04/08 21:03:37 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\1 Friday Full Backup.job
[2011/04/04 21:01:32 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\2 Monday Incremental Backup.job
[2011/04/05 21:00:07 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\3 Tuesday Incremental Backup.job
[2011/04/06 21:03:43 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\4 Wednesday Incremental Backup.job
[2011/04/07 21:01:44 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\5 Thursday Incremental Backup.job
[2011/04/11 00:18:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/04/11 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/04/11 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/04/11 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/04/11 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/04/11 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/04/11 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/04/11 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/04/11 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/04/11 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/04/11 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/04/11 01:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/04/11 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/04/11 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/04/10 21:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/04/10 22:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/04/10 23:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/04/11 02:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/04/11 03:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/04/11 04:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/04/11 05:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/04/11 06:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/04/11 07:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/04/11 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2011/04/11 00:00:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\Backup Service2000.job
[2011/04/11 20:23:55 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\Tasks\Cafczyevo.job
[2011/04/11 20:08:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\CopyNetworkBackupsToArchive.job
[2011/04/08 22:31:13 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\CopyTomsBackupToServer.job
[2011/04/03 05:01:41 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\First Sunday Image of C.job
[2011/04/03 04:37:43 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\FirstSundayCopyImagesOfC.job
[2011/04/05 15:23:42 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\rb-Full.job
[2011/04/11 00:16:27 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\rb-Incr_Daily.job
[2011/04/09 00:16:36 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\rb-Incr_Sat.job

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 4/11/2011 8:34:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 16.43 Gb Free Space | 56.09% Space Free | Partition Type: NTFS
Drive D: | 119.75 Gb Total Space | 10.49 Gb Free Space | 8.76% Space Free | Partition Type: NTFS

Computer Name: RICK | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1606980848-1454471165-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\WINDOWS\TEMP\frvn\setup.exe" = C:\WINDOWS\TEMP\frvn\setup.exe:*:Enabled:setup


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2515BF88-E42E-4AFA-A8E7-DF272762589B}" = Microsoft Office Live Meeting 2007
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE9327CE-B854-462B-92EB-56E829E50EE3}" = Default
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{F0674B40-D8C3-11D3-8C61-00104B1F6CF0}" = Remote Backup 2007
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ATT-PRT22" = ATT-PRT22
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 3.0.0.352
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Updater" = Google Updater
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Service2000 Database Server" = Service2000 Database Server
"Service2000 Network Client" = Service2000 Network Client
"whitesmoketoolbar" = WhiteSmoke Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1606980848-1454471165-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.452

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/11/2011 5:05:48 PM | Computer Name = RICK | Source = Application Error | ID = 1000
Description = Faulting application AcV5o0Aq.exe, version 1.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000985e.

Error - 4/11/2011 6:05:48 PM | Computer Name = RICK | Source = Application Error | ID = 1000
Description = Faulting application AcV5o0Aq.exe, version 1.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000985e.

Error - 4/11/2011 6:12:09 PM | Computer Name = RICK | Source = Application Error | ID = 1000
Description = Faulting application AcV5o0Aq.exe, version 1.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000985e.

Error - 4/11/2011 6:17:30 PM | Computer Name = RICK | Source = Application Error | ID = 1000
Description = Faulting application AcV5o0Aq.exe, version 1.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000985e.

Error - 4/11/2011 6:19:10 PM | Computer Name = RICK | Source = Application Error | ID = 1000
Description = Faulting application AcV5o0Aq.exe, version 1.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000985e.

Error - 4/11/2011 6:27:18 PM | Computer Name = RICK | Source = Application Error | ID = 1000
Description = Faulting application AcV5o0Aq.exe, version 1.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000985e.

Error - 4/11/2011 6:29:59 PM | Computer Name = RICK | Source = Application Error | ID = 1000
Description = Faulting application AcV5o0Aq.exe, version 1.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000985e.

Error - 4/11/2011 7:21:26 PM | Computer Name = RICK | Source = Application Error | ID = 1000
Description = Faulting application AcV5o0Aq.exe, version 1.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000985e.

Error - 4/11/2011 7:26:51 PM | Computer Name = RICK | Source = Application Error | ID = 1000
Description = Faulting application AcV5o0Aq.exe, version 1.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000985e.

Error - 4/11/2011 7:30:37 PM | Computer Name = RICK | Source = Application Error | ID = 1000
Description = Faulting application AcV5o0Aq.exe, version 1.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000985e.

[ System Events ]
Error - 4/11/2011 11:01:56 AM | Computer Name = RICK | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 4/11/2011 11:01:56 AM | Computer Name = RICK | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 4/11/2011 11:01:56 AM | Computer Name = RICK | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 4/11/2011 11:41:00 AM | Computer Name = RICK | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 4/11/2011 12:00:27 PM | Computer Name = RICK | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 4/11/2011 12:00:34 PM | Computer Name = RICK | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 4/11/2011 12:00:37 PM | Computer Name = RICK | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 4/11/2011 12:00:43 PM | Computer Name = RICK | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 4/11/2011 12:01:03 PM | Computer Name = RICK | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 4/11/2011 2:42:02 PM | Computer Name = RICK | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 13 April 2011 - 11:12 AM

RKinner

    Malware Expert

  • Expert
  • 24,736 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:Services
HidServ

:OTL
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/04/09 19:00:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/04/09 19:00:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/04/06 08:23:01 | 000,014,630 | -HS- | C] () -- D:\Documents and Settings\Rick\Local Settings\Application Data\3s01332t76tp114a55yo
[2011/04/06 08:23:01 | 000,014,630 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\3s01332t76tp114a55yo
[2011/04/05 15:26:03 | 000,000,112 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\kAp70y4.dat
[2011/04/05 15:18:02 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wlukakoyupune.dat
[2011/04/05 15:18:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lpavaci.bin
[2011/04/05 15:16:13 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Rick\NULL
[2011/04/05 15:14:41 | 000,143,360 | RHS- | C] () -- C:\WINDOWS\System32\TsWpfWrpg.dll
[2011/04/05 15:14:41 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\Cafczyevo.job


:Files
C:\WINDOWS\tasks\At*.job
     
:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Ron
  • 0

#3
jd_hupp
Posted 14 April 2011 - 10:36 AM

jd_hupp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for taking this on, Ron.

All logs attached.

Attached Files


  • 0

#4
RKinner
Posted 14 April 2011 - 11:36 AM

RKinner

    Malware Expert

  • Expert
  • 24,736 posts
  • MVP
Please do not attach your logs. It makes them too hard to work with. Copy and paste them into a reply.


Copy the text in the code box by highlighting and Ctrl + c.

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
C:\WINDOWS\System32\itlpfw32.dll

Firefox::
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Brother\Brmfl04g\BrStDvPt .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\LogMeIn\x86\LogMeInSystray .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr .exe
c:\program files\ScanSoft\PaperPort\IndexSearch .exe
c:\program files\ScanSoft\PaperPort\pptd40nt .exe
c:\windows\system32\rundll32 .exe

Folder::
D:\Documents and Settings\Rick\Local Settings\Application Data\{85A5768E-D111-4DB3-B3C7-E2D6DCF684E6}
D:\Documents and Settings\Rick\Application Data\Liobid
D:\Documents and Settings\Rick\Application Data\Ekam

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to george and let go. Combofix should start by itself.

Post the new log.

How attached are you to McAfee? As you can now testify it doesn't work all that well. I prefer the free Avast 6. http://www.avast.com...avast-home.html


Ron
  • 0

#5
jd_hupp
Posted 14 April 2011 - 07:23 PM

jd_hupp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi, Ron. Sorry about the log attachments. Following is the pasted CFScript-->ComboFix log.

(And yes, McAfee's stock has gone down substantially in my eyes.)

ComboFix 11-04-13.06 - Rick 04/14/2011 21:07:16.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.1349 [GMT -4:00]
Running from: d:\documents and settings\Rick\Desktop\george.exe
Command switches used :: d:\documents and settings\Rick\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\windows\System32\itlpfw32.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\Rick\Application Data\Liobid
.
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-11 22:52 . 2011-04-11 22:52 -------- d-----w- c:\program files\CCleaner
2011-04-11 11:15 . 2011-04-11 11:15 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-04-09 23:11 . 2011-04-09 23:11 -------- d-sh--w- d:\documents and settings\NetworkService\PrivacIE
2011-04-09 23:11 . 2011-04-09 23:23 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-04-05 19:35 . 2011-04-05 19:35 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 00:56 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 00:56 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-03-15 04:19 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-03-15 04:19 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 00:56 439296 ----a-w- c:\windows\system32\shimgvw.dll
2010-10-14 03:28 . 2011-03-01 01:03 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
<pre>
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\McAfee.com\Agent\mcagent .exe
</pre>
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-14_16.02.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-15 01:14 . 2011-04-15 01:14 16384 c:\windows\temp\Perflib_Perfdata_65c.dat
+ 2011-04-14 02:30 . 2011-04-14 23:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-14 02:30 . 2011-04-14 07:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-15 04:25 . 2011-04-14 23:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-15 04:25 . 2011-04-14 07:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-14 19:30 . 2011-04-14 23:42 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1193848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-04-09 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 18:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R1 FAMv4;FAMv4;c:\windows\system32\drivers\FAMv4.sys [3/28/2009 9:51 AM 97816]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/28/2011 9:03 PM 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 AdminService9.1D;Admin Service for Service2000;c:\service2000dbs\DLC\bin\admsrvc.exe [3/21/2009 3:41 PM 20480]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/29/2010 2:31 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/28/2009 9:53 PM 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/28/2011 9:03 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2/28/2011 9:03 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2/28/2011 9:03 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2/28/2011 9:03 PM 141792]
R2 Remote Backup 2007;Remote Backup 2007;c:\program files\Remote Backup\rbackup.exe [3/28/2009 9:51 AM 602112]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/28/2011 9:03 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/28/2011 9:03 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/28/2011 9:03 PM 88544]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [11/10/2007 4:20 AM 29728]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/9/2011 7:23 PM 135664]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/28/2011 9:03 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/28/2011 9:03 PM 84264]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-09 c:\windows\Tasks\1 Friday Full Backup.job
- d:\backupcommands\1 Friday Full Backup.bat [2011-01-02 21:02]
.
2011-04-12 c:\windows\Tasks\2 Monday Incremental Backup.job
- d:\backupcommands\2 Monday Incremental Backup.bat [2011-01-02 21:05]
.
2011-04-13 c:\windows\Tasks\3 Tuesday Incremental Backup.job
- d:\backupcommands\3 Tuesday Incremental Backup.bat [2011-01-02 21:05]
.
2011-04-14 c:\windows\Tasks\4 Wednesday Incremental Backup.job
- d:\backupcommands\4 Wedsday Incremental Backup.bat [2011-01-02 21:06]
.
2011-04-15 c:\windows\Tasks\5 Thursday Incremental Backup.job
- d:\backupcommands\5 Thursday Incremental Backup.bat [2011-01-02 21:07]
.
2011-04-14 c:\windows\Tasks\Backup Service2000.job
- c:\service2000dbs\AdminScripts\backup.bat [2009-03-21 19:42]
.
2011-04-12 c:\windows\Tasks\CopyNetworkBackupsToArchive.job
- d:\backupcommands\CopyNetworkBackupsToArchive.bat [2011-01-02 01:28]
.
2011-04-14 c:\windows\Tasks\CopyTomsBackupToServer.job
- d:\backupcommands\CopyTomsBackupToServer.bat [2009-03-31 01:53]
.
2011-04-03 c:\windows\Tasks\First Sunday Image of C.job
- c:\progra~1\RUNTIM~1\DRIVEI~1\dixml.exe [2008-10-23 18:03]
.
2011-04-03 c:\windows\Tasks\FirstSundayCopyImagesOfC.job
- d:\c_images_3\CopyStage3Images.bat [2011-01-15 15:49]
.
2011-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 19:46]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 23:23]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 23:23]
.
2011-04-05 c:\windows\Tasks\rb-Full.job
- c:\program files\Remote Backup\rbclient.exe [2009-03-28 16:55]
.
2011-04-14 c:\windows\Tasks\rb-Incr_Daily.job
- c:\program files\Remote Backup\rbclient.exe [2009-03-28 16:55]
.
2011-04-09 c:\windows\Tasks\rb-Incr_Sat.job
- c:\program files\Remote Backup\rbclient.exe [2009-03-28 16:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nexpart.com/login.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\tntfiq57.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 21:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,01,03,1f,d7,20,98,4b,ba,d6,d1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,01,03,1f,d7,20,98,4b,ba,d6,d1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1072)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(3164)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\service2000dbs\DLC\jre\bin\java.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\rundll32.exe
c:\service2000dbs\DLC\jre\bin\java.exe
c:\service2000dbs\DLC\bin\_mprosrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\service2000dbs\DLC\bin\_mprshut.exe
.
**************************************************************************
.
Completion time: 2011-04-14 21:17:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-15 01:17
ComboFix2.txt 2011-04-14 16:05
.
Pre-Run: 17,415,192,576 bytes free
Post-Run: 17,398,120,448 bytes free
.
- - End Of File - - D1BE5283E59903A36D55820C9F471776
  • 0

