spayse Posted July 7, 2010 ID:280496 Share Posted July 7, 2010 Several days ago my computer received this problem.After some research i found out that Antivirus GT was a rogueware.After encountering this problem i updated my malwarebytes and performed a full scan but it didn't pick up anything.I have tried following guides on the internet on how to solve this problem with limited success.http://www.im-infected.com/rogue/antivirus-gt.htmlThe guides instructs me to remove certain files and delete registry entries. I have tried doing so this morning but i could not locate most of the registry files.After doing so Antivirus GT no longer opens upon start up but i still experience problems such as:-being redirected to unwanted web pages while browsing the internet.-the borders of my windows are now "classic" instead of the usual xp style.Could anyone please help me solve this issue. Any help would be appreciated. Link to post Share on other sites More sharing options...
spayse Posted July 7, 2010 Author ID:280509 Share Posted July 7, 2010 I have just realised that i had backed up my registry several months ago. Would importing a previous copy of my registry undo any issues caused in the past few days?? Link to post Share on other sites More sharing options...
Staff screen317 Posted July 7, 2010 Staff ID:280529 Share Posted July 7, 2010 Hi and welcome to Malwarebytes.Please update MBAM, run a Quick Scan, and post its log.Next, download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized. Link to post Share on other sites More sharing options...
spayse Posted July 7, 2010 Author ID:280564 Share Posted July 7, 2010 Hi screen317Mbam tells me I already have the latest database.This is the mbam log:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4287Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187027/07/2010 7:18:34 PMmbam-log-2010-07-07 (19-18-34).txtScan type: Quick scanObjects scanned: 133115Time elapsed: 9 minute(s), 19 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 19:09:41.93 on Wed 07/07/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.884 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exeC:\windows\Explorer.EXEC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\windows\system32\ctfmon.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\NETGEAR\WG111v2\WG111v2.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\windows\system32\svchost.exe -k imgsvcC:\windows\system32\wuauclt.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\windows\System32\alg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\windows\System32\svchost.exe -k netsvcsC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Documents and Settings\User\My Documents\Downloads\dds.scrC:\WINDOWS\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyServer = proxy.det.nsw.edu.au:8080BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dllBHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dllTB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /backgrounduRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exemRun: [iSTray] "c:\program files\spyware doctor\pctsTray.exe"mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /autodRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEdRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.htmlIE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.htmlIE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.htmlIE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.htmlIE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllNotify: avgrsstarter - avgrsstx.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\sq8db8kg.default\FF - prefs.js: browser.startup.homepage - hxxp://www.optuszoo.com.au/FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dllFF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dllFF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\program files\microsoft\office live\npOLW.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dllFF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-7-6 217032]R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-18 216200]R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-18 29584]R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-18 242896]R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-18 308064]R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-7-6 112592]R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-7-6 366840]R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-7-6 1142224]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-28 38224]S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-7-30 234888]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\locals~1\temp\smf33.tmp --> c:\docume~1\user\locals~1\temp\SMF33.tmp [?]S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-27 167808]=============== Created Last 30 ================2010-07-07 22:12:25 0 d-----w- c:\program files\Enigma Software Group2010-07-07 22:11:18 0 d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP2010-07-07 22:11:16 0 d-----w- c:\program files\common files\Wise Installation Wizard2010-07-07 02:57:16 0 d-----w- c:\docume~1\user\applic~1\PC Tools2010-07-07 02:57:16 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools2010-07-07 02:45:09 0 d-----w- c:\program files\Spyware Doctor2010-07-04 21:23:29 0 ----a-w- c:\documents and settings\user\jagex__preferences3.dat2010-07-04 21:23:27 99 ----a-w- c:\documents and settings\user\jagex_runescape_preferences2.dat2010-07-04 21:22:08 46 ----a-w- c:\documents and settings\user\jagex_runescape_preferences.dat2010-06-29 02:47:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-06-29 02:47:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-06-29 02:47:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-06-29 02:47:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-06-27 21:03:20 0 d--h--w- c:\windows\PIF2010-06-26 20:01:18 0 d-----w- c:\program files\SDA2010-06-26 02:36:21 0 d-----w- c:\docume~1\user\applic~1\IObit2010-06-26 02:34:57 0 d-----w- c:\program files\IObit2010-06-19 15:46:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Messenger Plus!2010-06-19 02:38:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll2010-06-19 02:38:31 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys2010-06-19 02:38:24 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys2010-06-19 02:38:17 0 d-----w- c:\windows\system32\drivers\Avg2010-06-19 02:34:37 0 d-----w- c:\docume~1\alluse~1\applic~1\avg92010-06-18 03:22:41 552 ----a-w- c:\windows\system32\d3d8caps.dat2010-06-17 04:13:36 0 d-----w- c:\program files\Sony2010-06-09 19:10:29 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll==================== Find3M ====================2010-06-08 02:16:01 763832 ----a-w- c:\windows\BDTSupport.dll2010-06-08 00:21:02 1652664 ----a-w- c:\windows\PCTBDCore.dll2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll2009-09-05 20:39:35 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat2009-09-05 05:07:56 32 --sha-w- c:\windows\system32\drivers\fidbox.dat2009-09-05 05:07:56 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat============= FINISH: 19:13:50.82 ===============Thanks Link to post Share on other sites More sharing options...
Staff screen317 Posted July 7, 2010 Staff ID:280913 Share Posted July 7, 2010 Hi,Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
spayse Posted July 8, 2010 Author ID:281027 Share Posted July 8, 2010 I ran combofix but i did not notice any changes.ComboFix log:ComboFix 10-07-07.01 - User 08/07/2010 14:27:00.1.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1234 [GMT -7:00]Running from: c:\documents and settings\User\Desktop\ComboFix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\servicec:\windows\system32\service\02082009_TIS17_SfFniAU.logc:\windows\system32\service\03052009_TIS17_SfFniAU.logc:\windows\system32\service\04092009_TIS17_SfFniAU.logc:\windows\system32\service\04122009_TIS17_SfFniAU.logc:\windows\system32\service\06052009_TIS17_SfFniAU.logc:\windows\system32\service\07092009_TIS17_SfFniAU.logc:\windows\system32\service\08092009_TIS17_SfFniAU.logc:\windows\system32\service\09042010_TIS17_SfFniAU.logc:\windows\system32\service\11092009_TIS17_SfFniAU.logc:\windows\system32\service\12012010_TIS17_SfFniAU.logc:\windows\system32\service\13052009_TIS17_SfFniAU.logc:\windows\system32\service\18072009_TIS17_SfFniAU.logc:\windows\system32\service\18122009_TIS17_SfFniAU.logc:\windows\system32\service\20102009_TIS17_SfFniAU.logc:\windows\system32\service\22112009_TIS17_SfFniAU.logc:\windows\system32\service\29082009_TIS17_SfFniAU.logInfected copy of c:\windows\system32\drivers\disk.sys was found and disinfected Restored copy from - Kitty had a snack .((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 ))))))))))))))))))))))))))))))).2010-07-08 20:55 . 2010-07-08 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!2010-07-07 22:12 . 2010-07-07 22:12 -------- d-----w- c:\program files\Enigma Software Group2010-07-07 22:11 . 2010-07-07 22:53 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP2010-07-07 22:11 . 2010-07-07 22:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard2010-07-07 05:16 . 2010-07-07 05:16 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Threat Expert2010-07-07 02:45 . 2010-07-08 21:02 -------- d-----w- c:\program files\Spyware Doctor2010-07-04 21:23 . 2010-07-04 21:23 0 ----a-w- c:\documents and settings\User\jagex__preferences3.dat2010-07-04 21:23 . 2010-07-04 21:35 99 ----a-w- c:\documents and settings\User\jagex_runescape_preferences2.dat2010-07-04 21:22 . 2010-07-04 21:25 46 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat2010-07-03 04:31 . 2010-07-03 04:31 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\GameKiller.net2010-07-01 03:07 . 2010-07-05 03:40 -------- d-----w- c:\program files\Warcraft III2010-06-29 02:47 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-06-29 02:47 . 2010-06-29 02:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-06-29 02:47 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-06-27 23:14 . 2010-06-27 23:14 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe2010-06-27 21:03 . 2010-06-27 21:03 -------- d--h--w- c:\windows\PIF2010-06-26 20:01 . 2010-06-26 20:01 -------- d-----w- c:\program files\SDA2010-06-26 02:36 . 2010-06-26 02:36 -------- d-----w- c:\documents and settings\User\Application Data\IObit2010-06-26 02:34 . 2010-06-26 02:36 -------- d-----w- c:\program files\IObit2010-06-24 00:30 . 2010-07-08 03:21 685440 ----a-w- c:\documents and settings\User\Local Settings\Application Data\prvlcl.dat2010-06-23 03:03 . 2010-06-23 03:03 -------- d-----w- c:\documents and settings\Backup. Do not use\Local Settings\Application Data\PCHealth2010-06-22 01:52 . 2009-10-14 00:16 -------- d-----w- c:\documents and settings\Backup. Do not use\Local Settings\Application Data\Microsoft Help2010-06-22 01:52 . 2010-07-08 20:53 -------- d-----w- c:\documents and settings\Backup. Do not use2010-06-18 03:22 . 2010-06-18 03:22 552 ----a-w- c:\windows\system32\d3d8caps.dat2010-06-17 04:20 . 2010-06-17 04:20 -------- d-----w- c:\documents and settings\User\Application Data\Publish Providers2010-06-17 04:13 . 2010-06-17 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony2010-06-17 04:13 . 2010-06-17 04:13 -------- d-----w- c:\program files\Sony2010-06-17 04:02 . 2010-06-17 04:20 -------- d-----w- c:\documents and settings\User\Application Data\Sony2010-06-17 04:02 . 2010-06-17 04:02 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sony2010-06-10 05:03 . 2010-06-10 05:03 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PCHealth2010-06-09 19:10 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-07-08 21:02 . 2009-09-05 03:32 -------- d-----w- c:\program files\Common Files\PC Tools2010-07-08 21:00 . 2009-09-04 03:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2010-07-05 20:47 . 2010-05-26 23:50 -------- d-----w- c:\documents and settings\User\Application Data\vlc2010-07-04 19:11 . 2009-05-09 16:52 75224 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-06-28 00:05 . 2009-05-03 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS2010-06-23 03:00 . 2010-06-22 01:53 -------- d-----w- c:\documents and settings\Backup. Do not use\Application Data\Apple Computer2010-06-17 05:00 . 2009-07-31 02:30 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent2010-06-10 02:23 . 2009-05-03 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-06-06 01:48 . 2010-06-06 01:48 -------- d-----w- c:\program files\Nexon2010-06-06 01:17 . 2009-11-12 04:17 -------- d-----w- c:\program files\Microsoft Silverlight2010-05-25 23:14 . 2009-07-31 02:32 -------- d-----w- c:\program files\uTorrent2010-05-22 04:50 . 2010-03-07 19:31 25 ----a-w- c:\windows\popcinfot.dat2010-05-21 00:27 . 2010-05-15 02:31 -------- d-----w- c:\documents and settings\User\Application Data\CyberLink2010-05-21 00:25 . 2009-04-28 17:41 -------- d--h--w- c:\program files\InstallShield Installation Information2010-05-21 00:24 . 2009-04-28 17:49 -------- d-----w- c:\program files\CyberLink2010-05-21 00:24 . 2010-05-21 00:24 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe2010-05-21 00:24 . 2010-05-21 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc2010-05-21 00:23 . 2010-05-21 00:23 -------- d-----w- c:\program files\SmartSound Software2010-05-21 00:14 . 2010-05-21 00:14 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe2010-05-12 02:22 . 2010-05-12 02:22 -------- d-----w- c:\documents and settings\User\Application Data\Leadertech2010-05-11 03:10 . 2010-05-11 03:10 -------- d-----w- c:\program files\CCleaner2010-05-11 02:54 . 2010-05-11 02:46 -------- d-----w- c:\program files\AVG2010-05-10 23:26 . 2010-03-15 01:50 -------- d-----w- c:\program files\Messenger Plus! Live2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys2010-05-01 04:20 . 2010-04-06 01:58 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll2009-09-05 05:07 . 2009-09-05 04:43 32 --sha-w- c:\windows\system32\drivers\fidbox.dat2009-09-05 05:07 . 2009-09-05 04:43 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]2009-04-02 19:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-03 39408][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760]c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856][HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Seagate 2GH2DDJW Product Registration.lnk]path=c:\documents and settings\User\Start Menu\Programs\Startup\Seagate 2GH2DDJW Product Registration.lnkbackup=c:\windows\pss\Seagate 2GH2DDJW Product Registration.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2009-07-21 02:04 133104 ----atw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]2007-05-15 22:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]2006-12-06 05:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]2010-04-07 22:50 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]2006-11-23 22:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]2007-05-15 22:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]2005-02-23 10:13 77824 ----a-w- c:\windows\SOUNDMAN.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]2009-05-03 19:13 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\AVG\\AVGLS9\\avgupd.exe"="c:\\Program Files\\AVG\\AVGLS9\\avgnsx.exe"="c:\\Program Files\\Warcraft III\\war3.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"58549:TCP"= 58549:TCP:Pando Media Booster"58549:UDP"= 58549:UDP:Pando Media BoosterS2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [30/07/2009 7:32 PM 234888]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 1:41 PM 135664]S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\User\LOCALS~1\Temp\SMF33.tmp --> c:\docume~1\User\LOCALS~1\Temp\SMF33.tmp [?]S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 5:53 PM 167808]S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/08/2009 9:33 PM 722416].Contents of the 'Scheduled Tasks' folder2009-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:41]2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:41]2010-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1972579041-1177238915-1004Core.job- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-21 02:04]2010-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1972579041-1177238915-1004UA.job- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-21 02:04]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyServer = proxy.det.nsw.edu.au:8080IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlIE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlIE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlIE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlIE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlFF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\sq8db8kg.default\FF - prefs.js: browser.startup.homepage - hxxp://www.optuszoo.com.au/FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dllFF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\program files\Microsoft\Office Live\npOLW.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dllFF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);.- - - - ORPHANS REMOVED - - - -MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exeMSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exeMSConfigStartUp-OE - c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exeMSConfigStartUp-UfSeAgnt - c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-07-08 14:31Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\SMF33.tmp".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(672)c:\windows\system32\WLDAP32.dll.Completion time: 2010-07-08 14:33:03ComboFix-quarantined-files.txt 2010-07-08 21:33Pre-Run: 43,533,688,832 bytes freePost-Run: 44,801,286,144 bytes free- - End Of File - - B5B2F30108833BE8839E5D376A6D9619DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 14:36:14.14 on Thu 08/07/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1075 [GMT -7:00]============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchsvchost.exeC:\windows\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\windows\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\windows\system32\svchost.exe -k imgsvcC:\Program Files\Canon\CAL\CALMAIN.exeC:\windows\system32\wscntfy.exeC:\windows\system32\notepad.exeC:\windows\explorer.exeC:\windows\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Documents and Settings\User\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyServer = proxy.det.nsw.edu.au:8080BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dllTB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No FileuRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /backgrounduRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEdRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.htmlIE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.htmlIE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.htmlIE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.htmlIE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\sq8db8kg.default\FF - prefs.js: browser.startup.homepage - hxxp://www.optuszoo.com.au/FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dllFF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\program files\microsoft\office live\npOLW.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dllFF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-7-30 234888]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\locals~1\temp\smf33.tmp --> c:\docume~1\user\locals~1\temp\SMF33.tmp [?]S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-27 167808]=============== Created Last 30 ================2010-07-08 21:13:00 98816 ----a-w- c:\windows\sed.exe2010-07-08 21:13:00 77312 ----a-w- c:\windows\MBR.exe2010-07-08 21:13:00 256512 ----a-w- c:\windows\PEV.exe2010-07-08 21:13:00 161792 ----a-w- c:\windows\SWREG.exe2010-07-08 20:55:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Messenger Plus!2010-07-07 22:12:25 0 d-----w- c:\program files\Enigma Software Group2010-07-07 22:11:18 0 d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP2010-07-07 22:11:16 0 d-----w- c:\program files\common files\Wise Installation Wizard2010-07-07 02:45:50 767952 ----a-w- c:\windows\BDTSupport.dll.old2010-07-07 02:45:48 1652688 ----a-w- c:\windows\PCTBDCore.dll.old2010-07-07 02:45:09 0 d-----w- c:\program files\Spyware Doctor2010-07-04 21:23:29 0 ----a-w- c:\documents and settings\user\jagex__preferences3.dat2010-07-04 21:23:27 99 ----a-w- c:\documents and settings\user\jagex_runescape_preferences2.dat2010-07-04 21:22:08 46 ----a-w- c:\documents and settings\user\jagex_runescape_preferences.dat2010-06-29 02:47:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-06-29 02:47:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-06-29 02:47:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-06-27 21:03:20 0 d--h--w- c:\windows\PIF2010-06-26 20:01:18 0 d-----w- c:\program files\SDA2010-06-26 02:36:21 0 d-----w- c:\docume~1\user\applic~1\IObit2010-06-26 02:34:57 0 d-----w- c:\program files\IObit2010-06-18 03:22:41 552 ----a-w- c:\windows\system32\d3d8caps.dat2010-06-17 04:13:36 0 d-----w- c:\program files\Sony2010-06-09 19:10:29 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll==================== Find3M ====================2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll2009-09-05 20:39:35 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat2009-09-05 05:07:56 32 --sha-w- c:\windows\system32\drivers\fidbox.dat2009-09-05 05:07:56 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat============= FINISH: 14:36:22.56 =============== Link to post Share on other sites More sharing options...
spayse Posted July 8, 2010 Author ID:281030 Share Posted July 8, 2010 I have tried also tried manually installing the windows recovery console but i received this error:Boot Partition cannot be enumerated correctly. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 9, 2010 Staff ID:281466 Share Posted July 9, 2010 Hi,Download the file TDSSKiller.zip and extract it into a folder on the infected PC.Execute the file TDSSKiller.exe by double-clicking on it.Wait for the scan and disinfection process to be over.When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here. Link to post Share on other sites More sharing options...
spayse Posted July 9, 2010 Author ID:281532 Share Posted July 9, 2010 Here is the TDSSKiller log:19:20:02:312 0560 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:4919:20:02:312 0560 ================================================================================19:20:02:312 0560 SystemInfo:19:20:02:312 0560 OS Version: 5.1.2600 ServicePack: 3.019:20:02:312 0560 Product type: Workstation19:20:02:312 0560 ComputerName: USER-7D5964F85B19:20:02:312 0560 UserName: User19:20:02:312 0560 Windows directory: C:\windows19:20:02:312 0560 System windows directory: C:\windows19:20:02:312 0560 Processor architecture: Intel x8619:20:02:312 0560 Number of processors: 219:20:02:312 0560 Page size: 0x100019:20:02:312 0560 Boot type: Normal boot19:20:02:312 0560 ================================================================================19:20:07:375 0560 Initialize success19:20:07:375 0560 19:20:07:375 0560 Scanning Services ...19:20:09:421 0560 Raw services enum returned 335 services19:20:09:437 0560 19:20:09:437 0560 Scanning Drivers ...19:20:13:046 0560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys19:20:13:390 0560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys19:20:13:765 0560 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys19:20:14:031 0560 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\windows\system32\DRIVERS\AegisP.sys19:20:14:562 0560 AFD (7e775010ef291da96ad17ca4b17137d7) C:\windows\System32\drivers\afd.sys19:20:16:093 0560 ALCXWDM (5dae13401e4d3b8f132bf5867447d661) C:\windows\system32\drivers\ALCXWDM.SYS19:20:17:546 0560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys19:20:17:828 0560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys19:20:18:046 0560 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\windows\system32\DRIVERS\ati2mtag.sys19:20:18:359 0560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys19:20:18:390 0560 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys19:20:18:796 0560 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\windows\system32\Drivers\avgldx86.sys19:20:19:046 0560 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\windows\system32\Drivers\avgmfx86.sys19:20:19:140 0560 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\windows\system32\Drivers\avgtdix.sys19:20:19:390 0560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys19:20:20:015 0560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys19:20:20:187 0560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys19:20:20:281 0560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys19:20:20:734 0560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys19:20:20:859 0560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys19:20:21:140 0560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys19:20:21:250 0560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys19:20:21:421 0560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys19:20:21:515 0560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys19:20:21:859 0560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys19:20:22:093 0560 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys19:20:22:203 0560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys19:20:22:328 0560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys19:20:22:468 0560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\DRIVERS\flpydisk.sys19:20:22:781 0560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys19:20:22:812 0560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys19:20:22:875 0560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys19:20:23:328 0560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys19:20:23:828 0560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys19:20:24:093 0560 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\windows\system32\DRIVERS\HSFBS2S2.sys19:20:24:156 0560 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\windows\system32\DRIVERS\HSFDPSP2.sys19:20:24:953 0560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys19:20:25:328 0560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys19:20:25:437 0560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys19:20:25:515 0560 InCDfs (7bfc3eda22190c0fe8c2ca19e5379da5) C:\windows\system32\drivers\InCDFs.sys19:20:25:687 0560 InCDPass (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\windows\system32\drivers\InCDPass.sys19:20:25:718 0560 InCDrec (f8e7c551def07fdc12ca5cc7ae5d975b) C:\windows\system32\drivers\InCDrec.sys19:20:25:781 0560 incdrm (31a5a3809249a326eb0ef58d563a9654) C:\windows\system32\drivers\InCDRm.sys19:20:25:953 0560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys19:20:26:000 0560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys19:20:26:265 0560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys19:20:26:640 0560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys19:20:26:937 0560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys19:20:27:046 0560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys19:20:27:218 0560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys19:20:27:375 0560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys19:20:27:531 0560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys19:20:27:703 0560 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\windows\system32\drivers\klmd.sys19:20:27:765 0560 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys19:20:27:937 0560 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys19:20:28:015 0560 mdmxsdk (195741aee20369980796b557358cd774) C:\windows\system32\DRIVERS\mdmxsdk.sys19:20:28:046 0560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys19:20:28:156 0560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys19:20:28:234 0560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys19:20:28:312 0560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys19:20:28:375 0560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys19:20:28:578 0560 MRxSmb (f3aefb11abc521122b67095044169e98) C:\windows\system32\DRIVERS\mrxsmb.sys19:20:28:875 0560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys19:20:28:968 0560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys19:20:29:015 0560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys19:20:29:031 0560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys19:20:29:062 0560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys19:20:29:171 0560 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys19:20:29:359 0560 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys19:20:29:500 0560 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys19:20:29:546 0560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys19:20:29:828 0560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys19:20:30:031 0560 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\windows\system32\drivers\NDProxy.sys19:20:30:140 0560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys19:20:30:328 0560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys19:20:30:375 0560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys19:20:30:421 0560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys19:20:30:609 0560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys19:20:31:265 0560 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\windows\system32\DRIVERS\nv4_mini.sys19:20:31:343 0560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys19:20:31:359 0560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys19:20:31:546 0560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys19:20:31:937 0560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys19:20:32:031 0560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys19:20:32:109 0560 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys19:20:32:156 0560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys19:20:32:187 0560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys19:20:32:265 0560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys19:20:32:281 0560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys19:20:32:296 0560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys19:20:32:328 0560 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\windows\system32\Drivers\PxHelp20.sys19:20:32:515 0560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys19:20:32:578 0560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys19:20:32:593 0560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys19:20:32:609 0560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys19:20:32:671 0560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys19:20:32:703 0560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys19:20:32:750 0560 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys19:20:32:781 0560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys19:20:32:828 0560 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\windows\system32\DRIVERS\wg111v2.sys19:20:32:859 0560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys19:20:32:906 0560 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys19:20:32:953 0560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\DRIVERS\serial.sys19:20:32:968 0560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys19:20:33:015 0560 SISAGP (923d23638c616eecb0d811461161d0b8) C:\windows\system32\DRIVERS\SISAGPX.sys19:20:33:031 0560 SiSide (b4485881bd8aed9b157a2e6cf43c2d51) C:\windows\system32\DRIVERS\siside.sys19:20:33:062 0560 sisidex (6225224b8e846ac230f8d9b343635910) C:\windows\system32\drivers\sisidex.sys19:20:33:125 0560 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\windows\system32\DRIVERS\sisnic.sys19:20:33:156 0560 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\windows\system32\drivers\sisperf.sys19:20:33:203 0560 SiSRaid (d20af0111a30abcf6d82300abcc0f21c) C:\windows\system32\DRIVERS\SiSRaid.sys19:20:33:234 0560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys19:20:33:296 0560 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\windows\system32\Drivers\sptd.sys19:20:33:296 0560 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e19:20:33:390 0560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys19:20:33:453 0560 Srv (89220b427890aa1dffd1a02648ae51c3) C:\windows\system32\DRIVERS\srv.sys19:20:33:500 0560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys19:20:33:515 0560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys19:20:33:562 0560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys19:20:33:656 0560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys19:20:33:703 0560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys19:20:33:718 0560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys19:20:33:750 0560 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys19:20:33:781 0560 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\windows\system32\DRIVERS\uagp35.sys19:20:33:828 0560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys19:20:33:875 0560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys19:20:33:937 0560 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\windows\system32\Drivers\usbaapl.sys19:20:33:984 0560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys19:20:34:000 0560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys19:20:34:015 0560 usbohci (0daecce65366ea32b162f85f07c6753b) C:\windows\system32\DRIVERS\usbohci.sys19:20:34:062 0560 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys19:20:34:093 0560 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys19:20:34:140 0560 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS19:20:34:187 0560 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\windows\system32\DRIVERS\usb8023.sys19:20:34:218 0560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys19:20:34:265 0560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys19:20:34:296 0560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys19:20:34:343 0560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys19:20:34:437 0560 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\windows\system32\DRIVERS\HSFCXTS2.sys19:20:34:500 0560 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys19:20:34:515 0560 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys19:20:34:531 0560 19:20:34:531 0560 Completed19:20:34:531 0560 19:20:34:531 0560 Results:19:20:34:531 0560 Registry objects infected / cured / cured on reboot: 0 / 0 / 019:20:34:531 0560 File objects infected / cured / cured on reboot: 0 / 0 / 019:20:34:531 0560 19:20:34:531 0560 KLMD(ARK) unloaded successfully Link to post Share on other sites More sharing options...
Staff screen317 Posted July 10, 2010 Staff ID:282132 Share Posted July 10, 2010 Hi,Delete your copy of ComboFix, grab a fresh copy, then run it and post its log.Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.Click Start Scanning.You should get a notification bar (on top) to install the ActiveX control. Click on it and select to install the ActiveX.Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.In case you are having problems with installing the ActiveX/starting the scan, please read here.Click the Full System Scan button.It will start to download scanner components and databases. This can take a while.The main scan will start.Once the scan has finished scanning, click the Automatic cleaning (recommended) buttonIt could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.The cleaning can take a while, so please be patient.Then click the Show report button and Copy/Paste what is present under results in your next reply.Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know, in detail, what problems remain.-screen317 Link to post Share on other sites More sharing options...
spayse Posted July 11, 2010 Author ID:282281 Share Posted July 11, 2010 Here is the ComboFix log:ComboFix 10-07-10.01 - User 11/07/2010 13:45:36.2.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1135 [GMT -7:00]Running from: c:\documents and settings\User\Desktop\ComboFix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 ))))))))))))))))))))))))))))))).2010-07-08 23:12 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-07-08 23:12 . 2010-07-08 23:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-08 23:12 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-07-08 22:59 . 2010-07-08 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-07-08 20:55 . 2010-07-08 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!2010-07-07 22:12 . 2010-07-07 22:12 -------- d-----w- c:\program files\Enigma Software Group2010-07-07 22:11 . 2010-07-07 22:53 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP2010-07-07 22:11 . 2010-07-07 22:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard2010-07-07 05:16 . 2010-07-07 05:16 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Threat Expert2010-07-07 02:45 . 2010-07-08 21:02 -------- d-----w- c:\program files\Spyware Doctor2010-07-04 21:23 . 2010-07-04 21:23 0 ----a-w- c:\documents and settings\User\jagex__preferences3.dat2010-07-04 21:23 . 2010-07-04 21:35 99 ----a-w- c:\documents and settings\User\jagex_runescape_preferences2.dat2010-07-04 21:22 . 2010-07-04 21:25 46 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat2010-07-03 04:31 . 2010-07-03 04:31 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\GameKiller.net2010-07-01 03:07 . 2010-07-05 03:40 -------- d-----w- c:\program files\Warcraft III2010-06-27 23:14 . 2010-06-27 23:14 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe2010-06-27 21:03 . 2010-06-27 21:03 -------- d--h--w- c:\windows\PIF2010-06-26 20:01 . 2010-06-26 20:01 -------- d-----w- c:\program files\SDA2010-06-26 02:36 . 2010-06-26 02:36 -------- d-----w- c:\documents and settings\User\Application Data\IObit2010-06-26 02:34 . 2010-06-26 02:36 -------- d-----w- c:\program files\IObit2010-06-24 00:30 . 2010-07-08 22:09 0 ----a-w- c:\documents and settings\User\Local Settings\Application Data\prvlcl.dat2010-06-23 03:03 . 2010-06-23 03:03 -------- d-----w- c:\documents and settings\Backup. Do not use\Local Settings\Application Data\PCHealth2010-06-22 01:52 . 2009-10-14 00:16 -------- d-----w- c:\documents and settings\Backup. Do not use\Local Settings\Application Data\Microsoft Help2010-06-22 01:52 . 2010-07-11 20:35 -------- d-----w- c:\documents and settings\Backup. Do not use2010-06-18 03:22 . 2010-06-18 03:22 552 ----a-w- c:\windows\system32\d3d8caps.dat2010-06-17 04:20 . 2010-06-17 04:20 -------- d-----w- c:\documents and settings\User\Application Data\Publish Providers2010-06-17 04:13 . 2010-06-17 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony2010-06-17 04:13 . 2010-06-17 04:13 -------- d-----w- c:\program files\Sony2010-06-17 04:02 . 2010-06-17 04:20 -------- d-----w- c:\documents and settings\User\Application Data\Sony2010-06-17 04:02 . 2010-06-17 04:02 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sony.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-07-08 21:02 . 2009-09-05 03:32 -------- d-----w- c:\program files\Common Files\PC Tools2010-07-08 21:00 . 2009-09-04 03:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2010-07-05 20:47 . 2010-05-26 23:50 -------- d-----w- c:\documents and settings\User\Application Data\vlc2010-07-04 19:11 . 2009-05-09 16:52 75224 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-06-28 00:05 . 2009-05-03 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS2010-06-23 03:00 . 2010-06-22 01:53 -------- d-----w- c:\documents and settings\Backup. Do not use\Application Data\Apple Computer2010-06-17 05:00 . 2009-07-31 02:30 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent2010-06-10 02:23 . 2009-05-03 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-06-06 01:48 . 2010-06-06 01:48 -------- d-----w- c:\program files\Nexon2010-06-06 01:17 . 2009-11-12 04:17 -------- d-----w- c:\program files\Microsoft Silverlight2010-05-25 23:14 . 2009-07-31 02:32 -------- d-----w- c:\program files\uTorrent2010-05-22 04:50 . 2010-03-07 19:31 25 ----a-w- c:\windows\popcinfot.dat2010-05-21 00:27 . 2010-05-15 02:31 -------- d-----w- c:\documents and settings\User\Application Data\CyberLink2010-05-21 00:25 . 2009-04-28 17:41 -------- d--h--w- c:\program files\InstallShield Installation Information2010-05-21 00:24 . 2009-04-28 17:49 -------- d-----w- c:\program files\CyberLink2010-05-21 00:24 . 2010-05-21 00:24 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe2010-05-21 00:24 . 2010-05-21 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc2010-05-21 00:23 . 2010-05-21 00:23 -------- d-----w- c:\program files\SmartSound Software2010-05-21 00:14 . 2010-05-21 00:14 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys2010-05-01 04:20 . 2010-04-06 01:58 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll2009-09-05 05:07 . 2009-09-05 04:43 32 --sha-w- c:\windows\system32\drivers\fidbox.dat2009-09-05 05:07 . 2009-09-05 04:43 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat.((((((((((((((((((((((((((((( SnapShot@2010-07-08_21.31.32 ))))))))))))))))))))))))))))))))))))))))).+ 2010-07-11 20:41 . 2010-07-11 20:41 16384 c:\windows\Temp\Perflib_Perfdata_738.dat- 2010-07-06 00:56 . 2010-07-06 00:56 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll- 2010-07-06 00:55 . 2010-07-06 00:55 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll+ 2010-07-11 19:42 . 2010-07-11 19:42 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll- 2010-07-05 05:31 . 2010-07-05 05:31 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll- 2010-07-05 05:31 . 2010-07-05 05:31 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll- 2010-07-05 05:31 . 2010-07-05 05:31 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll- 2010-07-05 05:31 . 2010-07-05 05:31 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll- 2010-07-05 05:31 . 2010-07-05 05:31 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll- 2010-07-05 05:31 . 2010-07-05 05:31 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll- 2010-07-05 05:31 . 2010-07-05 05:31 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll- 2010-07-05 05:31 . 2010-07-05 05:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll- 2010-07-05 05:31 . 2010-07-05 05:31 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll- 2010-07-05 05:31 . 2010-07-05 05:31 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll- 2010-07-05 05:31 . 2010-07-05 05:31 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll- 2010-07-05 05:31 . 2010-07-05 05:31 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll- 2010-07-05 05:31 . 2010-07-05 05:31 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll- 2010-07-05 05:31 . 2010-07-05 05:31 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll- 2010-07-05 05:31 . 2010-07-05 05:31 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll- 2010-07-05 05:31 . 2010-07-05 05:31 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll+ 2010-07-11 02:11 . 2010-07-11 02:11 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll- 2010-07-05 05:31 . 2010-07-05 05:31 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll- 2010-07-05 05:31 . 2010-07-05 05:31 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll- 2010-07-05 05:31 . 2010-07-05 05:31 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll- 2010-07-05 05:31 . 2010-07-05 05:31 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll+ 2009-11-07 08:07 . 2008-07-25 19:16 282112 c:\windows\system32\mscoree.dll- 2008-07-25 19:16 . 2008-07-25 19:16 282112 c:\windows\system32\mscoree.dll+ 2010-02-25 07:14 . 2010-02-25 07:14 543232 c:\windows\Installer\24531.msp+ 2010-02-25 07:14 . 2010-02-25 07:14 543232 c:\windows\Installer\22e0f.msp+ 2010-02-25 07:14 . 2010-02-25 07:14 543232 c:\windows\Installer\1eab55.msp+ 2010-02-25 07:14 . 2010-02-25 07:14 543232 c:\windows\Installer\1524a8e.msp+ 2010-04-09 22:28 . 2010-07-10 05:50 372736 c:\windows\Installer\{996A2FAA-7514-4628-9D12-A8FC34A0016E}\iTunesIco.exe- 2010-04-09 22:28 . 2010-04-25 01:50 372736 c:\windows\Installer\{996A2FAA-7514-4628-9D12-A8FC34A0016E}\iTunesIco.exe+ 2010-07-11 19:42 . 2010-07-11 19:42 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\9d1a36d51bb6a24f943e73c0011e342a\WindowsLiveLocal.WriterPlugin.ni.dll- 2010-07-06 00:54 . 2010-07-06 00:54 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\9d1a36d51bb6a24f943e73c0011e342a\WindowsLiveLocal.WriterPlugin.ni.dll- 2010-07-06 00:54 . 2010-07-06 00:54 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ef0daf9b5b7002d4d3493671db79fec5\WindowsLive.Writer.HtmlEditor.ni.dll+ 2010-07-11 19:42 . 2010-07-11 19:42 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ef0daf9b5b7002d4d3493671db79fec5\WindowsLive.Writer.HtmlEditor.ni.dll- 2010-07-06 00:54 . 2010-07-06 00:54 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ac50120d9dfafb4868aa4531456cf2e7\WindowsLive.Writer.BlogClient.ni.dll+ 2010-07-11 19:42 . 2010-07-11 19:42 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ac50120d9dfafb4868aa4531456cf2e7\WindowsLive.Writer.BlogClient.ni.dll- 2010-07-06 00:54 . 2010-07-06 00:54 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\60e6ca35b86ce10970a63fa5ea8b1d9c\WindowsLive.Writer.HtmlParser.ni.dll+ 2010-07-11 19:41 . 2010-07-11 19:41 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\60e6ca35b86ce10970a63fa5ea8b1d9c\WindowsLive.Writer.HtmlParser.ni.dll- 2010-07-06 00:57 . 2010-07-06 00:57 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll+ 2010-07-11 19:45 . 2010-07-11 19:45 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll- 2010-07-06 00:56 . 2010-07-06 00:56 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll- 2010-07-06 00:56 . 2010-07-06 00:56 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll- 2010-07-06 00:56 . 2010-07-06 00:56 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll- 2010-07-06 00:56 . 2010-07-06 00:56 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll- 2010-07-06 00:56 . 2010-07-06 00:56 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll- 2010-07-06 00:56 . 2010-07-06 00:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll+ 2010-07-11 19:41 . 2010-07-11 19:41 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll- 2010-07-06 00:54 . 2010-07-06 00:54 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll- 2010-07-06 00:54 . 2010-07-06 00:54 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4\System.Runtime.Remoting.ni.dll+ 2010-07-11 19:42 . 2010-07-11 19:42 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4\System.Runtime.Remoting.ni.dll- 2010-07-06 00:56 . 2010-07-06 00:56 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll- 2010-07-06 00:56 . 2010-07-06 00:56 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll- 2010-07-06 00:56 . 2010-07-06 00:56 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll- 2010-07-06 00:55 . 2010-07-06 00:55 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll+ 2010-07-11 19:42 . 2010-07-11 19:42 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll- 2010-07-06 00:55 . 2010-07-06 00:55 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll+ 2010-07-11 19:41 . 2010-07-11 19:41 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll- 2010-07-06 00:54 . 2010-07-06 00:54 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll- 2010-07-06 00:54 . 2010-07-06 00:54 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe+ 2010-07-11 19:42 . 2010-07-11 19:42 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe- 2010-07-06 00:46 . 2010-07-06 00:46 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll+ 2010-07-11 19:40 . 2010-07-11 19:40 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll- 2010-07-05 05:31 . 2010-07-05 05:31 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll- 2010-07-05 05:31 . 2010-07-05 05:31 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll- 2010-07-05 05:31 . 2010-07-05 05:31 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll- 2010-07-05 05:31 . 2010-07-05 05:31 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll- 2010-07-05 05:31 . 2010-07-05 05:31 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll- 2010-07-05 05:31 . 2010-07-05 05:31 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll- 2010-07-05 05:31 . 2010-07-05 05:31 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll- 2010-07-05 05:31 . 2010-07-05 05:31 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll- 2010-07-05 05:31 . 2010-07-05 05:31 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll- 2010-07-05 05:31 . 2010-07-05 05:31 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll- 2010-07-05 05:31 . 2010-07-05 05:31 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll- 2010-07-05 05:31 . 2010-07-05 05:31 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll- 2010-07-05 05:31 . 2010-07-05 05:31 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll- 2010-07-05 05:31 . 2010-07-05 05:31 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll- 2010-07-05 05:31 . 2010-07-05 05:31 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll- 2010-07-05 05:31 . 2010-07-05 05:31 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll- 2010-07-05 05:31 . 2010-07-05 05:31 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll- 2010-07-05 05:31 . 2010-07-05 05:31 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll- 2010-07-05 05:31 . 2010-07-05 05:31 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll- 2010-07-05 05:31 . 2010-07-05 05:31 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll- 2010-07-05 05:31 . 2010-07-05 05:31 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll- 2010-07-05 05:31 . 2010-07-05 05:31 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll- 2010-07-05 05:31 . 2010-07-05 05:31 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll- 2010-07-05 05:31 . 2010-07-05 05:31 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll- 2010-07-05 05:31 . 2010-07-05 05:31 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll+ 2009-11-09 07:25 . 2009-11-09 07:25 1935360 c:\windows\Installer\2453f.msp+ 2010-04-12 05:17 . 2010-04-12 05:17 4210688 c:\windows\Installer\24537.msp+ 2010-04-12 05:17 . 2010-04-12 05:17 2607104 c:\windows\Installer\24536.msp+ 2009-11-09 07:25 . 2009-11-09 07:25 1935360 c:\windows\Installer\22e1d.msp+ 2010-04-12 05:17 . 2010-04-12 05:17 4210688 c:\windows\Installer\22e15.msp+ 2010-04-12 05:17 . 2010-04-12 05:17 2607104 c:\windows\Installer\22e14.msp+ 2009-11-09 07:25 . 2009-11-09 07:25 1935360 c:\windows\Installer\1eab63.msp+ 2010-04-12 05:17 . 2010-04-12 05:17 4210688 c:\windows\Installer\1eab5b.msp+ 2010-04-12 05:17 . 2010-04-12 05:17 2607104 c:\windows\Installer\1eab5a.msp+ 2009-11-09 07:25 . 2009-11-09 07:25 1935360 c:\windows\Installer\1524a9c.msp+ 2010-04-12 05:17 . 2010-04-12 05:17 4210688 c:\windows\Installer\1524a94.msp+ 2010-04-12 05:17 . 2010-04-12 05:17 2607104 c:\windows\Installer\1524a93.msp- 2010-07-06 00:54 . 2010-07-06 00:54 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bf704776939a6c4d0fac5ad70099300b\WindowsLive.Writer.CoreServices.ni.dll+ 2010-07-11 19:41 . 2010-07-11 19:41 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bf704776939a6c4d0fac5ad70099300b\WindowsLive.Writer.CoreServices.ni.dll- 2010-07-06 00:54 . 2010-07-06 00:54 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7e735c4d2b299eb78cf8cb2c70865978\WindowsLive.Writer.PostEditor.ni.dll+ 2010-07-11 19:41 . 2010-07-11 19:41 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7e735c4d2b299eb78cf8cb2c70865978\WindowsLive.Writer.PostEditor.ni.dll+ 2010-07-11 02:05 . 2010-07-11 02:05 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll- 2010-07-05 05:26 . 2010-07-05 05:26 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll+ 2010-07-08 23:40 . 2010-07-08 23:40 2178048 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF6.tmp\System.Core.dll+ 2010-07-11 19:45 . 2010-07-11 19:45 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll- 2010-07-06 00:57 . 2010-07-06 00:57 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll- 2010-07-06 00:57 . 2010-07-06 00:57 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll+ 2010-07-11 19:45 . 2010-07-11 19:45 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll- 2010-07-06 00:56 . 2010-07-06 00:56 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll+ 2010-07-11 19:45 . 2010-07-11 19:45 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll- 2010-07-06 00:56 . 2010-07-06 00:56 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll- 2010-07-06 00:54 . 2010-07-06 00:54 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll+ 2010-07-11 19:42 . 2010-07-11 19:42 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll- 2010-07-06 00:56 . 2010-07-06 00:56 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll- 2010-07-06 00:56 . 2010-07-06 00:56 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll- 2010-07-06 00:56 . 2010-07-06 00:56 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll- 2010-07-06 00:47 . 2010-07-06 00:47 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll+ 2010-07-11 19:40 . 2010-07-11 19:40 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll+ 2010-07-11 19:41 . 2010-07-11 19:41 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll- 2010-07-06 00:54 . 2010-07-06 00:54 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll- 2010-07-06 00:56 . 2010-07-06 00:56 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll- 2010-07-05 05:28 . 2010-07-05 05:28 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll+ 2010-07-11 02:12 . 2010-07-11 02:12 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll+ 2010-07-11 19:44 . 2010-07-11 19:44 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll- 2010-07-06 00:55 . 2010-07-06 00:55 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll- 2010-07-05 05:27 . 2010-07-05 05:27 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll+ 2010-07-11 02:12 . 2010-07-11 02:12 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll- 2010-07-05 05:27 . 2010-07-05 05:27 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll+ 2010-07-11 02:12 . 2010-07-11 02:12 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll- 2010-07-05 05:27 . 2010-07-05 05:27 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll+ 2010-07-11 02:12 . 2010-07-11 02:12 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll+ 2010-07-11 19:42 . 2010-07-11 19:42 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll- 2010-07-06 00:54 . 2010-07-06 00:54 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll+ 2010-07-11 19:42 . 2010-07-11 19:42 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll- 2010-07-06 00:54 . 2010-07-06 00:54 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll- 2010-07-06 00:54 . 2010-07-06 00:54 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll+ 2010-07-11 19:42 . 2010-07-11 19:42 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll- 2010-07-05 05:31 . 2010-07-05 05:31 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll- 2010-07-05 05:31 . 2010-07-05 05:31 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll- 2010-07-05 05:31 . 2010-07-05 05:31 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll- 2010-07-05 05:31 . 2010-07-05 05:31 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll- 2010-07-05 05:31 . 2010-07-05 05:31 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll- 2010-07-05 05:31 . 2010-07-05 05:31 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll- 2010-07-05 05:31 . 2010-07-05 05:31 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll+ 2010-07-11 02:11 . 2010-07-11 02:11 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll+ 2010-07-10 02:30 . 2010-07-10 02:30 12430848 c:\windows\assembly\temp\F7PTXDOGZ3\System.Windows.Forms.ni.dll+ 2010-07-10 02:24 . 2010-07-10 02:24 13835776 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE8.tmp\PresentationFramework.dll+ 2010-07-09 02:18 . 2010-07-09 02:18 10244096 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1C5.tmp\System.Design.dll- 2010-07-05 05:29 . 2010-07-05 05:29 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll+ 2010-07-11 02:13 . 2010-07-11 02:13 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll+ 2010-07-11 19:42 . 2010-07-11 19:42 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll- 2010-07-06 00:54 . 2010-07-06 00:54 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll- 2010-07-06 00:53 . 2010-07-06 00:53 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll+ 2010-07-11 19:41 . 2010-07-11 19:41 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll+ 2010-07-11 02:13 . 2010-07-11 02:13 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll- 2010-07-05 05:29 . 2010-07-05 05:29 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll- 2010-07-05 05:27 . 2010-07-05 05:27 14440448 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6f3d1f7e75842e23fda95c6baa575caa\PresentationFramework.ni.dll+ 2010-07-11 02:12 . 2010-07-11 02:12 14440448 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6f3d1f7e75842e23fda95c6baa575caa\PresentationFramework.ni.dll.-- Snapshot reset to current date --.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]2009-04-02 19:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-03 39408][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760]c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856][HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Seagate 2GH2DDJW Product Registration.lnk]path=c:\documents and settings\User\Start Menu\Programs\Startup\Seagate 2GH2DDJW Product Registration.lnkbackup=c:\windows\pss\Seagate 2GH2DDJW Product Registration.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2009-07-21 02:04 133104 ----atw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]2007-05-15 22:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]2006-12-06 05:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]2010-04-07 22:50 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]2006-11-23 22:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]2007-05-15 22:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]2005-02-23 10:13 77824 ----a-w- c:\windows\SOUNDMAN.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]2009-05-03 19:13 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\AVG\\AVGLS9\\avgupd.exe"="c:\\Program Files\\AVG\\AVGLS9\\avgnsx.exe"="c:\\Program Files\\Warcraft III\\war3.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"58549:TCP"= 58549:TCP:Pando Media Booster"58549:UDP"= 58549:UDP:Pando Media BoosterS2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [30/07/2009 7:32 PM 234888]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 1:41 PM 135664]S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\User\LOCALS~1\Temp\SMF33.tmp --> c:\docume~1\User\LOCALS~1\Temp\SMF33.tmp [?]S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 5:53 PM 167808]S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/08/2009 9:33 PM 722416].Contents of the 'Scheduled Tasks' folder2009-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:41]2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:41]2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1972579041-1177238915-1004Core.job- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-21 02:04]2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1972579041-1177238915-1004UA.job- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-21 02:04]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyServer = proxy.det.nsw.edu.au:8080IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlIE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlIE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlIE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlIE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlFF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\sq8db8kg.default\FF - prefs.js: browser.startup.homepage - hxxp://www.optuszoo.com.au/FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dllFF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\program files\Microsoft\Office Live\npOLW.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dllFF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-07-11 13:48Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\SMF33.tmp".Completion time: 2010-07-11 13:50:20ComboFix-quarantined-files.txt 2010-07-11 20:50ComboFix2.txt 2010-07-08 21:33Pre-Run: 42,453,389,312 bytes freePost-Run: 42,791,317,504 bytes free- - End Of File - - 5B47FD68211C38B95695325832C84B41 Link to post Share on other sites More sharing options...
spayse Posted July 11, 2010 Author ID:282312 Share Posted July 11, 2010 I think this is the F-secure log:Scanning ReportSunday, July 11, 2010 14:37:12 - 15:20:16Computer name: USER-7D5964F85BScanning type: Scan system for malware, spyware and rootkitsTarget: C:\ --------------------------------------------------------------------------------7 malware foundTrackingCookie.Atdmt (spyware) System (Disinfected) Suspicious:W32/Malware!Gemini (spyware) System (Disinfected) TrackingCookie.Webtrends (spyware) System (Disinfected) TrackingCookie.Yieldmanager (spyware) System (Disinfected) Suspicious:W32/Malware!Gemini (virus) C:\PROGRAM FILES\WARCRAFT III\BNUPDATE.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\DOWNLOADS\SONY_VEG.COM\ACTIVACI\PATCH\SONYVEGA.EXE (Not cleaned & Submitted) Suspicious:W32/Malware!Gemini (virus) C:\DOCUMENTS AND SETTINGS\USER\DESKTOP\BRANDON\WARCRAFT III\BNUPDATE.EXE (Not cleaned) --------------------------------------------------------------------------------StatisticsScanned: Files: 40397 System: 3693 Not scanned: 10 Actions: Disinfected: 4 Renamed: 0 Deleted: 0 Not cleaned: 3 Submitted: 2 Files not scanned:C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\HSPERFDATA_USER\1076 C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\HSPERFDATA_USER\3556 --------------------------------------------------------------------------------OptionsScanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics Link to post Share on other sites More sharing options...
spayse Posted July 11, 2010 Author ID:282317 Share Posted July 11, 2010 Finally here is the security log you requested: Results of screen317's Security Check version 0.99.4 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! AVG Free 9.0 ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java DB 10.5.3.0 Java 6 Update 18 Java SE Development Kit 6 Update 18 Out of date Java installed! Adobe Flash Player 10.1.53.64 Adobe Reader 9.3.2 Mozilla Firefox (3.6.6) ```````````````````````````````` Process Check: objlist.exe by Laurent AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe ````````````````````````````````DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` Most of the spyware has been removed but there is still one problem remaining. I think there might be something in my system left by the malware. The task bar and all open windows are shown as grey much like the older windows themes instead of the usual windows xp one. I have tried resolving this through right-clicking the desktop and changing properties but nothing works. I don't think this issue is that serious though as i believe it is just an attempt to scare victims into buying the fake antivirus product. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 12, 2010 Staff ID:282728 Share Posted July 12, 2010 Hi,Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):Java DB 10.5.3.0Java Link to post Share on other sites More sharing options...
Staff screen317 Posted July 24, 2010 Staff ID:289768 Share Posted July 24, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts