Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect....tds killer found nothing

Started by xxzoe85xx , Sep 02 2011 03:21 AM

  • This topic is locked This topic is locked

#1
xxzoe85xx
Posted 02 September 2011 - 03:21 AM

xxzoe85xx

    New Member

  • Member
  • Pip
  • 9 posts
Hi

I have had this google redirect thing for a few weeks now, its getting worse though it used to do it with a few links now its doing it with all....anyway i tried your google redirect instructions to remove it downloaded tdskiller etc and it found nothing but google is still redirecting? helppppppp :).....also dont know if this is related but when i was trying to download winzip and avg yesterday it keeps coming up with error message this is not a valid win32 application and wouldnt install...please help thankyouuuu x
  • 0

Advertisements

#2
Essexboy
Posted 02 September 2011 - 12:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I will need to look at your system first

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
xxzoe85xx
Posted 03 September 2011 - 07:08 AM

xxzoe85xx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hiya

Thanks for reply,

I have done the first thing (the log is below), the second one though OTL it wouldnt let me download it said is not a valid win 32 app (again) :) ....

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-03 12:22:42
-----------------------------
12:22:42.722 OS Version: Windows x64 6.1.7601 Service Pack 1
12:22:42.722 Number of processors: 1 586 0x170A
12:22:42.722 ComputerName: ZOE-TOSH UserName: Zoe
12:22:46.341 Initialize success
12:42:27.752 AVAST engine defs: 11090201
12:43:38.560 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:43:38.560 Disk 0 Vendor: Hitachi_ PBBO Size: 152627MB BusType: 3
12:43:38.575 Disk 0 MBR read successfully
12:43:38.575 Disk 0 MBR scan
12:43:38.591 Disk 0 Windows 7 default MBR code
12:43:38.606 Service scanning
12:43:47.764 Modules scanning
12:43:47.764 Disk 0 trace - called modules:
12:43:47.795 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
12:43:47.795 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031f2060]
12:43:47.795 3 CLASSPNP.SYS[fffff8800106c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002d8c050]
12:43:48.544 AVAST engine scan C:\Windows
12:43:52.475 AVAST engine scan C:\Windows\system32
12:49:33.632 AVAST engine scan C:\Windows\system32\drivers
12:49:54.941 AVAST engine scan C:\Users\Zoe
12:50:08.108 File: C:\Users\Zoe\AppData\Local\HandlerPathapi\mfcMobileEnum.dll **INFECTED** Win32:Sefnit-B [Trj]
13:21:39.299 File: C:\Users\Zoe\AppData\Roaming\WinPump\WinPump.exe **INFECTED** Win32:Malware-gen
13:22:40.233 AVAST engine scan C:\ProgramData
13:24:49.058 Scan finished successfully
13:41:15.432 Disk 0 MBR has been saved successfully to "C:\Users\Zoe\Desktop\MBR.dat"
13:41:15.448 The log file has been saved successfully to "C:\Users\Zoe\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 03 September 2011 - 07:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I can see part of the problem

C:\Users\Zoe\AppData\Local\HandlerPathapi\mfcMobileEnum.dll **INFECTED** Win32:Sefnit-B [Trj]
13:21:39.299 File: C:\Users\Zoe\AppData\Roaming\WinPump\WinPump.exe INFECTED** Win32:Sefnit-B [Trj]


So lets try a different tack

Download Combofix from any of the links below but rename it to winlogon before saving it to your desktop.

Link 1
Link 2


==================================


Double click on the renamed ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

  • 0

#5
xxzoe85xx
Posted 03 September 2011 - 09:45 AM

xxzoe85xx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok finally managed it...my comp is rather slow!...here it is...