#6
RKinner
Posted 14 April 2011 - 08:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,736 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c.


Killall::

RenV::
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\McAfee.com\Agent\mcagent .exe

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Ron
  • 0

#7
jd_hupp
Posted 14 April 2011 - 09:38 PM

jd_hupp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi, Ron.

My hat's off to you for continuing work at this late hour. The latest log:

ComboFix 11-04-13.06 - Rick 04/14/2011 23:24:46.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.1436 [GMT -4:00]
Running from: d:\documents and settings\Rick\Desktop\george.exe
Command switches used :: d:\documents and settings\Rick\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-11 22:52 . 2011-04-11 22:52 -------- d-----w- c:\program files\CCleaner
2011-04-11 11:15 . 2011-04-11 11:15 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-04-09 23:11 . 2011-04-09 23:11 -------- d-sh--w- d:\documents and settings\NetworkService\PrivacIE
2011-04-09 23:11 . 2011-04-09 23:23 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-04-05 19:35 . 2011-04-05 19:35 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 00:56 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 00:56 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-03-15 04:19 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-03-15 04:19 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 00:56 439296 ----a-w- c:\windows\system32\shimgvw.dll
2010-10-14 03:28 . 2011-03-01 01:03 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
<pre>
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\McAfee.com\Agent\mcagent .exe
</pre>
.
((((((((((((((((((((((((((((( SnapShot@2011-04-14_16.02.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-15 03:31 . 2011-04-15 03:31 16384 c:\windows\temp\Perflib_Perfdata_574.dat
+ 2011-04-14 02:30 . 2011-04-14 23:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-14 02:30 . 2011-04-14 07:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-15 04:25 . 2011-04-14 23:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-15 04:25 . 2011-04-14 07:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-21 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1193848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-04-09 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 18:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R1 FAMv4;FAMv4;c:\windows\system32\drivers\FAMv4.sys [3/28/2009 9:51 AM 97816]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/28/2011 9:03 PM 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 AdminService9.1D;Admin Service for Service2000;c:\service2000dbs\DLC\bin\admsrvc.exe [3/21/2009 3:41 PM 20480]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/29/2010 2:31 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/28/2009 9:53 PM 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/28/2011 9:03 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2/28/2011 9:03 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2/28/2011 9:03 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2/28/2011 9:03 PM 141792]
R2 Remote Backup 2007;Remote Backup 2007;c:\program files\Remote Backup\rbackup.exe [3/28/2009 9:51 AM 602112]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/28/2011 9:03 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/28/2011 9:03 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/28/2011 9:03 PM 88544]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [11/10/2007 4:20 AM 29728]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/9/2011 7:23 PM 135664]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/28/2011 9:03 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/28/2011 9:03 PM 84264]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-09 c:\windows\Tasks\1 Friday Full Backup.job
- d:\backupcommands\1 Friday Full Backup.bat [2011-01-02 21:02]
.
2011-04-12 c:\windows\Tasks\2 Monday Incremental Backup.job
- d:\backupcommands\2 Monday Incremental Backup.bat [2011-01-02 21:05]
.
2011-04-13 c:\windows\Tasks\3 Tuesday Incremental Backup.job
- d:\backupcommands\3 Tuesday Incremental Backup.bat [2011-01-02 21:05]
.
2011-04-14 c:\windows\Tasks\4 Wednesday Incremental Backup.job
- d:\backupcommands\4 Wedsday Incremental Backup.bat [2011-01-02 21:06]
.
2011-04-15 c:\windows\Tasks\5 Thursday Incremental Backup.job
- d:\backupcommands\5 Thursday Incremental Backup.bat [2011-01-02 21:07]
.
2011-04-14 c:\windows\Tasks\Backup Service2000.job
- c:\service2000dbs\AdminScripts\backup.bat [2009-03-21 19:42]
.
2011-04-12 c:\windows\Tasks\CopyNetworkBackupsToArchive.job
- d:\backupcommands\CopyNetworkBackupsToArchive.bat [2011-01-02 01:28]
.
2011-04-15 c:\windows\Tasks\CopyTomsBackupToServer.job
- d:\backupcommands\CopyTomsBackupToServer.bat [2009-03-31 01:53]
.
2011-04-03 c:\windows\Tasks\First Sunday Image of C.job
- c:\progra~1\RUNTIM~1\DRIVEI~1\dixml.exe [2008-10-23 18:03]
.
2011-04-03 c:\windows\Tasks\FirstSundayCopyImagesOfC.job
- d:\c_images_3\CopyStage3Images.bat [2011-01-15 15:49]
.
2011-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 19:46]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 23:23]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 23:23]
.
2011-04-05 c:\windows\Tasks\rb-Full.job
- c:\program files\Remote Backup\rbclient.exe [2009-03-28 16:55]
.
2011-04-14 c:\windows\Tasks\rb-Incr_Daily.job
- c:\program files\Remote Backup\rbclient.exe [2009-03-28 16:55]
.
2011-04-09 c:\windows\Tasks\rb-Incr_Sat.job
- c:\program files\Remote Backup\rbclient.exe [2009-03-28 16:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nexpart.com/login.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\tntfiq57.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ShopAtHome.com Intelligent Shopping Toolbar: [email protected] - %profile%\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 23:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,01,03,1f,d7,20,98,4b,ba,d6,d1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,01,03,1f,d7,20,98,4b,ba,d6,d1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1072)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(2032)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\service2000dbs\DLC\jre\bin\java.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\service2000dbs\DLC\bin\_mprosrv.exe
c:\service2000dbs\DLC\jre\bin\java.exe
c:\service2000dbs\DLC\bin\_mprshut.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
.
**************************************************************************
.
Completion time: 2011-04-14 23:34:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-15 03:34
ComboFix2.txt 2011-04-15 01:17
ComboFix3.txt 2011-04-14 16:05
.
Pre-Run: 17,408,897,024 bytes free
Post-Run: 17,395,068,928 bytes free
.
- - End Of File - - 991F82E2BB2BB279F70B0EF60EF3A3F2
  • 0

#8
RKinner
Posted 14 April 2011 - 11:30 PM

RKinner

    Malware Expert

  • Expert
  • 24,736 posts
  • MVP
I live in Washington state so it's not that late for me.

Looks like we can't fix these two files:

c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\McAfee.com\Agent\mcagent .exe

Note the space before .exe.

The top one is part of some adobe junk which no one ever uses so not a biggie. We can just delete it. IF you do use it you can redownload it from Adobe for free.

The other one is part of McAfee. We will have to delete it too. If you want to keep McAfee then I think you need to uninstall it and reinstall it.
http://service.mcafe...spx?id=TS100507

If you decide to junk McAfee and install Avast you need to run the McAfee Removal Tool since they can't seem to uninstall it the normal way. (Step 2 in the above instructions)


Let's delete the two files:

Copy the text in the code box by highlighting and Ctrl + c.


Killall::

File::
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\McAfee.com\Agent\mcagent .exe

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Any more problems?

Ron
  • 0

#9
jd_hupp
Posted 15 April 2011 - 04:44 PM

jd_hupp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi, Ron. Home stretch, then. Log after the CFscript to delete the 2 files:

ComboFix 11-04-13.06 - Rick 04/15/2011 18:24:38.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.1360 [GMT -4:00]
Running from: d:\documents and settings\Rick\Desktop\george.exe
Command switches used :: d:\documents and settings\Rick\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe"
"c:\program files\McAfee.com\Agent\mcagent .exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\McAfee.com\Agent\mcagent .exe
C:\test.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-11 22:52 . 2011-04-11 22:52 -------- d-----w- c:\program files\CCleaner
2011-04-11 11:15 . 2011-04-11 11:15 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-04-09 23:11 . 2011-04-09 23:11 -------- d-sh--w- d:\documents and settings\NetworkService\PrivacIE
2011-04-09 23:11 . 2011-04-09 23:23 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-04-05 19:35 . 2011-04-05 19:35 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 00:56 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 00:56 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-03-15 04:19 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-03-15 04:19 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 00:56 439296 ----a-w- c:\windows\system32\shimgvw.dll
2010-10-14 03:28 . 2011-03-01 01:03 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-14_16.02.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-15 22:31 . 2011-04-15 22:31 16384 c:\windows\temp\Perflib_Perfdata_7b4.dat
- 2011-04-14 02:30 . 2011-04-14 07:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-14 02:30 . 2011-04-15 21:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-15 04:25 . 2011-04-15 21:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-15 04:25 . 2011-04-14 07:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-15 04:35 . 2011-04-15 21:48 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-15 04:25 . 2011-04-14 07:12 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-21 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1193848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-04-09 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 18:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R1 FAMv4;FAMv4;c:\windows\system32\drivers\FAMv4.sys [3/28/2009 9:51 AM 97816]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/28/2011 9:03 PM 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 AdminService9.1D;Admin Service for Service2000;c:\service2000dbs\DLC\bin\admsrvc.exe [3/21/2009 3:41 PM 20480]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/29/2010 2:31 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/28/2009 9:53 PM 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/28/2011 9:03 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2/28/2011 9:03 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2/28/2011 9:03 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2/28/2011 9:03 PM 141792]
R2 Remote Backup 2007;Remote Backup 2007;c:\program files\Remote Backup\rbackup.exe [3/28/2009 9:51 AM 602112]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/28/2011 9:03 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/28/2011 9:03 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/28/2011 9:03 PM 88544]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [11/10/2007 4:20 AM 29728]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/9/2011 7:23 PM 135664]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/28/2011 9:03 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/28/2011 9:03 PM 84264]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-09 c:\windows\Tasks\1 Friday Full Backup.job
- d:\backupcommands\1 Friday Full Backup.bat [2011-01-02 21:02]
.
2011-04-12 c:\windows\Tasks\2 Monday Incremental Backup.job
- d:\backupcommands\2 Monday Incremental Backup.bat [2011-01-02 21:05]
.
2011-04-13 c:\windows\Tasks\3 Tuesday Incremental Backup.job
- d:\backupcommands\3 Tuesday Incremental Backup.bat [2011-01-02 21:05]
.
2011-04-14 c:\windows\Tasks\4 Wednesday Incremental Backup.job
- d:\backupcommands\4 Wedsday Incremental Backup.bat [2011-01-02 21:06]
.
2011-04-15 c:\windows\Tasks\5 Thursday Incremental Backup.job
- d:\backupcommands\5 Thursday Incremental Backup.bat [2011-01-02 21:07]
.
2011-04-15 c:\windows\Tasks\Backup Service2000.job
- c:\service2000dbs\AdminScripts\backup.bat [2009-03-21 19:42]
.
2011-04-12 c:\windows\Tasks\CopyNetworkBackupsToArchive.job
- d:\backupcommands\CopyNetworkBackupsToArchive.bat [2011-01-02 01:28]
.
2011-04-15 c:\windows\Tasks\CopyTomsBackupToServer.job
- d:\backupcommands\CopyTomsBackupToServer.bat [2009-03-31 01:53]
.
2011-04-03 c:\windows\Tasks\First Sunday Image of C.job
- c:\progra~1\RUNTIM~1\DRIVEI~1\dixml.exe [2008-10-23 18:03]
.
2011-04-03 c:\windows\Tasks\FirstSundayCopyImagesOfC.job
- d:\c_images_3\CopyStage3Images.bat [2011-01-15 15:49]
.
2011-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 19:46]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 23:23]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 23:23]
.
2011-04-05 c:\windows\Tasks\rb-Full.job
- c:\program files\Remote Backup\rbclient.exe [2009-03-28 16:55]
.
2011-04-15 c:\windows\Tasks\rb-Incr_Daily.job
- c:\program files\Remote Backup\rbclient.exe [2009-03-28 16:55]
.
2011-04-09 c:\windows\Tasks\rb-Incr_Sat.job
- c:\program files\Remote Backup\rbclient.exe [2009-03-28 16:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nexpart.com/login.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\tntfiq57.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ShopAtHome.com Intelligent Shopping Toolbar: [email protected] - %profile%\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-15 18:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,01,03,1f,d7,20,98,4b,ba,d6,d1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,01,03,1f,d7,20,98,4b,ba,d6,d1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1076)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(3060)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\service2000dbs\DLC\jre\bin\java.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\service2000dbs\DLC\bin\_mprosrv.exe
c:\service2000dbs\DLC\jre\bin\java.exe
c:\service2000dbs\DLC\bin\_mprshut.exe
.
**************************************************************************
.
Completion time: 2011-04-15 18:34:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-15 22:34
ComboFix2.txt 2011-04-15 03:34
ComboFix3.txt 2011-04-15 01:17
ComboFix4.txt 2011-04-14 16:05
.
Pre-Run: 17,383,190,528 bytes free
Post-Run: 17,364,475,904 bytes free
.
- - End Of File - - 2629AC527BAE170D67F5B61943D28F76
  • 0

#10
RKinner
Posted 15 April 2011 - 10:27 PM

RKinner

    Malware Expert

  • Expert
  • 24,736 posts
  • MVP
We got rid of the RenV infection (the one that makes the spaces before the .exe but there is still one left I think. (It may not be active since I think we got rid of the file it calls but I hate to leave anything.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
itlsvc REG_MULTI_SZ itlperf

Let's try one more time.


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"itlsvc"=-



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Ron
  • 0

#11
jd_hupp
Posted 16 April 2011 - 08:13 AM

jd_hupp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I'm happy to pursue this to kill it all DEAD. The log:

ComboFix 11-04-13.06 - Rick 04/16/2011 9:59.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.1378 [GMT -4:00]
Running from: d:\documents and settings\Rick\Desktop\george.exe
Command switches used :: d:\documents and settings\Rick\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-16 to 2011-04-16 )))))))))))))))))))))))))))))))
.
.
2011-04-16 04:24 . 2011-04-16 04:24 -------- d-----w- c:\windows\LastGood.Tmp
2011-04-15 23:48 . 2010-10-14 02:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2011-04-15 23:48 . 2010-10-14 02:28 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-15 23:48 . 2010-10-14 02:28 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-15 23:48 . 2010-10-14 02:28 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-15 23:48 . 2010-10-14 02:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-15 23:48 . 2010-10-14 02:28 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-15 23:48 . 2010-10-14 02:28 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-15 23:48 . 2010-10-14 02:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-15 23:48 . 2010-10-14 02:28 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-15 23:48 . 2011-04-15 23:48 -------- d-----w- c:\program files\Common Files\Mcafee
2011-04-15 23:48 . 2011-04-16 04:24 -------- d-----w- c:\program files\McAfee
2011-04-15 23:34 . 2010-10-14 02:28 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-15 23:34 . 2011-04-16 02:49 -------- d-----w- d:\documents and settings\All Users\Application Data\McAfee
2011-04-11 22:52 . 2011-04-11 22:52 -------- d-----w- c:\program files\CCleaner
2011-04-11 11:15 . 2011-04-11 11:15 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-04-09 23:11 . 2011-04-09 23:11 -------- d-sh--w- d:\documents and settings\NetworkService\PrivacIE
2011-04-09 23:11 . 2011-04-09 23:23 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-04-05 19:35 . 2011-04-05 19:35 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2009-03-15 04:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 00:56 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-03 23:17 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-04 00:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2004-08-04 00:56 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 00:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 11:41 . 2004-08-03 22:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-03 23:15 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-03 23:14 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 04:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 00:56 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-04 00:56 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 00:56 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 00:56 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 00:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2009-03-15 04:19 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-03-15 04:19 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 00:56 439296 ----a-w- c:\windows\system32\shimgvw.dll
2010-10-14 02:28 . 2011-04-15 23:48 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-14_16.02.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-16 14:03 . 2011-04-16 14:03 16384 c:\windows\temp\Perflib_Perfdata_300.dat
+ 2010-10-14 02:28 . 2010-10-14 02:28 95600 c:\windows\system32\drivers\mfeapfk.sys
- 2011-03-01 01:03 . 2010-10-14 03:28 95600 c:\windows\system32\drivers\mfeapfk.sys
+ 2011-04-14 02:30 . 2011-04-16 13:55 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-14 02:30 . 2011-04-14 07:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-15 04:25 . 2011-04-14 07:12 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-04-16 00:00 . 2011-04-16 13:55 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-04-15 23:56 . 2010-12-20 23:59 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
+ 2011-04-15 23:56 . 2010-12-20 23:59 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
+ 2011-04-15 23:56 . 2010-12-20 23:59 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
+ 2011-04-15 23:56 . 2010-12-20 23:59 43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
+ 2011-04-15 23:56 . 2010-12-20 23:59 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3f621b90371e67197bd4d0b86aa6f21d\System.Windows.Presentation.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\577b049541803541e6b00e2c36c00852\System.Web.DynamicData.Design.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\636ed65b7e5481320e3010b78a5e6cfa\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f83b1e8dd8c90490c8d924826c8b107d\System.AddIn.Contract.ni.dll
+ 2011-04-15 23:57 . 2011-04-15 23:57 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe
+ 2011-04-15 23:56 . 2011-04-15 23:56 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\108426b4dc654100c9a99bfa71f69886\Microsoft.Vsa.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8905268997c77a27c7f9c54aeba37f24\Microsoft.Build.Framework.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\11bb8ef375848eb1c074da1afd5cecdc\Microsoft.Build.Framework.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\6d74b9308a1517bfe959e597c3dd2427\dfsvc.ni.exe
+ 2011-04-16 00:12 . 2011-04-16 00:12 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-10-14 02:28 . 2010-10-14 02:28 386840 c:\windows\system32\drivers\mfehidk.sys
- 2011-03-01 01:03 . 2010-10-14 03:28 386840 c:\windows\system32\drivers\mfehidk.sys
+ 2010-09-18 16:23 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
- 2010-09-18 16:23 . 2010-09-18 16:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2010-10-14 07:13 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2010-06-10 18:15 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 18:15 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-04-20 05:30 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
- 2010-08-12 12:03 . 2010-08-12 11:43 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-08-12 12:03 . 2011-04-16 00:00 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-04-15 23:52 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-04-15 23:52 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-04-15 23:52 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-04-15 23:52 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-04-15 23:56 . 2010-12-20 23:59 916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll
+ 2011-04-15 23:56 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll
+ 2011-04-15 23:56 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe
+ 2011-04-15 23:56 . 2010-12-20 23:59 206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll
+ 2011-04-15 23:56 . 2010-12-20 23:59 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll
+ 2011-04-15 23:56 . 2010-12-20 23:59 602112 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll
+ 2011-04-15 23:56 . 2010-12-20 23:59 247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll
+ 2011-04-15 23:56 . 2010-12-20 23:59 184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll
+ 2011-04-15 23:56 . 2010-12-20 23:59 743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll
+ 2011-04-15 23:56 . 2010-12-20 23:59 387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll
+ 2011-04-15 23:56 . 2010-12-20 12:55 173568 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe
+ 2011-04-16 00:13 . 2011-04-16 00:13 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\95de80b860252231b46014f58226e473\WsatConfig.ni.exe
+ 2011-04-15 23:59 . 2011-04-15 23:59 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3d8f787002439f4942c33f376cfd8555\System.Xml.Linq.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\4b746fea8062a10ccc6e5331914e7dad\System.Web.Routing.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\103956fdb019bce8a173fe9cb9da3e02\System.Web.RegularExpressions.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c0a156fbf46ad272ac262e45eaa998f4\System.Web.Extensions.Design.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e3651e13567ce4e3fa7bb2fbab737d9a\System.Web.Entity.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\834d7769f39e4d937eda1ad3707d4716\System.Web.Entity.Design.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\032c96c6206b53bca122d1fbaf5f8ca2\System.Web.DynamicData.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6ce0e4fb33afcfcce43c427e82b987db\System.Web.Abstractions.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa6a58394a1f162eecce4cd8af0875c3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\6194eb4bc1e0133d0183d086b747f512\System.Net.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\d6ae8171ae6fd4fe83add34e6d70e5b5\System.Management.Instrumentation.ni.dll
+ 2011-04-16 00:12 . 2011-04-16 00:12 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\abd5a61d39e474f12b30ccbbe6277667\System.IO.Log.ni.dll
+ 2011-04-16 00:12 . 2011-04-16 00:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\12c4dba6d4ff0278d208c283d9ed7670\System.IdentityModel.Selectors.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.Wrapper.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ef56bf47fc2fc4204e0fcc1f32bab01\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\447d7b4a7d0add13f8d2086088bcc41c\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ce2afe8854ee9cdc834b6f392348c882\System.Data.Services.Design.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\03d4658290e300e437e745ef4a613b59\System.Data.Services.Client.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\7ce21a2855bb7731de4dab797e69f3f6\System.Data.Entity.Design.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ea57694aea47c05853516c9bb2ad54b4\System.Data.DataSetExtensions.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f312bb844670ebc7458fec9e6b2568b3\System.Configuration.Install.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\afd9595f07a8c68b26e81cf995957f56\System.AddIn.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3a42b2fbafe93d7b9395e328bea35afa\SMSvcHost.ni.exe
+ 2011-04-16 00:13 . 2011-04-16 00:13 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\97ff96d3fc8d0b10ea294f320acf821e\SMDiagnostics.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\28ed0e9efd938b05b4f53e0d90046701\ServiceModelReg.ni.exe
+ 2011-04-15 23:58 . 2011-04-15 23:58 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll
+ 2011-04-15 23:58 . 2011-04-15 23:58 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5670e74887ef1025c6a8c056ffe86b38\MSBuild.ni.exe
+ 2011-04-16 00:13 . 2011-04-16 00:13 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\653732002ebf5c68f69150a60e145e6a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\cc62770393640302bd4d7e442b1e49a4\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\352bff1ee71ce114e225f849038dc48d\Microsoft.Build.Utilities.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\7345f4d2d7157bf49de4158e8f2b6847\Microsoft.Build.Engine.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d7dba901ddd410ca1a0156d0f2a27533\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\010552e529d130ce914765b0801e2367\CustomMarshalers.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\6861f639b13967e9b014b44bbb7c5d4c\ComSvcConfig.ni.exe
+ 2011-04-16 00:12 . 2011-04-16 00:12 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\800da7dec567fadf3392091e9f01ecb9\AspNetMMCExt.ni.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-07 07:02 . 2010-10-07 07:02 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-07 07:02 . 2010-10-07 07:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-04-15 23:34 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-04-15 23:56 . 2010-12-20 23:59 1210880 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll
+ 2011-04-15 23:56 . 2010-12-20 23:59 5961216 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
+ 2011-04-15 23:56 . 2010-12-20 23:59 1991680 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll
+ 2011-04-15 23:56 . 2011-04-15 23:56 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll
+ 2011-04-15 23:56 . 2011-04-15 23:56 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6346221cecf631e5c0b754d842aad102\System.WorkflowServices.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1fbcd203ff8d77d561df8bf806417ab6\System.Workflow.Runtime.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\efbaf3696c44fd7d4b3cd925e0437b36\System.Workflow.ComponentModel.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\52a9bc5dd1fa497af7c7f4600bd8e6d1\System.Workflow.Activities.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f5ebeeb0a8aaba9db15ec3df591339ba\System.Web.Services.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\92d6b75e3b63b528d4069bf4ee01983a\System.Web.Mobile.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\02d53154634c8000382942e0f43ead41\System.Web.Extensions.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8b0bb430bb6af96c18b43e3c54cfafe8\System.ServiceModel.Web.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\85090bd451617e204ffda625b8d9fc30\System.Runtime.Serialization.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll
+ 2011-04-16 00:12 . 2011-04-16 00:12 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\86c59378e9a43bf101a10ad452a4bb8e\System.IdentityModel.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c05d9332116964104c721e97f7ce1058\System.DirectoryServices.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0118c0c73ea5c77bda7b10b188102ab6\System.Deployment.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ba3ca7a93e227c32ce7b50d0a7ba935f\System.Data.SqlXml.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de52be5da96059651b5bec800cb4605\System.Data.Services.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\c91e83e85c030bc914ecc302fa9b2c60\System.Data.Entity.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll
+ 2011-04-15 23:56 . 2011-04-15 23:56 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b117bf63daa7e587f1bb2d975dccb4af\PresentationBuildTasks.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\269103939243ec6929739c8b9a645c0d\Microsoft.VisualBasic.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\bf7bd26d2828e35156814018939ce4f6\Microsoft.Transactions.Bridge.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\6594c17d7e112b0507b701d5b8a67bba\Microsoft.JScript.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f5eb1e42ccd0f67f7496b94a31949cd0\Microsoft.Build.Tasks.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cc7f05675a5cd8014222be1483d6beaf\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\41cf95aa4ff5765b515d3252abc6353b\Microsoft.Build.Engine.ni.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-07 07:02 . 2010-10-07 07:02 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-10-07 07:02 . 2010-10-07 07:02 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-07 07:02 . 2010-10-07 07:02 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-04-15 23:55 . 2011-04-15 23:55 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-10-07 07:01 . 2010-10-07 07:01 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-02-12 00:47 . 2011-02-12 00:47 12028928 c:\windows\Installer\329f73.msp
+ 2011-04-15 23:56 . 2010-12-21 10:29 11080704 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
+ 2011-04-16 00:14 . 2011-04-16 00:14 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll
+ 2011-04-16 00:13 . 2011-04-16 00:13 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b5f24d96334ea08b99350421450d3ba4\System.ServiceModel.ni.dll
+ 2011-04-15 23:59 . 2011-04-15 23:59 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll
+ 2011-04-15 23:58 . 2011-04-15 23:58 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
+ 2011-04-15 23:57 . 2011-04-15 23:57 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
+ 2011-04-15 23:56 . 2011-04-15 23:56 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-21 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-04-09 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1193848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 18:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
R1 FAMv4;FAMv4;c:\windows\system32\drivers\FAMv4.sys [3/28/2009 9:51 AM 97816]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/15/2011 7:48 PM 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 AdminService9.1D;Admin Service for Service2000;c:\service2000dbs\DLC\bin\admsrvc.exe [3/21/2009 3:41 PM 20480]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/29/2010 2:31 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/15/2011 7:48 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/15/2011 7:48 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/15/2011 7:48 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [4/15/2011 7:48 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [4/15/2011 7:34 PM 141792]
R2 Remote Backup 2007;Remote Backup 2007;c:\program files\Remote Backup\rbackup.exe [3/28/2009 9:51 AM 602112]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/15/2011 7:48 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/15/2011 7:48 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/15/2011 7:48 PM 88544]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [11/10/2007 4:20 AM 29728]
S2 0204601302927860mcinstcleanup;McAfee Application Installer Cleanup (0204601302927860);c:\windows\TEMP\020460~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\020460~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/9/2011 7:23 PM 135664]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/15/2011 7:48 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/15/2011 7:48 PM 84264]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 0204601302927860MCINSTCLEANUP
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-16 c:\windows\Tasks\1 Friday Full Backup.job
- d:\backupcommands\1 Friday Full Backup.bat [2011-01-02 21:02]
.
2011-04-12 c:\windows\Tasks\2 Monday Incremental Backup.job
- d:\backupcommands\2 Monday Incremental Backup.bat [2011-01-02 21:05]
.
2011-04-13 c:\windows\Tasks\3 Tuesday Incremental Backup.job
- d:\backupcommands\3 Tuesday Incremental Backup.bat [2011-01-02 21:05]
.
2011-04-14 c:\windows\Tasks\4 Wednesday Incremental Backup.job
- d:\backupcommands\4 Wedsday Incremental Backup.bat [2011-01-02 21:06]
.
2011-04-15 c:\windows\Tasks\5 Thursday Incremental Backup.job
- d:\backupcommands\5 Thursday Incremental Backup.bat [2011-01-02 21:07]
.
2011-04-16 c:\windows\Tasks\Backup Service2000.job
- c:\service2000dbs\AdminScripts\backup.bat [2009-03-21 19:42]
.
2011-04-12 c:\windows\Tasks\CopyNetworkBackupsToArchive.job
- d:\backupcommands\CopyNetworkBackupsToArchive.bat [2011-01-02 01:28]
.
2011-04-16 c:\windows\Tasks\CopyTomsBackupToServer.job
- d:\backupcommands\CopyTomsBackupToServer.bat [2009-03-31 01:53]
.
2011-04-03 c:\windows\Tasks\First Sunday Image of C.job
- c:\progra~1\RUNTIM~1\DRIVEI~1\dixml.exe [2008-10-23 18:03]
.
2011-04-03 c:\windows\Tasks\FirstSundayCopyImagesOfC.job
- d:\c_images_3\CopyStage3Images.bat [2011-01-15 15:49]
.
2011-04-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 19:46]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 23:23]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 23:23]
.
2011-04-05 c:\windows\Tasks\rb-Full.job
- c:\program files\Remote Backup\rbclient.exe [2009-03-28 16:55]
.
2011-04-15 c:\windows\Tasks\rb-Incr_Daily.job
- c:\program files\Remote Backup\rbclient.exe [2009-03-28 16:55]
.
2011-04-16 c:\windows\Tasks\rb-Incr_Sat.job
- c:\program files\Remote Backup\rbclient.exe [2009-03-28 16:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nexpart.com/login.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\tntfiq57.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ShopAtHome.com Intelligent Shopping Toolbar: [email protected] - %profile%\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-16 10:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,01,03,1f,d7,20,98,4b,ba,d6,d1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,01,03,1f,d7,20,98,4b,ba,d6,d1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1072)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(1744)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\service2000dbs\DLC\jre\bin\java.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\service2000dbs\DLC\bin\_mprosrv.exe
c:\windows\system32\rundll32.exe
c:\service2000dbs\DLC\jre\bin\java.exe
c:\service2000dbs\DLC\bin\_mprshut.exe
.
**************************************************************************
.
Completion time: 2011-04-16 10:07:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-16 14:07
ComboFix2.txt 2011-04-15 22:34
ComboFix3.txt 2011-04-15 03:34
ComboFix4.txt 2011-04-15 01:17
ComboFix5.txt 2011-04-16 13:58
.
Pre-Run: 16,883,924,992 bytes free
Post-Run: 16,866,934,784 bytes free
.
- - End Of File - - 94E671D1C33890611E48442F2C3BCCBD
  • 0

#12
RKinner
Posted 16 April 2011 - 10:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,736 posts
  • MVP
I'm on a trip this weekend. Won't get back until late Sun. Your log looks pretty clean. Only infection I see left is the McAfee Anti-virus. :D

Will finish you up with the cleanup post when I get back.

Ron
  • 0

#13
RKinner
Posted 17 April 2011 - 11:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,736 posts
  • MVP
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You do not have the latest Java (Java™ 6 Update 24 or maybe even 25 by now). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 23 which is new enough that it should be removed automatically. If you use Firefox go into tools, Add-ons and make sure that CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA is not enabled. CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA is OK but 0023 should be disabled or uninstalled. Java seems to have a real problem removing the old consoles from Firefox. Having multiple Java consoles will make Firefox very sluggish and slow to start.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 18.1 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

If you have a router, log on to it today and change the default password!

Ron
  • 0

#14
jd_hupp
Posted 18 April 2011 - 05:58 PM

jd_hupp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you, Ron! (Did I say thank you? It bears repeating: THANK YOU!)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP