Jump to content

Antivirus GT


Recommended Posts

Several days ago my computer received this problem.

After some research i found out that Antivirus GT was a rogueware.

After encountering this problem i updated my malwarebytes and performed a full scan but it didn't pick up anything.

I have tried following guides on the internet on how to solve this problem with limited success.

http://www.im-infected.com/rogue/antivirus-gt.html

The guides instructs me to remove certain files and delete registry entries. I have tried doing so this morning but i could not locate most of the registry files.

After doing so Antivirus GT no longer opens upon start up but i still experience problems such as:

-being redirected to unwanted web pages while browsing the internet.

-the borders of my windows are now "classic" instead of the usual xp style.

Could anyone please help me solve this issue. Any help would be appreciated.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

Link to post
Share on other sites

Hi screen317

Mbam tells me I already have the latest database.

This is the mbam log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4287

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/07/2010 7:18:34 PM

mbam-log-2010-07-07 (19-18-34).txt

Scan type: Quick scan

Objects scanned: 133115

Time elapsed: 9 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS log:

DDS (Ver_10-03-17.01) - NTFSx86

Run by User at 19:09:41.93 on Wed 07/07/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.884 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch

C:\windows\system32\svchost -k rpcss

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\windows\Explorer.EXE

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\wuauclt.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\windows\System32\alg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\windows\System32\svchost.exe -k netsvcs

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\User\My Documents\Downloads\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = proxy.det.nsw.edu.au:8080

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [iSTray] "c:\program files\spyware doctor\pctsTray.exe"

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\sq8db8kg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.optuszoo.com.au/

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-7-6 217032]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-18 216200]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-18 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-18 242896]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-18 308064]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-7-6 112592]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-7-6 366840]

R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-7-6 1142224]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-28 38224]

S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-7-30 234888]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\locals~1\temp\smf33.tmp --> c:\docume~1\user\locals~1\temp\SMF33.tmp [?]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-27 167808]

=============== Created Last 30 ================

2010-07-07 22:12:25 0 d-----w- c:\program files\Enigma Software Group

2010-07-07 22:11:18 0 d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

2010-07-07 22:11:16 0 d-----w- c:\program files\common files\Wise Installation Wizard

2010-07-07 02:57:16 0 d-----w- c:\docume~1\user\applic~1\PC Tools

2010-07-07 02:57:16 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2010-07-07 02:45:09 0 d-----w- c:\program files\Spyware Doctor

2010-07-04 21:23:29 0 ----a-w- c:\documents and settings\user\jagex__preferences3.dat

2010-07-04 21:23:27 99 ----a-w- c:\documents and settings\user\jagex_runescape_preferences2.dat

2010-07-04 21:22:08 46 ----a-w- c:\documents and settings\user\jagex_runescape_preferences.dat

2010-06-29 02:47:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-29 02:47:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-06-29 02:47:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-29 02:47:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-27 21:03:20 0 d--h--w- c:\windows\PIF

2010-06-26 20:01:18 0 d-----w- c:\program files\SDA

2010-06-26 02:36:21 0 d-----w- c:\docume~1\user\applic~1\IObit

2010-06-26 02:34:57 0 d-----w- c:\program files\IObit

2010-06-19 15:46:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Messenger Plus!

2010-06-19 02:38:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-06-19 02:38:31 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-19 02:38:24 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-19 02:38:17 0 d-----w- c:\windows\system32\drivers\Avg

2010-06-19 02:34:37 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

2010-06-18 03:22:41 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-06-17 04:13:36 0 d-----w- c:\program files\Sony

2010-06-09 19:10:29 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-06-08 02:16:01 763832 ----a-w- c:\windows\BDTSupport.dll

2010-06-08 00:21:02 1652664 ----a-w- c:\windows\PCTBDCore.dll

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2009-09-05 20:39:35 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2009-09-05 05:07:56 32 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-09-05 05:07:56 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 19:13:50.82 ===============

Thanks

Link to post
Share on other sites

I ran combofix but i did not notice any changes.

ComboFix log:

ComboFix 10-07-07.01 - User 08/07/2010 14:27:00.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1234 [GMT -7:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\service

c:\windows\system32\service\02082009_TIS17_SfFniAU.log

c:\windows\system32\service\03052009_TIS17_SfFniAU.log

c:\windows\system32\service\04092009_TIS17_SfFniAU.log

c:\windows\system32\service\04122009_TIS17_SfFniAU.log

c:\windows\system32\service\06052009_TIS17_SfFniAU.log

c:\windows\system32\service\07092009_TIS17_SfFniAU.log

c:\windows\system32\service\08092009_TIS17_SfFniAU.log

c:\windows\system32\service\09042010_TIS17_SfFniAU.log

c:\windows\system32\service\11092009_TIS17_SfFniAU.log

c:\windows\system32\service\12012010_TIS17_SfFniAU.log

c:\windows\system32\service\13052009_TIS17_SfFniAU.log

c:\windows\system32\service\18072009_TIS17_SfFniAU.log

c:\windows\system32\service\18122009_TIS17_SfFniAU.log

c:\windows\system32\service\20102009_TIS17_SfFniAU.log

c:\windows\system32\service\22112009_TIS17_SfFniAU.log

c:\windows\system32\service\29082009_TIS17_SfFniAU.log

Infected copy of c:\windows\system32\drivers\disk.sys was found and disinfected

Restored copy from - Kitty had a snack :D

.

((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))

.

2010-07-08 20:55 . 2010-07-08 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!

2010-07-07 22:12 . 2010-07-07 22:12 -------- d-----w- c:\program files\Enigma Software Group

2010-07-07 22:11 . 2010-07-07 22:53 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

2010-07-07 22:11 . 2010-07-07 22:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-07-07 05:16 . 2010-07-07 05:16 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Threat Expert

2010-07-07 02:45 . 2010-07-08 21:02 -------- d-----w- c:\program files\Spyware Doctor

2010-07-04 21:23 . 2010-07-04 21:23 0 ----a-w- c:\documents and settings\User\jagex__preferences3.dat

2010-07-04 21:23 . 2010-07-04 21:35 99 ----a-w- c:\documents and settings\User\jagex_runescape_preferences2.dat

2010-07-04 21:22 . 2010-07-04 21:25 46 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat

2010-07-03 04:31 . 2010-07-03 04:31 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\GameKiller.net

2010-07-01 03:07 . 2010-07-05 03:40 -------- d-----w- c:\program files\Warcraft III

2010-06-29 02:47 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-29 02:47 . 2010-06-29 02:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-29 02:47 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-27 23:14 . 2010-06-27 23:14 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2010-06-27 21:03 . 2010-06-27 21:03 -------- d--h--w- c:\windows\PIF

2010-06-26 20:01 . 2010-06-26 20:01 -------- d-----w- c:\program files\SDA

2010-06-26 02:36 . 2010-06-26 02:36 -------- d-----w- c:\documents and settings\User\Application Data\IObit

2010-06-26 02:34 . 2010-06-26 02:36 -------- d-----w- c:\program files\IObit

2010-06-24 00:30 . 2010-07-08 03:21 685440 ----a-w- c:\documents and settings\User\Local Settings\Application Data\prvlcl.dat

2010-06-23 03:03 . 2010-06-23 03:03 -------- d-----w- c:\documents and settings\Backup. Do not use\Local Settings\Application Data\PCHealth

2010-06-22 01:52 . 2009-10-14 00:16 -------- d-----w- c:\documents and settings\Backup. Do not use\Local Settings\Application Data\Microsoft Help

2010-06-22 01:52 . 2010-07-08 20:53 -------- d-----w- c:\documents and settings\Backup. Do not use

2010-06-18 03:22 . 2010-06-18 03:22 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-06-17 04:20 . 2010-06-17 04:20 -------- d-----w- c:\documents and settings\User\Application Data\Publish Providers

2010-06-17 04:13 . 2010-06-17 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony

2010-06-17 04:13 . 2010-06-17 04:13 -------- d-----w- c:\program files\Sony

2010-06-17 04:02 . 2010-06-17 04:20 -------- d-----w- c:\documents and settings\User\Application Data\Sony

2010-06-17 04:02 . 2010-06-17 04:02 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sony

2010-06-10 05:03 . 2010-06-10 05:03 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PCHealth

2010-06-09 19:10 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-08 21:02 . 2009-09-05 03:32 -------- d-----w- c:\program files\Common Files\PC Tools

2010-07-08 21:00 . 2009-09-04 03:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-05 20:47 . 2010-05-26 23:50 -------- d-----w- c:\documents and settings\User\Application Data\vlc

2010-07-04 19:11 . 2009-05-09 16:52 75224 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-28 00:05 . 2009-05-03 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-23 03:00 . 2010-06-22 01:53 -------- d-----w- c:\documents and settings\Backup. Do not use\Application Data\Apple Computer

2010-06-17 05:00 . 2009-07-31 02:30 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent

2010-06-10 02:23 . 2009-05-03 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-06-06 01:48 . 2010-06-06 01:48 -------- d-----w- c:\program files\Nexon

2010-06-06 01:17 . 2009-11-12 04:17 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-25 23:14 . 2009-07-31 02:32 -------- d-----w- c:\program files\uTorrent

2010-05-22 04:50 . 2010-03-07 19:31 25 ----a-w- c:\windows\popcinfot.dat

2010-05-21 00:27 . 2010-05-15 02:31 -------- d-----w- c:\documents and settings\User\Application Data\CyberLink

2010-05-21 00:25 . 2009-04-28 17:41 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-21 00:24 . 2009-04-28 17:49 -------- d-----w- c:\program files\CyberLink

2010-05-21 00:24 . 2010-05-21 00:24 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe

2010-05-21 00:24 . 2010-05-21 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc

2010-05-21 00:23 . 2010-05-21 00:23 -------- d-----w- c:\program files\SmartSound Software

2010-05-21 00:14 . 2010-05-21 00:14 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe

2010-05-12 02:22 . 2010-05-12 02:22 -------- d-----w- c:\documents and settings\User\Application Data\Leadertech

2010-05-11 03:10 . 2010-05-11 03:10 -------- d-----w- c:\program files\CCleaner

2010-05-11 02:54 . 2010-05-11 02:46 -------- d-----w- c:\program files\AVG

2010-05-10 23:26 . 2010-03-15 01:50 -------- d-----w- c:\program files\Messenger Plus! Live

2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-01 04:20 . 2010-04-06 01:58 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll

2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2009-09-05 05:07 . 2009-09-05 04:43 32 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-09-05 05:07 . 2009-09-05 04:43 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2009-04-02 19:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856]

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Seagate 2GH2DDJW Product Registration.lnk]

path=c:\documents and settings\User\Start Menu\Programs\Startup\Seagate 2GH2DDJW Product Registration.lnk

backup=c:\windows\pss\Seagate 2GH2DDJW Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]

2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-07-21 02:04 133104 ----atw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2007-05-15 22:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-06 05:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2010-04-07 22:50 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 22:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

2007-05-15 22:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2005-02-23 10:13 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-05-03 19:13 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVGLS9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVGLS9\\avgnsx.exe"=

"c:\\Program Files\\Warcraft III\\war3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58549:TCP"= 58549:TCP:Pando Media Booster

"58549:UDP"= 58549:UDP:Pando Media Booster

S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [30/07/2009 7:32 PM 234888]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 1:41 PM 135664]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\User\LOCALS~1\Temp\SMF33.tmp --> c:\docume~1\User\LOCALS~1\Temp\SMF33.tmp [?]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 5:53 PM 167808]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/08/2009 9:33 PM 722416]

.

Contents of the 'Scheduled Tasks' folder

2009-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:41]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:41]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1972579041-1177238915-1004Core.job

- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-21 02:04]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1972579041-1177238915-1004UA.job

- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-21 02:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = proxy.det.nsw.edu.au:8080

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\sq8db8kg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.optuszoo.com.au/

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe

MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe

MSConfigStartUp-OE - c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

MSConfigStartUp-UfSeAgnt - c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-08 14:31

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\SMF33.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)

c:\windows\system32\WLDAP32.dll

.

Completion time: 2010-07-08 14:33:03

ComboFix-quarantined-files.txt 2010-07-08 21:33

Pre-Run: 43,533,688,832 bytes free

Post-Run: 44,801,286,144 bytes free

- - End Of File - - B5B2F30108833BE8839E5D376A6D9619

DDS log:

DDS (Ver_10-03-17.01) - NTFSx86

Run by User at 14:36:14.14 on Thu 08/07/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1075 [GMT -7:00]

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch

svchost.exe

C:\windows\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\windows\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\windows\system32\wscntfy.exe

C:\windows\system32\notepad.exe

C:\windows\explorer.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = proxy.det.nsw.edu.au:8080

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\sq8db8kg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.optuszoo.com.au/

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-7-30 234888]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\locals~1\temp\smf33.tmp --> c:\docume~1\user\locals~1\temp\SMF33.tmp [?]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-27 167808]

=============== Created Last 30 ================

2010-07-08 21:13:00 98816 ----a-w- c:\windows\sed.exe

2010-07-08 21:13:00 77312 ----a-w- c:\windows\MBR.exe

2010-07-08 21:13:00 256512 ----a-w- c:\windows\PEV.exe

2010-07-08 21:13:00 161792 ----a-w- c:\windows\SWREG.exe

2010-07-08 20:55:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Messenger Plus!

2010-07-07 22:12:25 0 d-----w- c:\program files\Enigma Software Group

2010-07-07 22:11:18 0 d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

2010-07-07 22:11:16 0 d-----w- c:\program files\common files\Wise Installation Wizard

2010-07-07 02:45:50 767952 ----a-w- c:\windows\BDTSupport.dll.old

2010-07-07 02:45:48 1652688 ----a-w- c:\windows\PCTBDCore.dll.old

2010-07-07 02:45:09 0 d-----w- c:\program files\Spyware Doctor

2010-07-04 21:23:29 0 ----a-w- c:\documents and settings\user\jagex__preferences3.dat

2010-07-04 21:23:27 99 ----a-w- c:\documents and settings\user\jagex_runescape_preferences2.dat

2010-07-04 21:22:08 46 ----a-w- c:\documents and settings\user\jagex_runescape_preferences.dat

2010-06-29 02:47:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-29 02:47:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-29 02:47:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-27 21:03:20 0 d--h--w- c:\windows\PIF

2010-06-26 20:01:18 0 d-----w- c:\program files\SDA

2010-06-26 02:36:21 0 d-----w- c:\docume~1\user\applic~1\IObit

2010-06-26 02:34:57 0 d-----w- c:\program files\IObit

2010-06-18 03:22:41 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-06-17 04:13:36 0 d-----w- c:\program files\Sony

2010-06-09 19:10:29 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2009-09-05 20:39:35 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2009-09-05 05:07:56 32 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-09-05 05:07:56 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 14:36:22.56 ===============

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Here is the TDSSKiller log:

19:20:02:312 0560 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49

19:20:02:312 0560 ================================================================================

19:20:02:312 0560 SystemInfo:

19:20:02:312 0560 OS Version: 5.1.2600 ServicePack: 3.0

19:20:02:312 0560 Product type: Workstation

19:20:02:312 0560 ComputerName: USER-7D5964F85B

19:20:02:312 0560 UserName: User

19:20:02:312 0560 Windows directory: C:\windows

19:20:02:312 0560 System windows directory: C:\windows

19:20:02:312 0560 Processor architecture: Intel x86

19:20:02:312 0560 Number of processors: 2

19:20:02:312 0560 Page size: 0x1000

19:20:02:312 0560 Boot type: Normal boot

19:20:02:312 0560 ================================================================================

19:20:07:375 0560 Initialize success

19:20:07:375 0560

19:20:07:375 0560 Scanning Services ...

19:20:09:421 0560 Raw services enum returned 335 services

19:20:09:437 0560

19:20:09:437 0560 Scanning Drivers ...

19:20:13:046 0560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys

19:20:13:390 0560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys

19:20:13:765 0560 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys

19:20:14:031 0560 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\windows\system32\DRIVERS\AegisP.sys

19:20:14:562 0560 AFD (7e775010ef291da96ad17ca4b17137d7) C:\windows\System32\drivers\afd.sys

19:20:16:093 0560 ALCXWDM (5dae13401e4d3b8f132bf5867447d661) C:\windows\system32\drivers\ALCXWDM.SYS

19:20:17:546 0560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys

19:20:17:828 0560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys

19:20:18:046 0560 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\windows\system32\DRIVERS\ati2mtag.sys

19:20:18:359 0560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys

19:20:18:390 0560 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys

19:20:18:796 0560 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\windows\system32\Drivers\avgldx86.sys

19:20:19:046 0560 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\windows\system32\Drivers\avgmfx86.sys

19:20:19:140 0560 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\windows\system32\Drivers\avgtdix.sys

19:20:19:390 0560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys

19:20:20:015 0560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys

19:20:20:187 0560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys

19:20:20:281 0560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys

19:20:20:734 0560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys

19:20:20:859 0560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys

19:20:21:140 0560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys

19:20:21:250 0560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys

19:20:21:421 0560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys

19:20:21:515 0560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys

19:20:21:859 0560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys

19:20:22:093 0560 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys

19:20:22:203 0560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys

19:20:22:328 0560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys

19:20:22:468 0560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\DRIVERS\flpydisk.sys

19:20:22:781 0560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys

19:20:22:812 0560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys

19:20:22:875 0560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys

19:20:23:328 0560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

19:20:23:828 0560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys

19:20:24:093 0560 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\windows\system32\DRIVERS\HSFBS2S2.sys

19:20:24:156 0560 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\windows\system32\DRIVERS\HSFDPSP2.sys

19:20:24:953 0560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys

19:20:25:328 0560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys

19:20:25:437 0560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys

19:20:25:515 0560 InCDfs (7bfc3eda22190c0fe8c2ca19e5379da5) C:\windows\system32\drivers\InCDFs.sys

19:20:25:687 0560 InCDPass (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\windows\system32\drivers\InCDPass.sys

19:20:25:718 0560 InCDrec (f8e7c551def07fdc12ca5cc7ae5d975b) C:\windows\system32\drivers\InCDrec.sys

19:20:25:781 0560 incdrm (31a5a3809249a326eb0ef58d563a9654) C:\windows\system32\drivers\InCDRm.sys

19:20:25:953 0560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys

19:20:26:000 0560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys

19:20:26:265 0560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys

19:20:26:640 0560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys

19:20:26:937 0560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys

19:20:27:046 0560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys

19:20:27:218 0560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys

19:20:27:375 0560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys

19:20:27:531 0560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys

19:20:27:703 0560 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\windows\system32\drivers\klmd.sys

19:20:27:765 0560 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys

19:20:27:937 0560 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys

19:20:28:015 0560 mdmxsdk (195741aee20369980796b557358cd774) C:\windows\system32\DRIVERS\mdmxsdk.sys

19:20:28:046 0560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys

19:20:28:156 0560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys

19:20:28:234 0560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys

19:20:28:312 0560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys

19:20:28:375 0560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys

19:20:28:578 0560 MRxSmb (f3aefb11abc521122b67095044169e98) C:\windows\system32\DRIVERS\mrxsmb.sys

19:20:28:875 0560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys

19:20:28:968 0560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys

19:20:29:015 0560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys

19:20:29:031 0560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys

19:20:29:062 0560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys

19:20:29:171 0560 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys

19:20:29:359 0560 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys

19:20:29:500 0560 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys

19:20:29:546 0560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys

19:20:29:828 0560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys

19:20:30:031 0560 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\windows\system32\drivers\NDProxy.sys

19:20:30:140 0560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys

19:20:30:328 0560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys

19:20:30:375 0560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys

19:20:30:421 0560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys

19:20:30:609 0560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys

19:20:31:265 0560 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\windows\system32\DRIVERS\nv4_mini.sys

19:20:31:343 0560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys

19:20:31:359 0560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys

19:20:31:546 0560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys

19:20:31:937 0560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys

19:20:32:031 0560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys

19:20:32:109 0560 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys

19:20:32:156 0560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys

19:20:32:187 0560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys

19:20:32:265 0560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys

19:20:32:281 0560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys

19:20:32:296 0560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys

19:20:32:328 0560 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\windows\system32\Drivers\PxHelp20.sys

19:20:32:515 0560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys

19:20:32:578 0560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys

19:20:32:593 0560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys

19:20:32:609 0560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys

19:20:32:671 0560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys

19:20:32:703 0560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys

19:20:32:750 0560 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys

19:20:32:781 0560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys

19:20:32:828 0560 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\windows\system32\DRIVERS\wg111v2.sys

19:20:32:859 0560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys

19:20:32:906 0560 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys

19:20:32:953 0560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\DRIVERS\serial.sys

19:20:32:968 0560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys

19:20:33:015 0560 SISAGP (923d23638c616eecb0d811461161d0b8) C:\windows\system32\DRIVERS\SISAGPX.sys

19:20:33:031 0560 SiSide (b4485881bd8aed9b157a2e6cf43c2d51) C:\windows\system32\DRIVERS\siside.sys

19:20:33:062 0560 sisidex (6225224b8e846ac230f8d9b343635910) C:\windows\system32\drivers\sisidex.sys

19:20:33:125 0560 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\windows\system32\DRIVERS\sisnic.sys

19:20:33:156 0560 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\windows\system32\drivers\sisperf.sys

19:20:33:203 0560 SiSRaid (d20af0111a30abcf6d82300abcc0f21c) C:\windows\system32\DRIVERS\SiSRaid.sys

19:20:33:234 0560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys

19:20:33:296 0560 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\windows\system32\Drivers\sptd.sys

19:20:33:296 0560 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e

19:20:33:390 0560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys

19:20:33:453 0560 Srv (89220b427890aa1dffd1a02648ae51c3) C:\windows\system32\DRIVERS\srv.sys

19:20:33:500 0560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys

19:20:33:515 0560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys

19:20:33:562 0560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys

19:20:33:656 0560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys

19:20:33:703 0560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys

19:20:33:718 0560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys

19:20:33:750 0560 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys

19:20:33:781 0560 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\windows\system32\DRIVERS\uagp35.sys

19:20:33:828 0560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys

19:20:33:875 0560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys

19:20:33:937 0560 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\windows\system32\Drivers\usbaapl.sys

19:20:33:984 0560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys

19:20:34:000 0560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys

19:20:34:015 0560 usbohci (0daecce65366ea32b162f85f07c6753b) C:\windows\system32\DRIVERS\usbohci.sys

19:20:34:062 0560 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys

19:20:34:093 0560 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys

19:20:34:140 0560 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS

19:20:34:187 0560 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\windows\system32\DRIVERS\usb8023.sys

19:20:34:218 0560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys

19:20:34:265 0560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys

19:20:34:296 0560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys

19:20:34:343 0560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys

19:20:34:437 0560 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\windows\system32\DRIVERS\HSFCXTS2.sys

19:20:34:500 0560 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys

19:20:34:515 0560 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys

19:20:34:531 0560

19:20:34:531 0560 Completed

19:20:34:531 0560

19:20:34:531 0560 Results:

19:20:34:531 0560 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

19:20:34:531 0560 File objects infected / cured / cured on reboot: 0 / 0 / 0

19:20:34:531 0560

19:20:34:531 0560 KLMD(ARK) unloaded successfully

Link to post
Share on other sites

  • Staff

Hi,

Delete your copy of ComboFix, grab a fresh copy, then run it and post its log.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know, in detail, what problems remain.

-screen317

Link to post
Share on other sites

Here is the ComboFix log:

ComboFix 10-07-10.01 - User 11/07/2010 13:45:36.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1135 [GMT -7:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))

.

2010-07-08 23:12 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-08 23:12 . 2010-07-08 23:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-08 23:12 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-08 22:59 . 2010-07-08 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-08 20:55 . 2010-07-08 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!

2010-07-07 22:12 . 2010-07-07 22:12 -------- d-----w- c:\program files\Enigma Software Group

2010-07-07 22:11 . 2010-07-07 22:53 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

2010-07-07 22:11 . 2010-07-07 22:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-07-07 05:16 . 2010-07-07 05:16 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Threat Expert

2010-07-07 02:45 . 2010-07-08 21:02 -------- d-----w- c:\program files\Spyware Doctor

2010-07-04 21:23 . 2010-07-04 21:23 0 ----a-w- c:\documents and settings\User\jagex__preferences3.dat

2010-07-04 21:23 . 2010-07-04 21:35 99 ----a-w- c:\documents and settings\User\jagex_runescape_preferences2.dat

2010-07-04 21:22 . 2010-07-04 21:25 46 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat

2010-07-03 04:31 . 2010-07-03 04:31 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\GameKiller.net

2010-07-01 03:07 . 2010-07-05 03:40 -------- d-----w- c:\program files\Warcraft III

2010-06-27 23:14 . 2010-06-27 23:14 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2010-06-27 21:03 . 2010-06-27 21:03 -------- d--h--w- c:\windows\PIF

2010-06-26 20:01 . 2010-06-26 20:01 -------- d-----w- c:\program files\SDA

2010-06-26 02:36 . 2010-06-26 02:36 -------- d-----w- c:\documents and settings\User\Application Data\IObit

2010-06-26 02:34 . 2010-06-26 02:36 -------- d-----w- c:\program files\IObit

2010-06-24 00:30 . 2010-07-08 22:09 0 ----a-w- c:\documents and settings\User\Local Settings\Application Data\prvlcl.dat

2010-06-23 03:03 . 2010-06-23 03:03 -------- d-----w- c:\documents and settings\Backup. Do not use\Local Settings\Application Data\PCHealth

2010-06-22 01:52 . 2009-10-14 00:16 -------- d-----w- c:\documents and settings\Backup. Do not use\Local Settings\Application Data\Microsoft Help

2010-06-22 01:52 . 2010-07-11 20:35 -------- d-----w- c:\documents and settings\Backup. Do not use

2010-06-18 03:22 . 2010-06-18 03:22 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-06-17 04:20 . 2010-06-17 04:20 -------- d-----w- c:\documents and settings\User\Application Data\Publish Providers

2010-06-17 04:13 . 2010-06-17 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony

2010-06-17 04:13 . 2010-06-17 04:13 -------- d-----w- c:\program files\Sony

2010-06-17 04:02 . 2010-06-17 04:20 -------- d-----w- c:\documents and settings\User\Application Data\Sony

2010-06-17 04:02 . 2010-06-17 04:02 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sony

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-08 21:02 . 2009-09-05 03:32 -------- d-----w- c:\program files\Common Files\PC Tools

2010-07-08 21:00 . 2009-09-04 03:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-05 20:47 . 2010-05-26 23:50 -------- d-----w- c:\documents and settings\User\Application Data\vlc

2010-07-04 19:11 . 2009-05-09 16:52 75224 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-28 00:05 . 2009-05-03 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-23 03:00 . 2010-06-22 01:53 -------- d-----w- c:\documents and settings\Backup. Do not use\Application Data\Apple Computer

2010-06-17 05:00 . 2009-07-31 02:30 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent

2010-06-10 02:23 . 2009-05-03 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-06-06 01:48 . 2010-06-06 01:48 -------- d-----w- c:\program files\Nexon

2010-06-06 01:17 . 2009-11-12 04:17 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-25 23:14 . 2009-07-31 02:32 -------- d-----w- c:\program files\uTorrent

2010-05-22 04:50 . 2010-03-07 19:31 25 ----a-w- c:\windows\popcinfot.dat

2010-05-21 00:27 . 2010-05-15 02:31 -------- d-----w- c:\documents and settings\User\Application Data\CyberLink

2010-05-21 00:25 . 2009-04-28 17:41 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-21 00:24 . 2009-04-28 17:49 -------- d-----w- c:\program files\CyberLink

2010-05-21 00:24 . 2010-05-21 00:24 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe

2010-05-21 00:24 . 2010-05-21 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc

2010-05-21 00:23 . 2010-05-21 00:23 -------- d-----w- c:\program files\SmartSound Software

2010-05-21 00:14 . 2010-05-21 00:14 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe

2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-01 04:20 . 2010-04-06 01:58 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll

2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2009-09-05 05:07 . 2009-09-05 04:43 32 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-09-05 05:07 . 2009-09-05 04:43 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat

.

((((((((((((((((((((((((((((( SnapShot@2010-07-08_21.31.32 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-11 20:41 . 2010-07-11 20:41 16384 c:\windows\Temp\Perflib_Perfdata_738.dat

- 2010-07-06 00:56 . 2010-07-06 00:56 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll

- 2010-07-06 00:55 . 2010-07-06 00:55 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll

+ 2010-07-11 19:42 . 2010-07-11 19:42 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2010-07-05 05:31 . 2010-07-05 05:31 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2009-11-07 08:07 . 2008-07-25 19:16 282112 c:\windows\system32\mscoree.dll

- 2008-07-25 19:16 . 2008-07-25 19:16 282112 c:\windows\system32\mscoree.dll

+ 2010-02-25 07:14 . 2010-02-25 07:14 543232 c:\windows\Installer\24531.msp

+ 2010-02-25 07:14 . 2010-02-25 07:14 543232 c:\windows\Installer\22e0f.msp

+ 2010-02-25 07:14 . 2010-02-25 07:14 543232 c:\windows\Installer\1eab55.msp

+ 2010-02-25 07:14 . 2010-02-25 07:14 543232 c:\windows\Installer\1524a8e.msp

+ 2010-04-09 22:28 . 2010-07-10 05:50 372736 c:\windows\Installer\{996A2FAA-7514-4628-9D12-A8FC34A0016E}\iTunesIco.exe

- 2010-04-09 22:28 . 2010-04-25 01:50 372736 c:\windows\Installer\{996A2FAA-7514-4628-9D12-A8FC34A0016E}\iTunesIco.exe

+ 2010-07-11 19:42 . 2010-07-11 19:42 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\9d1a36d51bb6a24f943e73c0011e342a\WindowsLiveLocal.WriterPlugin.ni.dll

- 2010-07-06 00:54 . 2010-07-06 00:54 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\9d1a36d51bb6a24f943e73c0011e342a\WindowsLiveLocal.WriterPlugin.ni.dll

- 2010-07-06 00:54 . 2010-07-06 00:54 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ef0daf9b5b7002d4d3493671db79fec5\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2010-07-11 19:42 . 2010-07-11 19:42 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ef0daf9b5b7002d4d3493671db79fec5\WindowsLive.Writer.HtmlEditor.ni.dll

- 2010-07-06 00:54 . 2010-07-06 00:54 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ac50120d9dfafb4868aa4531456cf2e7\WindowsLive.Writer.BlogClient.ni.dll

+ 2010-07-11 19:42 . 2010-07-11 19:42 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ac50120d9dfafb4868aa4531456cf2e7\WindowsLive.Writer.BlogClient.ni.dll

- 2010-07-06 00:54 . 2010-07-06 00:54 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\60e6ca35b86ce10970a63fa5ea8b1d9c\WindowsLive.Writer.HtmlParser.ni.dll

+ 2010-07-11 19:41 . 2010-07-11 19:41 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\60e6ca35b86ce10970a63fa5ea8b1d9c\WindowsLive.Writer.HtmlParser.ni.dll

- 2010-07-06 00:57 . 2010-07-06 00:57 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll

+ 2010-07-11 19:45 . 2010-07-11 19:45 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll

- 2010-07-06 00:56 . 2010-07-06 00:56 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll

- 2010-07-06 00:56 . 2010-07-06 00:56 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll

- 2010-07-06 00:56 . 2010-07-06 00:56 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll

- 2010-07-06 00:56 . 2010-07-06 00:56 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll

- 2010-07-06 00:56 . 2010-07-06 00:56 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll

- 2010-07-06 00:56 . 2010-07-06 00:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll

+ 2010-07-11 19:41 . 2010-07-11 19:41 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll

- 2010-07-06 00:54 . 2010-07-06 00:54 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll

- 2010-07-06 00:54 . 2010-07-06 00:54 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4\System.Runtime.Remoting.ni.dll

+ 2010-07-11 19:42 . 2010-07-11 19:42 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4\System.Runtime.Remoting.ni.dll

- 2010-07-06 00:56 . 2010-07-06 00:56 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll

- 2010-07-06 00:56 . 2010-07-06 00:56 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll

- 2010-07-06 00:56 . 2010-07-06 00:56 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll

- 2010-07-06 00:55 . 2010-07-06 00:55 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll

+ 2010-07-11 19:42 . 2010-07-11 19:42 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll

- 2010-07-06 00:55 . 2010-07-06 00:55 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll

+ 2010-07-11 19:41 . 2010-07-11 19:41 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll

- 2010-07-06 00:54 . 2010-07-06 00:54 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll

- 2010-07-06 00:54 . 2010-07-06 00:54 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe

+ 2010-07-11 19:42 . 2010-07-11 19:42 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe

- 2010-07-06 00:46 . 2010-07-06 00:46 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll

+ 2010-07-11 19:40 . 2010-07-11 19:40 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2009-11-09 07:25 . 2009-11-09 07:25 1935360 c:\windows\Installer\2453f.msp

+ 2010-04-12 05:17 . 2010-04-12 05:17 4210688 c:\windows\Installer\24537.msp

+ 2010-04-12 05:17 . 2010-04-12 05:17 2607104 c:\windows\Installer\24536.msp

+ 2009-11-09 07:25 . 2009-11-09 07:25 1935360 c:\windows\Installer\22e1d.msp

+ 2010-04-12 05:17 . 2010-04-12 05:17 4210688 c:\windows\Installer\22e15.msp

+ 2010-04-12 05:17 . 2010-04-12 05:17 2607104 c:\windows\Installer\22e14.msp

+ 2009-11-09 07:25 . 2009-11-09 07:25 1935360 c:\windows\Installer\1eab63.msp

+ 2010-04-12 05:17 . 2010-04-12 05:17 4210688 c:\windows\Installer\1eab5b.msp

+ 2010-04-12 05:17 . 2010-04-12 05:17 2607104 c:\windows\Installer\1eab5a.msp

+ 2009-11-09 07:25 . 2009-11-09 07:25 1935360 c:\windows\Installer\1524a9c.msp

+ 2010-04-12 05:17 . 2010-04-12 05:17 4210688 c:\windows\Installer\1524a94.msp

+ 2010-04-12 05:17 . 2010-04-12 05:17 2607104 c:\windows\Installer\1524a93.msp

- 2010-07-06 00:54 . 2010-07-06 00:54 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bf704776939a6c4d0fac5ad70099300b\WindowsLive.Writer.CoreServices.ni.dll

+ 2010-07-11 19:41 . 2010-07-11 19:41 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bf704776939a6c4d0fac5ad70099300b\WindowsLive.Writer.CoreServices.ni.dll

- 2010-07-06 00:54 . 2010-07-06 00:54 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7e735c4d2b299eb78cf8cb2c70865978\WindowsLive.Writer.PostEditor.ni.dll

+ 2010-07-11 19:41 . 2010-07-11 19:41 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7e735c4d2b299eb78cf8cb2c70865978\WindowsLive.Writer.PostEditor.ni.dll

+ 2010-07-11 02:05 . 2010-07-11 02:05 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll

- 2010-07-05 05:26 . 2010-07-05 05:26 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll

+ 2010-07-08 23:40 . 2010-07-08 23:40 2178048 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF6.tmp\System.Core.dll

+ 2010-07-11 19:45 . 2010-07-11 19:45 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll

- 2010-07-06 00:57 . 2010-07-06 00:57 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll

- 2010-07-06 00:57 . 2010-07-06 00:57 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll

+ 2010-07-11 19:45 . 2010-07-11 19:45 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll

- 2010-07-06 00:56 . 2010-07-06 00:56 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll

+ 2010-07-11 19:45 . 2010-07-11 19:45 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll

- 2010-07-06 00:56 . 2010-07-06 00:56 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll

- 2010-07-06 00:54 . 2010-07-06 00:54 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll

+ 2010-07-11 19:42 . 2010-07-11 19:42 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll

- 2010-07-06 00:56 . 2010-07-06 00:56 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll

- 2010-07-06 00:56 . 2010-07-06 00:56 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll

- 2010-07-06 00:56 . 2010-07-06 00:56 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll

- 2010-07-06 00:47 . 2010-07-06 00:47 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll

+ 2010-07-11 19:40 . 2010-07-11 19:40 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll

+ 2010-07-11 19:41 . 2010-07-11 19:41 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll

- 2010-07-06 00:54 . 2010-07-06 00:54 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll

- 2010-07-06 00:56 . 2010-07-06 00:56 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll

- 2010-07-05 05:28 . 2010-07-05 05:28 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll

+ 2010-07-11 02:12 . 2010-07-11 02:12 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll

+ 2010-07-11 19:44 . 2010-07-11 19:44 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll

- 2010-07-06 00:55 . 2010-07-06 00:55 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll

- 2010-07-05 05:27 . 2010-07-05 05:27 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll

+ 2010-07-11 02:12 . 2010-07-11 02:12 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll

- 2010-07-05 05:27 . 2010-07-05 05:27 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll

+ 2010-07-11 02:12 . 2010-07-11 02:12 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll

- 2010-07-05 05:27 . 2010-07-05 05:27 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll

+ 2010-07-11 02:12 . 2010-07-11 02:12 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll

+ 2010-07-11 19:42 . 2010-07-11 19:42 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll

- 2010-07-06 00:54 . 2010-07-06 00:54 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll

+ 2010-07-11 19:42 . 2010-07-11 19:42 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll

- 2010-07-06 00:54 . 2010-07-06 00:54 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll

- 2010-07-06 00:54 . 2010-07-06 00:54 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2010-07-11 19:42 . 2010-07-11 19:42 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2010-07-05 05:31 . 2010-07-05 05:31 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2010-07-11 02:11 . 2010-07-11 02:11 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2010-07-10 02:30 . 2010-07-10 02:30 12430848 c:\windows\assembly\temp\F7PTXDOGZ3\System.Windows.Forms.ni.dll

+ 2010-07-10 02:24 . 2010-07-10 02:24 13835776 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE8.tmp\PresentationFramework.dll

+ 2010-07-09 02:18 . 2010-07-09 02:18 10244096 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1C5.tmp\System.Design.dll

- 2010-07-05 05:29 . 2010-07-05 05:29 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll

+ 2010-07-11 02:13 . 2010-07-11 02:13 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll

+ 2010-07-11 19:42 . 2010-07-11 19:42 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll

- 2010-07-06 00:54 . 2010-07-06 00:54 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll

- 2010-07-06 00:53 . 2010-07-06 00:53 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll

+ 2010-07-11 19:41 . 2010-07-11 19:41 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll

+ 2010-07-11 02:13 . 2010-07-11 02:13 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll

- 2010-07-05 05:29 . 2010-07-05 05:29 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll

- 2010-07-05 05:27 . 2010-07-05 05:27 14440448 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6f3d1f7e75842e23fda95c6baa575caa\PresentationFramework.ni.dll

+ 2010-07-11 02:12 . 2010-07-11 02:12 14440448 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6f3d1f7e75842e23fda95c6baa575caa\PresentationFramework.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2009-04-02 19:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856]

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Seagate 2GH2DDJW Product Registration.lnk]

path=c:\documents and settings\User\Start Menu\Programs\Startup\Seagate 2GH2DDJW Product Registration.lnk

backup=c:\windows\pss\Seagate 2GH2DDJW Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]

2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-07-21 02:04 133104 ----atw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2007-05-15 22:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-06 05:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2010-04-07 22:50 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 22:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

2007-05-15 22:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2005-02-23 10:13 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-05-03 19:13 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\AVG\\AVGLS9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVGLS9\\avgnsx.exe"=

"c:\\Program Files\\Warcraft III\\war3.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58549:TCP"= 58549:TCP:Pando Media Booster

"58549:UDP"= 58549:UDP:Pando Media Booster

S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [30/07/2009 7:32 PM 234888]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 1:41 PM 135664]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\User\LOCALS~1\Temp\SMF33.tmp --> c:\docume~1\User\LOCALS~1\Temp\SMF33.tmp [?]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 5:53 PM 167808]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/08/2009 9:33 PM 722416]

.

Contents of the 'Scheduled Tasks' folder

2009-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:41]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:41]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1972579041-1177238915-1004Core.job

- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-21 02:04]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1972579041-1177238915-1004UA.job

- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-21 02:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = proxy.det.nsw.edu.au:8080

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\sq8db8kg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.optuszoo.com.au/

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-11 13:48

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\SMF33.tmp"

.

Completion time: 2010-07-11 13:50:20

ComboFix-quarantined-files.txt 2010-07-11 20:50

ComboFix2.txt 2010-07-08 21:33

Pre-Run: 42,453,389,312 bytes free

Post-Run: 42,791,317,504 bytes free

- - End Of File - - 5B47FD68211C38B95695325832C84B41

Link to post
Share on other sites

I think this is the F-secure log:

Scanning Report

Sunday, July 11, 2010 14:37:12 - 15:20:16

Computer name: USER-7D5964F85B

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

--------------------------------------------------------------------------------

7 malware found

TrackingCookie.Atdmt (spyware)

System (Disinfected)

Suspicious:W32/Malware!Gemini (spyware)

System (Disinfected)

TrackingCookie.Webtrends (spyware)

System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

System (Disinfected)

Suspicious:W32/Malware!Gemini (virus)

C:\PROGRAM FILES\WARCRAFT III\BNUPDATE.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\DOWNLOADS\SONY_VEG.COM\ACTIVACI\PATCH\SONYVEGA.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\DOCUMENTS AND SETTINGS\USER\DESKTOP\BRANDON\WARCRAFT III\BNUPDATE.EXE (Not cleaned)

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 40397

System: 3693

Not scanned: 10

Actions:

Disinfected: 4

Renamed: 0

Deleted: 0

Not cleaned: 3

Submitted: 2

Files not scanned:

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB

C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB

C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\HSPERFDATA_USER\1076

C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\HSPERFDATA_USER\3556

--------------------------------------------------------------------------------

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

Link to post
Share on other sites

Finally here is the security log you requested:

Results of screen317's Security Check version 0.99.4

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG Free 9.0

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java DB 10.5.3.0

Java 6 Update 18

Java SE Development Kit 6 Update 18

Out of date Java installed!

Adobe Flash Player 10.1.53.64

Adobe Reader 9.3.2

Mozilla Firefox (3.6.6)

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Most of the spyware has been removed but there is still one problem remaining. I think there might be something in my system left by the malware. The task bar and all open windows are shown as grey much like the older windows themes instead of the usual windows xp one. I have tried resolving this through right-clicking the desktop and changing properties but nothing works. I don't think this issue is that serious though as i believe it is just an attempt to scare victims into buying the fake antivirus product.

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java DB 10.5.3.0

Java

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.