ComboFix 11-09-02.04 - Zoe 03/09/2011 15:46:36.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2937.1247 [GMT 1:00]
Running from: c:\users\Zoe\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Enabled/Outdated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Enabled/Outdated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Zoe\AppData\Local\HandlerPathapi\mfcMobileEnum.dll
c:\windows\security\Database\tmp.edb
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-09-03 15:06 . 2011-09-03 15:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-02 16:24 . 2011-09-02 16:24 388096 ----a-r- c:\users\Zoe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-02 16:24 . 2011-09-02 16:24 -------- d-----w- c:\program files (x86)\Trend Micro
2011-09-02 16:22 . 2011-09-02 16:22 -------- d-----w- c:\program files (x86)\Yontoo Layers Runtime
2011-09-02 12:21 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4753CFE3-F557-4030-B8E8-B553A4E04C21}\mpengine.dll
2011-09-01 17:37 . 2011-09-01 17:37 -------- d-----w- c:\program files (x86)\ERUNT
2011-08-23 18:40 . 2011-03-23 15:17 10240 ----a-w- c:\windows\SysWow64\drivers\mdvrmng.sys
2011-08-21 15:15 . 2011-09-03 15:04 -------- d-----w- c:\users\Zoe\AppData\Local\HandlerPathapi
2011-08-10 16:36 . 2009-12-15 09:46 39552 ----a-w- c:\windows\system32\drivers\tcpipBM.sys
2011-08-10 16:36 . 2009-12-15 09:46 16512 ----a-w- c:\windows\system32\drivers\BMLoad.sys
2011-08-10 16:36 . 2011-03-23 15:15 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2011-08-10 16:34 . 2011-08-23 18:42 -------- d-----w- c:\programdata\DatacardService
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 18:40 . 2010-08-18 21:12 67156 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2011-07-16 04:32 . 2011-08-11 12:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-06 19:52 . 2011-03-07 17:00 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 19:52 . 2008-01-01 03:38 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-15 04:46 195360 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2010-12-13 67448]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe" [2009-12-31 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2010-03-15 2499584]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2010-09-30 439536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"UIExec"="c:\program files (x86)\T-Mobile Mobile Broadband Manager\UIExec.exe" [2009-07-16 132608]
"DataCardMonitor"="c:\program files (x86)\T-Mobile\InternetManager_H\DataCardMonitor.exe" [2011-08-10 253952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
.
c:\users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [N/A]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files (x86)\IVT Corporation\BlueSoleil\gprs.exe [2007-12-27 43608]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-15 183560]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys [x]
R3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [x]
R3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2009-12-15 16512]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-03-23 1740696]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-02-21 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-02-21 97520]
S2 Start BT in service;Start BT in service;c:\program files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-02-21 1541360]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\T-Mobile Mobile Broadband Manager\AssistantServices.exe [2009-07-16 241664]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2010-03-15 9216]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 19:04]
.
2011-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 19:04]
.
2011-09-03 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-07 16:46]
.
2011-09-02 c:\windows\Tasks\Weekly.job
- c:\program files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2011-02-21 14:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-08-06 1050000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
"combofix"="c:\combofix\CF20766.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: google.com
Trusted Zone: google.com\local
Trusted Zone: google.com\maps
Trusted Zone: google.com\www
TCP: Interfaces\{681D1D1D-B5B2-4C0B-BFCD-5618994F1356}: NameServer = 149.254.230.7 149.254.192.126
TCP: Interfaces\{70158D99-E31E-4A1E-BB2F-F8E742B78C16}: NameServer = 172.30.139.17 172.30.140.69
TCP: Interfaces\{84E63AF4-9E00-4DE6-8BB8-571F4675ABD6}: NameServer = 10.203.65.70 10.203.65.68
TCP: Interfaces\{A86212AF-FEC7-4A24-88EB-4348EBAE599C}: NameServer = 158.43.128.1,158.43.192.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-mfcMobileEnum - c:\users\Zoe\AppData\Local\HandlerPathapi\mfcMobileEnum.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files (x86)\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
c:\progra~2\NETSUP~1\client32.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\Sophos\Remote Management System\RouterNT.exe
c:\progra~2\NETSUP~1\client32.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2011-09-03 16:20:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-03 15:20
.
Pre-Run: 41,788,272,640 bytes free
Post-Run: 42,898,444,288 bytes free
.
- - End Of File - - C773F6963D32B1AC0A483AA2896EE14E
  • 0

#6
Essexboy
Posted 03 September 2011 - 09:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK progress - could you now try the OTL run as previously posted
  • 0

#7
xxzoe85xx
Posted 03 September 2011 - 10:01 AM

xxzoe85xx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
just tried thee one i downloaded to desktop before...still syaing not a valid win 32 app :)
  • 0

#8
Essexboy
Posted 03 September 2011 - 11:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you access safe mode ?

If so then run this programme, it will run in normal mode but in this instance safe mode would be better

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0

#9
xxzoe85xx
Posted 04 September 2011 - 01:47 PM

xxzoe85xx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I cant seem to download this....:/ however!....the problem seems to be fixed :) ...google isnt redirecting....dont know how must b one of these other programs you said to download maybe fixed it....thanks 4 ur help! :unsure:
  • 0

#10
Essexboy
Posted 04 September 2011 - 01:53 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The redirects should have been cured by combofix I was trying to determine why OTL would not run ... What are your current problems ?
  • 0

Advertisements

#11
xxzoe85xx
Posted 05 September 2011 - 03:23 AM

xxzoe85xx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi...i have managed to download that kaspersky tool now....i set it off scanning last night...its 8% through now and says due to finish in 4 days...its found 8 threats already though!....i shall post the log on for you when it finishes..thanks :)
  • 0

#12
Essexboy
Posted 05 September 2011 - 11:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please, I am more interested in the analysis log though as that is where the unknowns will be
  • 0

#13
xxzoe85xx
Posted 06 September 2011 - 04:06 AM

xxzoe85xx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
okies right heres the logs....

log1

Status: Deleted (events: 7)
05/09/2011 10:19:23 Deleted Trojan program Exploit.Java.CVE-2010-4452.y C:\Documents and Settings\Zoe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-149018f0 High
05/09/2011 10:19:25 Deleted Trojan program Trojan-Downloader.JS.Iframe.cks C:\Documents and Settings\Zoe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V39UMABN\js[1].htm High
05/09/2011 10:19:32 Deleted Trojan program Exploit.Java.CVE-2010-4452.y C:\Documents and Settings\Zoe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-215d5156 High
05/09/2011 10:19:49 Deleted Trojan program Exploit.Java.CVE-2010-4452.y C:\Documents and Settings\Zoe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-26b2e0d7 High
05/09/2011 10:19:52 Deleted Trojan program Exploit.Java.CVE-2010-4452.y C:\Documents and Settings\Zoe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-533cded2 High
05/09/2011 10:19:55 Deleted Trojan program Exploit.Java.CVE-2010-4452.y C:\Documents and Settings\Zoe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-561863ec High
05/09/2011 10:19:55 Deleted Trojan program Exploit.Java.CVE-2010-4452.y C:\Documents and Settings\Zoe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-66a4dd4e High
Status: Absent (events: 2)
05/09/2011 13:32:00 Not found Trojan program Trojan-Downloader.JS.Iframe.cks C:\Documents and Settings\Zoe\AppData\Local\Temporary Internet Files\Low\Content.IE5\V39UMABN\js[1].htm High
05/09/2011 21:55:38 Not found Trojan program Backdoor.Win32.ZAccess.de C:\Windows\assembly\GAC_32\Desktop.ini High


analysis report

<?xml version="1.0" encoding="windows-1251" ?>
<!-- AVZ XML Report -->
<AVZ Version="4.35" LogDate="06.09.2011 11:00:28" WinDir="C:\Windows\" OS_MjVer="6" OS_MiVer="1" OS_Build="7601" BootMode="0" OS_CSDV="Service Pack 1" ProfileDir="C:\Users\Zoe" Session="" IsWow64="True" IsAdmin="True" IsSRDisabled="False" MainDBDate="12/30/1899" CompHash="2A06BB1D4C16D0F68E394A8DB3241738">
<PROCESS>
<ITEM PID="2920" File="c:\program files (x86)\3 mobile broadband\3connect\bechelperservice.exe" CheckResult="0" Descr="" LegalCopyright="" Hidden="0" CmdLine="&quot;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe&quot;" Size="1740696" Attr="rsAh" CreateDate="23.08.2011 19:41:26" ChageDate="23.03.2011 16:32:20" MD5="68BF3520FE759C91FD9182F36E585374" />
<ITEM PID="6332" File="c:\program files (x86)\t-mobile\internetmanager_h\bmsdk.exe" CheckResult="0" Descr="" LegalCopyright="" Hidden="0" CmdLine="&quot;C:\Program Files (x86)\T-Mobile\InternetManager_H\bmsdk.exe&quot; --initializeblock &quot;C:\Program Files (x86)\T-Mobile\InternetManager_H\boc.ini&quot;" Size="193664" Attr="rsAh" CreateDate="03.09.2011 16:34:59" ChageDate="15.12.2009 10:46:32" MD5="C1DD2F62D10E9A9F7013E99DE93E971C" />
<ITEM PID="4940" File="CFIWmxSvcs64.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="3084" File="HWDeviceService64.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="2404" File="NitroPDFReaderDriverServicex64.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="1932" File="RAVCpl64.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="1908" File="SmoothView.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="2532" File="c:\program files (x86)\openoffice.org 3\program\soffice.bin" CheckResult="0" Descr="OpenOffice.org 3.3" LegalCopyright="Copyright © 2000-2010 by Oracle, Inc." Hidden="0" CmdLine="&quot;C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe&quot; &quot;-quickstart&quot; &quot;-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program&quot;" Size="11314688" Attr="rsAh" CreateDate="17.01.2011 19:08:58" ChageDate="17.01.2011 19:08:58" MD5="2337EC951C4AF6E1AF65D10BD9615BEB" />
<ITEM PID="1940" File="SynTPEnh.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="5060" File="SynTPHelper.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="1924" File="TCrdMain.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="3700" File="TemproSvc.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="3824" File="TosCoSrv.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="1956" File="ToshibaReminder.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="1868" File="TosNcCore.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="1876" File="TosReelTimeMonitor.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="4972" File="TosSENotify.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="4596" File="TosSmartSrv.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="1916" File="TPwrMain.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="3336" File="wmpnetwk.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
</PROCESS>
<DLL>
<ITEM File="C:\Program Files (x86)\3 Mobile Broadband\3Connect\Logger.dll" CheckResult="-1" Descr="3Connect" LegalCopyright="Copyright Birdstep 2009" UsedBy="2920" Hidden="0" Size="110592" Attr="rsAh" CreateDate="23.08.2011 19:39:59" ChageDate="23.03.2011 16:20:04" MD5="D12C9890BDF6E50BF1FFC9C07CACAAE2" />
<ITEM File="C:\Windows\system32\bminstall.dll" CheckResult="-1" Descr="Bytemobile Installation Library" LegalCopyright="Copyright © 2000-2009 Bytemobile, Inc." UsedBy="6332" Hidden="0" Size="308352" Attr="rsAh" CreateDate="03.09.2011 16:34:59" ChageDate="15.12.2009 10:46:30" MD5="7BE990DAD078BEE10573AE6F25D281FD" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="1740800" Attr="rsAh" CreateDate="17.01.2011 16:19:08" ChageDate="04.05.2011 00:28:56" MD5="4E2AA75B6F4D131880495775AEE2A746" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="86016" Attr="rsAh" CreateDate="19.11.2010 18:46:18" ChageDate="04.05.2011 00:28:56" MD5="EB19A979E7B0846114B68797CF9D35A4" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="379904" Attr="rsAh" CreateDate="13.12.2010 16:23:04" ChageDate="04.05.2011 00:28:47" MD5="030C59EC14EED95C9C64A6021F6B5CE9" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="1033728" Attr="rsAh" CreateDate="17.01.2011 16:19:02" ChageDate="04.05.2011 00:28:26" MD5="3AEE796B75E348E382FBEE3679E4F9BF" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="432128" Attr="rsAh" CreateDate="19.11.2010 18:45:20" ChageDate="04.05.2011 00:28:54" MD5="6B22522E6BEF40A9793C0C9992A16E2C" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="13312" Attr="rsAh" CreateDate="19.11.2010 18:45:56" ChageDate="04.05.2011 00:28:56" MD5="F0FE7675F55E2B249DCE3227C1EE619C" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="142848" Attr="rsAh" CreateDate="19.11.2010 18:45:20" ChageDate="04.05.2011 00:28:54" MD5="5149C79D4C69A531C5210AC6163771C4" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll" CheckResult="-1" Descr="STLport" LegalCopyright="Copyright © Boris Fomitchev" UsedBy="2532" Hidden="0" Size="597504" Attr="rsAh" CreateDate="19.11.2010 18:46:06" ChageDate="04.05.2011 00:28:56" MD5="45746CF8240FB5472B1EE5F1E79EB682" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="358912" Attr="rsAh" CreateDate="19.11.2010 18:46:14" ChageDate="04.05.2011 00:28:51" MD5="944C92B030AB542585BEF8C4E9F26EEE" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="94208" Attr="rsAh" CreateDate="19.11.2010 18:46:20" ChageDate="04.05.2011 00:28:52" MD5="FAAA853466D3CB2D058167590E2AF7FF" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="135680" Attr="rsAh" CreateDate="17.01.2011 16:19:04" ChageDate="04.05.2011 00:28:31" MD5="96F96A0EE4AA5703B584A227E551DBD4" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll" CheckResult="-1" Descr="Berkeley DB 4.7 DLL" LegalCopyright="Copyright © Oracle 1997,2008" UsedBy="2532" Hidden="0" Size="832000" Attr="rsAh" CreateDate="17.01.2011 16:19:06" ChageDate="04.05.2011 00:28:39" MD5="441D37B8C9D1D95213FBA06AE6987CDD" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="529408" Attr="rsAh" CreateDate="17.01.2011 16:19:12" ChageDate="04.05.2011 00:28:50" MD5="0204E929E9374FF21F55969743753039" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="700928" Attr="rsAh" CreateDate="17.01.2011 16:19:02" ChageDate="04.05.2011 00:28:24" MD5="915F7B38243EC222EBC2D22A7A7C87C9" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="26112" Attr="rsAh" CreateDate="19.11.2010 18:45:36" ChageDate="04.05.2011 00:28:36" MD5="3323966DB373CAA544B504A8803FA35A" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="958464" Attr="rsAh" CreateDate="17.01.2011 16:19:12" ChageDate="04.05.2011 00:28:51" MD5="293D2D4B8782D9A31CD1581287E77809" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="531456" Attr="rsAh" CreateDate="19.11.2010 18:46:20" ChageDate="04.05.2011 00:28:52" MD5="AD831EEB7EF3B42A323A0326BB4F064D" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="3234816" Attr="rsAh" CreateDate="17.01.2011 16:19:10" ChageDate="04.05.2011 00:28:46" MD5="80C740A97E8EA5427EE33165B6AA2610" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="869888" Attr="rsAh" CreateDate="13.12.2010 16:22:36" ChageDate="04.05.2011 00:28:34" MD5="A347990C180FFC75B1B974A8E2509A91" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="311296" Attr="rsAh" CreateDate="13.12.2010 16:22:36" ChageDate="04.05.2011 00:28:34" MD5="A294D26DA81FCB263ED3362EE8B641AC" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="2863616" Attr="rsAh" CreateDate="13.12.2010 16:23:06" ChageDate="04.05.2011 00:28:48" MD5="DECBA06FB9C27C78D5D6A0DC7CD490AF" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="2186752" Attr="rsAh" CreateDate="17.01.2011 16:19:12" ChageDate="04.05.2011 00:28:50" MD5="0C5754243F5B310BA804B4EAF61EE23C" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="3266560" Attr="rsAh" CreateDate="17.01.2011 16:19:12" ChageDate="04.05.2011 00:28:52" MD5="AC95617C5F8DD02C50610F855B5AB34E" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="256000" Attr="rsAh" CreateDate="19.11.2010 18:46:04" ChageDate="04.05.2011 00:28:47" MD5="98BA2EBC25FB8F9955BD8C48FD74CA54" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="29184" Attr="rsAh" CreateDate="19.11.2010 18:45:36" ChageDate="04.05.2011 00:28:36" MD5="9B351D11A55F2BBFAC1E3A97C3E0D6D9" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="66560" Attr="rsAh" CreateDate="19.11.2010 18:45:36" ChageDate="04.05.2011 00:28:37" MD5="CF7D504009C7E84E517A2FD0EC4267B2" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll" CheckResult="-1" Descr="IBM ICU Common DLL" LegalCopyright=" Copyright © 2008, International Business Machines Corporation and others. All Rights Reserved. " UsedBy="2532" Hidden="0" Size="951296" Attr="rsAh" CreateDate="19.11.2010 18:45:38" ChageDate="04.05.2011 00:28:38" MD5="7AADAD87EB63FE7029032E0B04811DF4" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll" CheckResult="-1" Descr="ICU Data DLL" LegalCopyright=" Copyright © 2008, International Business Machines Corporation and others. All Rights Reserved. " UsedBy="2532" Hidden="0" Size="13914112" Attr="rsAh" CreateDate="19.11.2010 18:45:36" ChageDate="04.05.2011 00:28:38" MD5="D9A6C90937A85ABA073D99A59568D917" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="777216" Attr="rsAh" CreateDate="17.01.2011 16:19:10" ChageDate="04.05.2011 00:28:47" MD5="16469E0E8469D3A430E455CAA58E0999" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="92160" Attr="rsAh" CreateDate="19.11.2010 18:45:40" ChageDate="04.05.2011 00:28:54" MD5="19090E17F5E1DE93A277DCF4B2AF32E3" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="2532" Hidden="0" Size="985088" Attr="rsAh" CreateDate="17.01.2011 16:19:06" ChageDate="04.05.2011 00:28:40" MD5="FA55E2EB1C11DEEF37EEB031049FD94B" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="1577984" Attr="rsAh" CreateDate="17.01.2011 16:19:08" ChageDate="04.05.2011 00:28:44" MD5="E06A26780E1379879C1B708338EF0173" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="51712" Attr="rsAh" CreateDate="19.11.2010 18:45:44" ChageDate="04.05.2011 00:28:55" MD5="DAA1E14693FAD4526AAB9A8D6E4FD89F" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="452608" Attr="rsAh" CreateDate="19.11.2010 18:45:14" ChageDate="04.05.2011 00:28:53" MD5="9D61666B586AABFABB4C7637943DC522" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="92672" Attr="rsAh" CreateDate="19.11.2010 18:45:54" ChageDate="04.05.2011 00:28:55" MD5="67AD692C1D0A4B989FE22C8FFC880B40" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="53248" Attr="rsAh" CreateDate="19.11.2010 18:46:06" ChageDate="04.05.2011 00:28:56" MD5="14949A016B4D908AB43004DEC90EAACE" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="396800" Attr="rsAh" CreateDate="19.11.2010 18:45:18" ChageDate="04.05.2011 00:28:27" MD5="A7205EFE1103A82F5F4630B2482D3589" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="24064" Attr="rsAh" CreateDate="13.12.2010 16:22:44" ChageDate="04.05.2011 00:28:40" MD5="94A14F621D92D475C88CEB68ABFDD321" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="92672" Attr="rsAh" CreateDate="19.11.2010 18:46:06" ChageDate="04.05.2011 00:28:56" MD5="6374FFCBBCF4DCBA858B77BBC0C9AACC" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="212992" Attr="rsAh" CreateDate="19.11.2010 18:46:14" ChageDate="04.05.2011 00:28:50" MD5="49DDB62199C3070A1A614730F7D0806C" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="1649152" Attr="rsAh" CreateDate="13.12.2010 16:22:38" ChageDate="04.05.2011 00:28:34" MD5="00C8690102FB7177E01F88149BC5ED96" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="257024" Attr="rsAh" CreateDate="17.01.2011 16:19:12" ChageDate="04.05.2011 00:28:51" MD5="0C058087A5171B21077589C2C22BDE70" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\i18npool.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="1317376" Attr="rsAh" CreateDate="17.01.2011 16:19:06" ChageDate="04.05.2011 00:28:36" MD5="CC3DD27247804894258A0EF230BAABA9" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\icuin40.dll" CheckResult="-1" Descr="IBM ICU I18N DLL" LegalCopyright=" Copyright © 2008, International Business Machines Corporation and others. All Rights Reserved. " UsedBy="2532" Hidden="0" Size="1071616" Attr="rsAh" CreateDate="19.11.2010 18:45:36" ChageDate="04.05.2011 00:28:38" MD5="E1608FA89E1F59B39630D8029579CA2C" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="83968" Attr="rsAh" CreateDate="13.12.2010 16:22:50" ChageDate="04.05.2011 00:28:42" MD5="00713423B169D8C6BF3E0634AFEDE152" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="287232" Attr="rsAh" CreateDate="13.12.2010 16:22:50" ChageDate="04.05.2011 00:28:42" MD5="F2E56B3978BFB6829ADE9CFA35751815" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="148480" Attr="rsAh" CreateDate="19.11.2010 18:45:28" ChageDate="04.05.2011 00:28:32" MD5="092FABB93F6E1993CE75BFCF9BF35DCD" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\uuimi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="226304" Attr="rsAh" CreateDate="17.01.2011 16:19:12" ChageDate="04.05.2011 00:28:51" MD5="351E9C0591EC540D0C85B89C249BCA62" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\filterconfig1.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="186880" Attr="rsAh" CreateDate="06.01.2011 17:50:58" ChageDate="04.05.2011 00:28:33" MD5="458AC02413D028198C7B9460EF313F86" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\swdmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="54784" Attr="rsAh" CreateDate="06.01.2011 17:51:28" ChageDate="04.05.2011 00:28:49" MD5="8723DFF049BDE126ED50B46510F550AD" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\dnd.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="115200" Attr="rsAh" CreateDate="19.11.2010 18:45:26" ChageDate="04.05.2011 00:28:32" MD5="0CDAD29B57A9DF50A13D37396DAE99B2" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\swmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="7884800" Attr="rsAh" CreateDate="17.01.2011 16:19:10" ChageDate="04.05.2011 00:28:50" MD5="FBAFAC7B8B8A68A4E41FA4AC44DE3785" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\lngmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="991744" Attr="rsAh" CreateDate="13.12.2010 16:22:44" ChageDate="04.05.2011 00:28:40" MD5="C3FB224A7BD1ACFDA0D47F5C956BD3F6" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\xomi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="2967552" Attr="rsAh" CreateDate="17.01.2011 16:19:12" ChageDate="04.05.2011 00:28:53" MD5="D7C2E0DAA9166E529A4FC65451B05F52" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\svxcoremi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="5470208" Attr="rsAh" CreateDate="13.12.2010 16:23:06" ChageDate="04.05.2011 00:28:49" MD5="D34A0BF392081869F7CEE6E5AAD53315" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\editengmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="1457152" Attr="rsAh" CreateDate="13.12.2010 16:22:32" ChageDate="04.05.2011 00:28:32" MD5="CEAC65F1DD2FE04DEBDB5FEE8D5DECE1" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\avmediami.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="211456" Attr="rsAh" CreateDate="13.12.2010 16:22:12" ChageDate="04.05.2011 00:28:23" MD5="3B560C11EE94F7B1415DF798AC1C769D" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\drawinglayermi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="1026560" Attr="rsAh" CreateDate="17.01.2011 16:18:12" ChageDate="04.05.2011 00:28:32" MD5="AC62B35D4FCA9839F123FF1B33BE2893" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\canvastoolsmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="503296" Attr="rsAh" CreateDate="13.12.2010 16:22:20" ChageDate="04.05.2011 00:28:25" MD5="9FBEA8E4745059CF3551CB55DDD78A38" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\aggmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="129024" Attr="rsAh" CreateDate="19.11.2010 18:45:08" ChageDate="04.05.2011 00:28:19" MD5="FF2ECD3383A8B4C74D0E9BA3ABE92776" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\cppcanvasmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="285184" Attr="rsAh" CreateDate="17.01.2011 16:18:06" ChageDate="04.05.2011 00:28:27" MD5="8C4354E83A85A1B319498D04B8713EDD" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\svxmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="2524672" Attr="rsAh" CreateDate="13.12.2010 16:23:08" ChageDate="04.05.2011 00:28:49" MD5="09CE04CF0CF53DE4825755CA4B1BFE9C" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reflection.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="98816" Attr="rsAh" CreateDate="19.11.2010 18:45:54" ChageDate="04.05.2011 00:28:55" MD5="6D75880D9273214A16ABF15759C584B2" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\localedata_en.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="103936" Attr="rsAh" CreateDate="19.11.2010 18:45:44" ChageDate="04.05.2011 00:28:40" MD5="BC3152BFA8886B3614733961F077924E" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\mswordmi.DLL" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="1078784" Attr="rsAh" CreateDate="06.01.2011 17:51:10" ChageDate="04.05.2011 00:28:42" MD5="40CE8D074BE9C88D03737187BA1190CF" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\msfiltermi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="705024" Attr="rsAh" CreateDate="06.01.2011 17:51:10" ChageDate="04.05.2011 00:28:41" MD5="A8926869050A8E6CC08BB002A2403706" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\unoxmlmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="294400" Attr="rsAh" CreateDate="19.11.2010 18:46:16" ChageDate="04.05.2011 00:28:51" MD5="38EF0377760F24BA78FC6921B66BA68A" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\fileacc.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="51712" Attr="rsAh" CreateDate="19.11.2010 18:45:30" ChageDate="04.05.2011 00:28:33" MD5="B30AA17FB98E5DEE259E69FEADAD23F1" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\updchk.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="174080" Attr="rsAh" CreateDate="13.12.2010 16:23:14" ChageDate="04.05.2011 00:28:51" MD5="2F6829D86C2287FDEA7ED6A7183FC369" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\libcurl.dll" CheckResult="-1" Descr="libcurl Shared Library" LegalCopyright="© 1996 - 2009 Daniel Stenberg, &lt;[email protected]&gt;." UsedBy="2532" Hidden="0" Size="180224" Attr="rsAh" CreateDate="19.11.2010 18:45:42" ChageDate="04.05.2011 00:28:39" MD5="DA62E02C4B7DC5EEF3235611CDDC7C08" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\xstor.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="346112" Attr="rsAh" CreateDate="17.01.2011 16:19:12" ChageDate="04.05.2011 00:28:53" MD5="5B324A3524B06C49C2DB6AEAD7BC36C9" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\package2.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="282112" Attr="rsAh" CreateDate="06.01.2011 17:51:12" ChageDate="04.05.2011 00:28:43" MD5="C4EF2F1C77365B76AAB25B5681A60DCB" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\sax.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="156672" Attr="rsAh" CreateDate="19.11.2010 18:45:56" ChageDate="04.05.2011 00:28:44" MD5="7AD7203DFA0E646438959CF510BA0994" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\sysdtrans.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="106496" Attr="rsAh" CreateDate="19.11.2010 18:46:12" ChageDate="04.05.2011 00:28:50" MD5="99BBCC7ED6FAF53081F7AEC83A7404A9" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\fsstorage.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="93696" Attr="rsAh" CreateDate="13.12.2010 16:22:36" ChageDate="04.05.2011 00:28:34" MD5="58E26727C7EB8CE12E902C8D7A82599C" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmi.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="542208" Attr="rsAh" CreateDate="17.01.2011 16:19:04" ChageDate="04.05.2011 00:28:31" MD5="45160BFAAAD598C82882242B45F25DC6" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\helplinkermi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="154624" Attr="rsAh" CreateDate="19.11.2010 18:45:34" ChageDate="04.05.2011 00:28:36" MD5="CD491D03C9C1118D7E3BF8A70FF89A1A" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="2532" Hidden="0" Size="170496" Attr="rsAh" CreateDate="19.11.2010 18:45:42" ChageDate="04.05.2011 00:28:40" MD5="FB3D61950AE74EC61077AFD8C34EB7D2" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\ucpexpand1.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="24064" Attr="rsAh" CreateDate="19.11.2010 18:46:14" ChageDate="04.05.2011 00:28:51" MD5="17B857240F2A899C80AC4593C469A1D9" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\introspection.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="98816" Attr="rsAh" CreateDate="19.11.2010 18:45:38" ChageDate="04.05.2011 00:28:54" MD5="9CEF1587086FEC5357B65ADA5AEBE1B5" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\spellmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="160768" Attr="rsAh" CreateDate="13.12.2010 16:23:04" ChageDate="04.05.2011 00:28:47" MD5="4F71F4BDEA0A7880D79014257A1E4652" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\hyphenmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="57344" Attr="rsAh" CreateDate="13.12.2010 16:22:38" ChageDate="04.05.2011 00:28:36" MD5="CF7BB721A9EF99393C0A3422ACB5DA5A" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\lnthmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="56320" Attr="rsAh" CreateDate="13.12.2010 16:22:44" ChageDate="04.05.2011 00:28:40" MD5="EE0689DA8A63CAD65A3B10D30B9C0DE6" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\ftransl.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="50688" Attr="rsAh" CreateDate="19.11.2010 18:45:32" ChageDate="04.05.2011 00:28:34" MD5="82F9209FCB4771F0D55DE922676F7DA1" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\mcnttype.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="33280" Attr="rsAh" CreateDate="19.11.2010 18:45:44" ChageDate="04.05.2011 00:28:41" MD5="04C03C861C7773367C9BA9DFE17A3737" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\updatefeed.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="53760" Attr="rsAh" CreateDate="13.12.2010 16:23:14" ChageDate="04.05.2011 00:28:51" MD5="7ED5451FF7AD8CA6EB709265E9CB6581" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\onlinecheck.DLL" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="8192" Attr="rsAh" CreateDate="19.11.2010 18:45:48" ChageDate="04.05.2011 00:28:42" MD5="24C2F471B34836500269B94A1BD68DE1" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\ucpdav1.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="286720" Attr="rsAh" CreateDate="19.11.2010 18:46:14" ChageDate="04.05.2011 00:28:51" MD5="DA47200DF226271ADBC027C0F463FD2A" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\neon.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="110592" Attr="rsAh" CreateDate="19.11.2010 18:45:46" ChageDate="04.05.2011 00:28:42" MD5="D3ACEEEEBF4D9AA0A5E97266DF4DD1F5" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\SSLEAY32.dll" CheckResult="-1" Descr="OpenSSL Shared Library" LegalCopyright="Copyright © 1998-2007 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved." UsedBy="2532" Hidden="0" Size="209920" Attr="rsAh" CreateDate="19.11.2010 18:46:06" ChageDate="04.05.2011 00:28:47" MD5="2B980E1200F257C5A78DB987308EFD0B" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\LIBEAY32.dll" CheckResult="-1" Descr="OpenSSL Shared Library" LegalCopyright="Copyright © 1998-2007 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved." UsedBy="2532" Hidden="0" Size="1015296" Attr="rsAh" CreateDate="19.11.2010 18:45:42" ChageDate="04.05.2011 00:28:40" MD5="3330CACD72D429C378722F679F3C7F11" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\wininetbe1.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="28672" Attr="rsAh" CreateDate="13.12.2010 16:23:16" ChageDate="04.05.2011 00:28:52" MD5="C1328A210C256A82A958F175A57AAC46" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\passwordcontainer.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="82944" Attr="rsAh" CreateDate="13.12.2010 16:22:50" ChageDate="04.05.2011 00:28:43" MD5="FB6E8BDC7F601D4459374AFD32F3408F" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\ucpchelp1.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="260096" Attr="rsAh" CreateDate="17.01.2011 16:19:12" ChageDate="04.05.2011 00:28:51" MD5="8F3840C6CFCBD41910665B10F6B6943F" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\dtrans.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="40960" Attr="rsAh" CreateDate="19.11.2010 18:45:26" ChageDate="04.05.2011 00:28:32" MD5="52D6C25EBD803F4D9BB9AAEFF955A0DC" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\fwlmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="2532" Hidden="0" Size="343040" Attr="rsAh" CreateDate="17.01.2011 16:19:06" ChageDate="04.05.2011 00:28:35" MD5="A47B5B14553CBF38E375BC8B71DE569B" />
</DLL>
<KERNELOBJ>
<ITEM File="C:\Windows\System32\Drivers\dump_dumpfve.sys" CheckResult="-1" Base="4200000" MemSize="013000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\System32\Drivers\dump_iaStor.sys" CheckResult="-1" Base="36DB000" MemSize="11C000" Descr="" LegalCopyright="" />
</KERNELOBJ>
<Service>
</Service>
<Drivers>
<ITEM File="C:\Windows\SystemRoot\system32\DRIVERS\msahci.sys" Name="msahci" CheckResult="-1" Type="1" State="4" />
<ITEM File="C:\ComboFix\catchme.sys" Name="catchme" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\ewusbdev.sys" Name="hwusbdev" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\ewusbfake.sys" Name="hwusbfake" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\drivers\massfilter.sys" Name="massfilter" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\drivers\mdvrmng.sys" Name="mdvrmng" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\Drivers\RtsUStor.sys" Name="RSUSBSTOR" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\Rts516xIR.sys" Name="RtsUIR" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\RtsUCcid.sys" Name="USBCCID" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys" Name="ZTEusbmdm6k" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\ZTEusbnmea.sys" Name="ZTEusbnmea" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\ZTEusbser6k.sys" Name="ZTEusbser6k" CheckResult="-1" Type="1" State="1" />
</Drivers>
<AUTORUN>
<ITEM File="C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe" CheckResult="-1" Enabled="1" Type="LNK" X1="C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" X2="C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk" X3="" />
<ITEM File="C:\Program Files (x86)\McAfee\VirusScan\NAIEvent.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\McLogEvent" X3="EventMessageFile" />
<ITEM File="C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe" CheckResult="-1" Enabled="1" Type="REG" Size="110592" Attr="rsAh" CreateDate="03.09.2011 16:33:47" ChageDate="31.12.2009 14:13:52" MD5="75F26DE6CFCC49AD02D99BB9922D863B" X1="HKEY_USERS" X2="S-1-5-21-1092992991-1029331785-2248815135-1000\Software\Microsoft\Windows\CurrentVersion\Run" X3="HW_OPENEYE_OUC_T-Mobile Internet Manager" />
<ITEM File="C:\Users\Zoe\AppData\Local\Temp\_uninst_12558588.bat" CheckResult="-1" Enabled="1" Type="LNK" Size="356" Attr="rsAh" CreateDate="04.09.2011 22:51:02" ChageDate="04.09.2011 22:51:02" MD5="26B1DCAF9EAE3113588326BE58A2A1CE" X1="C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" X2="C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_12558588.lnk" X3="" />
<ITEM File="C:\Windows\System32\appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters" X3="ServiceDll" />
<ITEM File="C:\Windows\system32\PCImsg.dll" CheckResult="-1" Enabled="-1" Type="REG" Size="36912" Attr="rsAh" CreateDate="18.02.2011 15:24:06" ChageDate="19.03.2007 15:05:56" MD5="8BA8C6C0AFED6B12F15AE66277187BAC" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\PCIapp" X3="EventMessageFile" />
<ITEM File="C:\Windows\system32\PCImsg.dll" CheckResult="-1" Enabled="-1" Type="REG" Size="36912" Attr="rsAh" CreateDate="18.02.2011 15:24:06" ChageDate="19.03.2007 15:05:56" MD5="8BA8C6C0AFED6B12F15AE66277187BAC" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\PCIsys" X3="EventMessageFile" />
<ITEM File="C:\Windows\system32\psxss.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X3="Posix" />
<ITEM File="auditcse.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}" X3="DLLName" />
<ITEM File="igfxdev.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" X3="DLLName" />
<ITEM File="rdpclip" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" X3="StartupPrograms" />
</AUTORUN>
<BHO>
</BHO>
<ExplorerExt>
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="WinZip" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E0D79304-84BE-11CE-9641-444553540000}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="WinZip" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E0D79305-84BE-11CE-9641-444553540000}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="WinZip" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E0D79306-84BE-11CE-9641-444553540000}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="WinZip" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E0D79307-84BE-11CE-9641-444553540000}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="2" ExtName="ColumnHandler" RegKey="SOFTWARE\Classes\Folder\shellex\ColumnHandlers" CLSID="{F9DB5320-233E-11D1-9F84-707F02C10627}" Descr="" LegalCopyright="" />
</ExplorerExt>
<PrintEXT>
<ITEM File="localspl.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="FXSMON.DLL" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="nitrolocalmon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="Primomonnt.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="tcpmon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="usbmon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="WSDMon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="inetpp.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Providers" Descr="" LegalCopyright="" />
</PrintEXT>
<TaskScheduler>
</TaskScheduler>
<SPI>
<ITEM File="C:\Windows\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\nlasvc.dll,-1000" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="07.03.2011 19:52:47" ChageDate="20.11.2010 13:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\wshtcpip.dll,-60103" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="07.03.2011 19:52:47" ChageDate="20.11.2010 13:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\System32\winrnr.dll" CheckResult="-1" SPIType="1" SPINaim="NTDS" Descr="LDAP RnR Provider DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="20992" Attr="rsAh" CreateDate="14.07.2009 00:37:57" ChageDate="14.07.2009 02:16:19" MD5="5DF5D8CFD9B9573FA3B2C89D9061A240" />
<ITEM File="C:\Windows\system32\napinsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\napinsp.dll,-1000" Descr="E-mail Naming Shim Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="52224" Attr="rsAh" CreateDate="14.07.2009 00:54:55" ChageDate="14.07.2009 02:16:02" MD5="0B7E85364CB878E2AD531DB7B601A9E5" />
<ITEM File="C:\Windows\system32\pnrpnsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1000" Descr="PNRP Name Space Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="65024" Attr="rsAh" CreateDate="14.07.2009 00:55:50" ChageDate="14.07.2009 02:16:12" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" />
<ITEM File="C:\Windows\system32\pnrpnsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1001" Descr="PNRP Name Space Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="65024" Attr="rsAh" CreateDate="14.07.2009 00:55:50" ChageDate="14.07.2009 02:16:12" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" />
<ITEM File="C:\Windows\system32\wshbth.dll" CheckResult="-1" SPIType="1" SPINaim="Bluetooth Namespace" Descr="Windows Sockets Helper DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="36352" Attr="rsAh" CreateDate="07.03.2011 19:50:31" ChageDate="20.11.2010 13:21:39" MD5="AC122407B29378FF9646F03404AC7C54" />
<ITEM File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" CheckResult="-1" SPIType="1" SPINaim="WindowsLive NSP" Descr="Microsoft® Windows Live ID Namespace Provider" LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Size="145280" Attr="rsAh" CreateDate="21.09.2010 15:03:14" ChageDate="21.09.2010 15:03:14" MD5="9D4A1690AF93F233E15380398BEC7431" />
<ITEM File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" CheckResult="-1" SPIType="1" SPINaim="WindowsLive Local NSP" Descr="Microsoft® Windows Live ID Namespace Provider" LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Size="145280" Attr="rsAh" CreateDate="21.09.2010 15:03:14" ChageDate="21.09.2010 15:03:14" MD5="9D4A1690AF93F233E15380398BEC7431" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [TCP/IP]" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="07.03.2011 19:52:47" ChageDate="20.11.2010 13:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [UDP/IP]" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="07.03.2011 19:52:47" ChageDate="20.11.2010 13:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [RAW/IP]" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="07.03.2011 19:52:47" ChageDate="20.11.2010 13:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [TCP/IPv6]" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="07.03.2011 19:52:47" ChageDate="20.11.2010 13:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [UDP/IPv6]" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="07.03.2011 19:52:47" ChageDate="20.11.2010 13:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [RAW/IPv6]" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="07.03.2011 19:52:47" ChageDate="20.11.2010 13:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP TCPv6 Service Provider" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="07.03.2011 19:52:47" ChageDate="20.11.2010 13:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP TCP Service Provider" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="07.03.2011 19:52:47" ChageDate="20.11.2010 13:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP UDPv6 Service Provider" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="07.03.2011 19:52:47" ChageDate="20.11.2010 13:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP UDP Service Provider" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="07.03.2011 19:52:47" ChageDate="20.11.2010 13:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD RfComm [Bluetooth]" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="07.03.2011 19:52:47" ChageDate="20.11.2010 13:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
</SPI>
<DPF>
</DPF>
<CPL>
</CPL>
<ActiveSetup>
</ActiveSetup>
<HOSTS>
<ITEM Line="127.0.0.1 localhost" />
</HOSTS>
<ProtocolExt>
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
</ProtocolExt>
<IPU>
<ITEM Code="1" X1="TermService" X2="@%SystemRoot%\System32\termsrv.dll,-268" />
<ITEM Code="1" X1="SSDPSRV" X2="@%systemroot%\system32\ssdpsrv.dll,-100" />
<ITEM Code="1" X1="Schedule" X2="@%SystemRoot%\system32\schedsvc.dll,-100" />
<ITEM Code="2" />
<ITEM Code="3" />
<ITEM Code="5" />
<ITEM Code="8" X1="-1" />
</IPU>
<WIZARD-TSW>
<ITEM ID="58" Level="3" Fixed="0" />
<ITEM ID="59" Level="3" Fixed="0" />
<ITEM ID="60" Level="1" Fixed="0" />
<ITEM ID="61" Level="2" Fixed="0" />
<ITEM ID="66" Level="1" Fixed="0" />
</WIZARD-TSW>
</AVZ>
  • 0

#14
Essexboy
Posted 06 September 2011 - 11:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you attach the entire zip file please as it in a format I will be able to analyse

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#15
xxzoe85xx
Posted 06 September 2011 - 11:29 AM

xxzoe85xx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
oh right didnt realise...its attached :)Attached File  avptool_sysinfo.zip   20.74KB   105 downloads
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP