Dadcanfixit Posted April 12, 2011 ID:414643 Share Posted April 12, 2011 Hello The limits of my knowledge have been reached, time to ask an expert. I've spent several days searching online forums for identical symptoms to no avail. Have tried 2 or 3 spyware/malware removers (other than Malwarebytes,the best) twice a registry restore and an EXE fix and still have the same dysfunctions. This is my daughters computer, about Christmas time it was infected with the security alert virus. I thought at the time the issue was resolved, everything appeared to be working normally after Malwarebytes and Avast scan and removal. My current issues are: Cannot open any EXE files in normal mode, first got a rundll.32 application not found error, then all files give me an open with option. Am running in safe mode at the moment the only way she will work. Have downloaded current version of Avast but am not able to get it to turn on it will not respond to any action. Here is the latest Malwarebytes scan and the last one showing infections. defogger is enabled. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.orgDatabase version: 6337Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 8.0.6001.187024/11/2011 7:48:55 PMmbam-log-2011-04-11 (19-48-55).txtScan type: Full scan (C:\|)Objects scanned: 211341Time elapsed: 11 minute(s), 52 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6226Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 8.0.6001.187024/6/2011 12:41:15 PMmbam-log-2011-04-06 (12-41-15).txtScan type: Full scan (C:\|)Objects scanned: 218639Time elapsed: 17 minute(s), 24 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 6Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jasmine\Local Settings\Application Data\pej.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jasmine\Local Settings\Application Data\pej.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jasmine\Local Settings\Application Data\pej.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:c:\documents and settings\Jasmine\local settings\Temp\0.31644966148573095.exe (Trojan.Dropper) -> Quarantined and deleted successfully.Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6226Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 8.0.6001.187024/6/2011 12:41:15 PMmbam-log-2011-04-06 (12-41-15).txtScan type: Full scan (C:\|)Objects scanned: 218639Time elapsed: 17 minute(s), 24 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 6Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jasmine\Local Settings\Application Data\pej.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jasmine\Local Settings\Application Data\pej.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jasmine\Local Settings\Application Data\pej.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:c:\documents and settings\Jasmine\local settings\Temp\0.31644966148573095.exe (Trojan.Dropper) -> Quarantined and deleted successfully.ark.zipAttach.zipDDS.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted April 13, 2011 Staff ID:415666 Share Posted April 13, 2011 Hi and welcome to Malwarebytes.Please update MBAM, run a Quick Scan, and post its log. Then run DDS again and post DDS.txt directly into your reply instead of attaching it.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
Dadcanfixit Posted April 13, 2011 Author ID:415768 Share Posted April 13, 2011 screen317, Here are the logs you requested.Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6354Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 8.0.6001.187024/13/2011 5:28:22 PMmbam-log-2011-04-13 (17-28-22).txtScan type: Quick scanObjects scanned: 168726Time elapsed: 46 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected).UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_11-03-05.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 7/31/2009 5:28:26 PMSystem Uptime: 4/10/2011 9:43:05 AM (80 hours ago).Motherboard: Dell Inc. | | 0G848FProcessor: Intel Pentium III Xeon processor | Microprocessor | 2194/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 59 GiB total, 24.922 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet ControllerDevice ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2Manufacturer: MarvellName: Marvell Yukon 88E8040 PCI-E Fast Ethernet ControllerPNP Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2Service: yukonwxp.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.Adobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 9.4.1Advanced Audio FX EngineAdvanced Video FX EngineApple Application SupportApple Mobile Device SupportApple Software Updateavast! Free AntivirusBitTorrentBonjourCA Yahoo! Anti-Spy (remove only)CCleanerCompatibility Pack for the 2007 Office systemCritical Update for Windows Media Player 11 (KB959772)Dell Webcam CentralDell Wireless WLAN Card UtilityDiskeeper Professional Premier EditionHiJackThisHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB945060-v3)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)HP Memories DiscIDT AudioIntegrated Webcam Driver (1.02.01.0320) Intel® Graphics Media Accelerator DriverInterActual PlayeriTunesIZArc 3.81Java Auto UpdaterJava 6 Update 23KODAK Share Button AppLexmark 2600 SeriesLive! Cam Avatar CreatorMalwarebytes' Anti-MalwareMarvell Miniport DriverMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2416447)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Office Professional Edition 2003Microsoft SilverlightMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.21022.218Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Mozilla Firefox (3.6.16)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Nero 7 Ultra EditionQuickTimeSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972260)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974455)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB976325)Security Update for Windows XP (KB977165-v2)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Skype ToolbarsSkype Link to post Share on other sites More sharing options...
Staff screen317 Posted April 15, 2011 Staff ID:416286 Share Posted April 15, 2011 Hi,Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
Dadcanfixit Posted April 15, 2011 Author ID:416325 Share Posted April 15, 2011 Hello again, Ran both scans(below), am still getting an open with box for all programs in a normal mode. Still running in safe mode. ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6425# api_version=3.0.2# EOSSerial=4ec77412a540c34bac381a269cbac565# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-04-15 02:02:11# local_time=2011-04-14 10:02:11 (-0500, Eastern Daylight Time)# country="United States"# lang=9# osver=5.1.2600 NT Service Pack 3# compatibility_mode=512 16777215 100 0 0 0 0 0# compatibility_mode=770 16774142 0 2 0 0 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=47698# found=6# cleaned=6# scan_time=1540C:\Documents and Settings\Administrator.JASMINEPC\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Jasmine\Application Data\Sun\Java\Deployment\cache\6.0\37\3e85f8e5-307720e5 a variant of Java/TrojanDownloader.OpenStream.NBF trojan (deleted - quarantined) 00000000000000000000000000000000 CC:\Documents and Settings\Jasmine\Application Data\Sun\Java\Deployment\cache\6.0\39\bc0fce7-6979253f a variant of Java/TrojanDownloader.OpenStream.NBF trojan (deleted - quarantined) 00000000000000000000000000000000 CC:\Program Files\TrendMicro\HiJackThis\backups\backup-20100326-131641-792.dll Win32/Adware.Gamevance application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{9BFB266D-3C7E-4EB3-BF9A-895EDB45256E}\RP1\A0000016.dll Win32/Adware.Gamevance application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Results of screen317's Security Check version 0.99.10 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! ESET Online Scanner v3 ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 23 Out of date Java installed! Adobe Flash Player 10.2.152.32 Adobe Reader 9.4.1 Out of date Adobe Reader installed! Mozilla Firefox (3.6.16) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent ESET ESET Online Scanner OnlineCmdLineScanner.exe ``````````End of Log```````````` Link to post Share on other sites More sharing options...
Staff screen317 Posted April 16, 2011 Staff ID:416794 Share Posted April 16, 2011 Hi,Is it only with .exe files? If you rename them to .com, does the Open With box still appear?Please download SystemLook from one of the links below and save it to your Desktop.Download Mirror #1Download Mirror #2Double-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield::filefindsfcfiles.dllClick the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt Link to post Share on other sites More sharing options...
Dadcanfixit Posted April 16, 2011 Author ID:416948 Share Posted April 16, 2011 Hello again, I was in the middle of responding to your post last night and lost power due to a wicked wind. All is good we are back in business this morning. Back to your post, I am pretty sure that only .exe files are affected, however I do not know how to change one to .com in order to answer your question. Computer programing from 30+ years ago helps to understand some of the logic involved but it has been a long time and I have forgotten a lot. Here is the latest log requested, Thanks SystemLook 04.09.10 by jpshortstuffLog created at 07:35 on 16/04/2011 by AdministratorAdministrator - Elevation successful========== filefind ==========Searching for "sfcfiles.dll"C:\WINDOWS\system32\sfcfiles.dll --a---- 1614848 bytes [20:46 08/05/2008] [20:46 08/05/2008] 9F42478360E9B053A6703DEF39B4CE33-= EOF =- Link to post Share on other sites More sharing options...
Dadcanfixit Posted April 18, 2011 Author ID:417703 Share Posted April 18, 2011 HI, I found a tutorial on changing file extensions and was able to change an .exe to a .com and it worked without an open with option. After we have finished removing all the virus', could we resolve this issue as well? Also, while trying to figure out why I can't get my avast to turn on, I discovered an antivirus.evt in the system. Is this a possible issue that needs to be resolved as well? I need to get this thing up an running soon, my daughter needs this thing for school work. Thanks Link to post Share on other sites More sharing options...
Staff screen317 Posted April 20, 2011 Staff ID:418603 Share Posted April 20, 2011 Hi,My apologies for the delay.Run this .reg file; it should restore .exe functionality:http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zipAfter running it, restart your computer and see if .exe files will run.I discovered an antivirus.evt in the system. Is this a possible issue that needs to be resolved as well?Where did you find it? Link to post Share on other sites More sharing options...
Dadcanfixit Posted April 20, 2011 Author ID:418712 Share Posted April 20, 2011 Hello Chris(I hope thats ok i'm Art) It may be time to fire your assistant at this end. Stupid mistakes create more problems. I downloaded xp_exe_fix.zip and applied, however stupid me did not close Firefox browser and recieved Registry Editor error "cannot import c:\windows\temp\arc39\xp_exe_fix.reg not all data was successfuly written to the regestry. Some keys are open by system or other process".I closed the browser and ran it again, switched over to normal mode to check if repair was successful. It was not. I still recieve an "open with" window. Now I have created another problem for you to help me repair. Firefox was the .exe file that I renamed to .com and changed back. After applying the exe fix this morning I now recieve the following: 16BIT MS-DOS Subsystem C:\DOCUME~1\ALLUSE~1\Desktop\MOZILL~1.PIF Invalid programe file name. Please check your pif file. Chose 'close' to terminate application. I did a system search for the above file and came up with no result.(could be a hidden file?) Had to search out internet explorer to reply to you, it is never used, dosen't have a shortcut and isn't even listed in the programs in the start menu. As for the EVT, I did a search for antivirus in the system and found Antivirus.evt C:\WINDOWS\system32\config modified 7\10\2010 size 128kb Also found a 1kb dat file in C:\Qoobox\quarantine\Registry_backups, is this anything to be concerned about? Thanks Art Link to post Share on other sites More sharing options...
Staff screen317 Posted April 22, 2011 Staff ID:419321 Share Posted April 22, 2011 Hi Art. Click Start --> Programs --> Accessories --> Windows ExplorerFrom there, click Tools --> Folder Options --> File TypesCreate a new file type EXE; set its associated file type with Application.Restart your computer and see if executables will run.I recommend uninstalling Firefox, grabbing a fresh copy from Mozilla and reinstalling it; see if that solves the issue.Zip up this file and attach it to your post:C:\WINDOWS\system32\config\Antivirus.evtAlso found a 1kb dat file in C:\Qoobox\quarantine\Registry_backups, is this anything to be concerned about?Don't worry about that-- Qoobox is ComboFix's quarantine. Link to post Share on other sites More sharing options...
Dadcanfixit Posted April 22, 2011 Author ID:419370 Share Posted April 22, 2011 Hi Chris, So here is where we are at. Twice tried to create EXE (application) file, after generating a new file I assumed the apply tab would engage it didn't. As you can tell from the "twice tried" this procedure was unsuccessful. New version of Firefox will take some time to get used to, have been resisting the upgrade for a while. I haven't zipped a file for a long time I hope this is correct. Thanks ArtAntivirus.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted April 24, 2011 Staff ID:420139 Share Posted April 24, 2011 Hi, Please open Notepad. Copy and paste the following text (starting with @echo off) into the Notepad document.Navigate to File --> Save As..., and save the file as RegExport.bat (make sure the Save As Type is set to All Files).Save it to your Desktop.@echo offcopy C:\Windows\REGEDIT.exe C:\Windows\REGEDIT.comREGEDIT.com /E "%userprofile%\DESKTOP\EXE.reg" "HKEY_CLASSES_ROOT\exefile"EXITNow navigate to your Desktop, and double click RegExport.batA black window will open and close quickly. This is normal.Now, open Notepad, navigate to your Desktop, and open EXE.reg. Link to post Share on other sites More sharing options...
Dadcanfixit Posted April 24, 2011 Author ID:420251 Share Posted April 24, 2011 OK my friend, Windows registry editor 5.00 is open in notepad. What is the next step? Do I need to import the text somewhere? I opened regedit and compared all the text, they were identical. Awaiting your next set of instructions. Link to post Share on other sites More sharing options...
Staff screen317 Posted April 25, 2011 Staff ID:420507 Share Posted April 25, 2011 Copy and paste the contents here so I can look at it please. Link to post Share on other sites More sharing options...
Dadcanfixit Posted April 25, 2011 Author ID:420614 Share Posted April 25, 2011 Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\exefile]@="Application""EditFlags"=hex:38,07,00,00"TileInfo"="prop:FileDescription;Company;FileVersion""InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"[HKEY_CLASSES_ROOT\exefile\DefaultIcon]@="%1"[HKEY_CLASSES_ROOT\exefile\shell][HKEY_CLASSES_ROOT\exefile\shell\open]"EditFlags"=hex:00,00,00,00[HKEY_CLASSES_ROOT\exefile\shell\open\command]@="\"%1\" %*"[HKEY_CLASSES_ROOT\exefile\shell\runas][HKEY_CLASSES_ROOT\exefile\shell\runas\command]@="\"%1\" %*"[HKEY_CLASSES_ROOT\exefile\shellex][HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]@="{86C86720-42A0-1069-A2E8-08002B30309D}"[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers][HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]@="{86F19A00-42A0-1069-A2E9-08002B30309D}"[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" Link to post Share on other sites More sharing options...
Staff screen317 Posted April 27, 2011 Staff ID:421541 Share Posted April 27, 2011 Hi,Your case is a new type of infection. Please bear with us as we work on a fix. With that said, please grab a fresh copy of ComboFix, run it, and post its log. Link to post Share on other sites More sharing options...
Dadcanfixit Posted April 27, 2011 Author ID:421706 Share Posted April 27, 2011 Hello Chris, After preforming all the prep work to run Combofix, it informed me that Avast was still running. Apparently whatever bugger has taken over this machine had corrupted the fresh download. The user interface showed that nothing was enabled and I had disabled it from the systray, Combofix showed it running so I removed it from the system before continuing. Here is the fresh log you requested. Thanks ArtComboFix 11-04-26.03 - Administrator 04/27/2011 8:38.2.1 - x86 NETWORKMicrosoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3034.2744 [GMT -4:00]Running from: c:\documents and settings\Administrator.JASMINEPC\My Documents\Downloads\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\regedit.com..((((((((((((((((((((((((( Files Created from 2011-03-27 to 2011-04-27 )))))))))))))))))))))))))))))))..2011-04-22 00:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll2011-04-22 00:45 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll2011-04-22 00:45 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll2011-04-22 00:45 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll2011-04-22 00:45 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll2011-04-22 00:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll2011-04-22 00:45 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll2011-04-22 00:45 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll2011-04-15 01:28 . 2011-04-15 01:28 -------- d-----w- c:\program files\ESET2011-04-12 18:27 . 2011-04-12 18:27 -------- d-----w- c:\documents and settings\Administrator.JASMINEPC\Local Settings\Application Data\Adobe2011-04-09 00:51 . 2011-04-09 00:51 -------- d-----w- c:\documents and settings\Administrator.JASMINEPC\Local Settings\Application Data\PackageAware2011-04-08 15:08 . 2011-04-08 15:08 -------- d-----w- c:\documents and settings\Administrator.JASMINEPC\Application Data\QuickScan2011-04-08 01:05 . 2011-04-08 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2011-04-07 02:46 . 2011-04-27 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software2011-04-07 02:46 . 2011-04-07 23:52 -------- d-----w- c:\program files\AVAST Software2011-04-07 02:07 . 2011-04-07 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools2011-04-07 00:38 . 2011-04-07 02:54 -------- d-----w- c:\program files\Free Window Registry Repair2011-04-07 00:11 . 2011-04-07 00:11 -------- d-sh--w- c:\documents and settings\Administrator.JASMINEPC\PrivacIE...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-02-09 13:53 . 2008-04-14 09:42 270848 ----a-w- c:\windows\system32\sbe.dll2011-02-09 13:53 . 2008-04-14 09:41 186880 ----a-w- c:\windows\system32\encdec.dll2011-02-06 01:42 . 2011-02-06 01:42 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-02-06 01:42 . 2011-02-06 01:42 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-02-02 07:58 . 2009-07-31 21:23 2067456 ----a-w- c:\windows\system32\mstscax.dll2008-10-28 17:41 . 2009-12-11 06:39 238896 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll2008-10-28 17:41 . 2009-12-11 06:39 210320 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll2008-10-28 17:41 . 2009-12-11 06:39 83248 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll2008-10-28 17:41 . 2009-12-11 06:39 431512 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll2008-10-28 17:41 . 2009-12-11 06:39 464176 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll2008-10-28 17:41 . 2009-12-11 06:39 144688 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll2008-10-28 17:41 . 2009-12-11 06:39 210224 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll2008-10-28 17:41 . 2009-12-11 06:39 111920 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll2008-10-28 17:41 . 2009-12-11 06:39 218416 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll2008-10-28 17:41 . 2009-12-11 06:39 173360 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll2011-03-18 17:53 . 2011-04-22 00:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..------- Sigcheck -------.[-] 2008-05-08 . 9F42478360E9B053A6703DEF39B4CE33 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll.((((((((((((((((((((((((((((( SnapShot@2011-04-13_22.34.02 ))))))))))))))))))))))))))))))))))))))))).- 2006-02-28 12:00 . 2011-04-13 22:31 71462 c:\windows\system32\perfc009.dat+ 2006-02-28 12:00 . 2011-04-27 12:25 71462 c:\windows\system32\perfc009.dat+ 2006-02-28 12:00 . 2011-04-27 12:25 441692 c:\windows\system32\perfh009.dat- 2006-02-28 12:00 . 2011-04-13 22:31 441692 c:\windows\system32\perfh009.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]2010-12-20 18:09 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-05-20 660136]"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-03-07 107008]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160].[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)"DisableNotifications"= 1 (0x1).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\DNA\\btdna.exe"="c:\\Program Files\\BitTorrent\\bittorrent.exe"="c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="c:\\WINDOWS\\system32\\lxdncoms.exe"="c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"="c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"="c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"="c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"="c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnwbgw.exe"="c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [11/10/2009 1:00 PM 98984]S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [7/31/2009 5:56 PM 20160]S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/31/2009 7:07 PM 113024]S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [7/31/2009 7:07 PM 1656960]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/11/2009 3:31 AM 144128]S3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\drivers\OA009Afx.sys [6/7/2007 5:00 PM 148056]S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [3/6/2009 7:30 AM 133632]S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [3/19/2009 5:02 PM 271552]S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?].Contents of the 'Scheduled Tasks' folder.2011-04-23 c:\windows\Tasks\User_Feed_Synchronization-{668F4B5E-1BF3-4D04-9D35-8596016AA21C}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]..------- Supplementary Scan -------.uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:no-reply@malwarebytes.org?subject=Error%20on%20the%20forumsFF - ProfilePath - c:\documents and settings\Administrator.JASMINEPC\Application Data\Mozilla\Firefox\Profiles\8o1chhqk.default\..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-04-27 08:41Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1659004503-1284227242-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (Administrator)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,98,b3,27,88,2e,ae,48,80,9b,a3,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,98,b3,27,88,2e,ae,48,80,9b,a3,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(564)c:\windows\System32\BCMLogon.dll.Completion time: 2011-04-27 08:42:18ComboFix-quarantined-files.txt 2011-04-27 12:42ComboFix2.txt 2011-04-13 22:35.Pre-Run: 29,007,245,312 bytes freePost-Run: 29,033,926,656 bytes free.- - End Of File - - 73BC54C9409F079A8AD1BA716377BD22 Link to post Share on other sites More sharing options...
Staff screen317 Posted April 28, 2011 Staff ID:422049 Share Posted April 28, 2011 Hi,Can you boot into Normal Mode? In detail, describe the symptoms you are currently experiencing.Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.Next, please open Notepad - don't use any other text editor than notepad or the script will fail.Copy/paste the text in the box below into Notepad:MIA::c:\windows\system32\sfcfiles.dllSave this as CFScript Then drag the CFScript into ComboFix.exe as you see in the screenshot below.This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.-screen317 Link to post Share on other sites More sharing options...
Dadcanfixit Posted April 28, 2011 Author ID:422336 Share Posted April 28, 2011 Hi, Yes, am able to boot in normal mode, however still having issue with .exe files. Here is what I attempted today. Opened My Computer>C Drive>view system information and received the following error, Control Panel C:\WINDOWS\system32\rundll32.exe Application not found Windows security alerts shield is red. Receive an open with window, file: rundll32.exe. Tried to open Adobe reader with Adobe reader(open with) and got "Adobe reader can't open AcroRd32.exe not a supported file type or a damaged file." I also tried again to create a new EXE Application file without success. As I'm sure you know, the drop down window allows me 6 options other than straight application. Have yet to download fresh copy of antivirus, until we resolve the exe issue I can't get it to work anyway. And finally, having read through several forums, I do not have CD for the XP operating software. I do have access to an old desktop with XP operating system should I need to snatch something off it with a zip drive. Here are your logs.ComboFix 11-04-27.03 - Administrator 04/28/2011 7:09.3.1 - x86 NETWORKMicrosoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3034.2755 [GMT -4:00]Running from: c:\documents and settings\Administrator.JASMINEPC\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Administrator.JASMINEPC\Desktop\CFScript.txt..((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 )))))))))))))))))))))))))))))))..2011-04-22 00:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll2011-04-22 00:45 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll2011-04-22 00:45 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll2011-04-22 00:45 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll2011-04-22 00:45 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll2011-04-22 00:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll2011-04-22 00:45 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll2011-04-22 00:45 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll2011-04-15 01:28 . 2011-04-15 01:28 -------- d-----w- c:\program files\ESET2011-04-12 18:27 . 2011-04-12 18:27 -------- d-----w- c:\documents and settings\Administrator.JASMINEPC\Local Settings\Application Data\Adobe2011-04-09 00:51 . 2011-04-09 00:51 -------- d-----w- c:\documents and settings\Administrator.JASMINEPC\Local Settings\Application Data\PackageAware2011-04-08 15:08 . 2011-04-08 15:08 -------- d-----w- c:\documents and settings\Administrator.JASMINEPC\Application Data\QuickScan2011-04-08 01:05 . 2011-04-08 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2011-04-07 02:46 . 2011-04-27 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software2011-04-07 02:46 . 2011-04-07 23:52 -------- d-----w- c:\program files\AVAST Software2011-04-07 02:07 . 2011-04-07 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools2011-04-07 00:38 . 2011-04-07 02:54 -------- d-----w- c:\program files\Free Window Registry Repair2011-04-07 00:11 . 2011-04-07 00:11 -------- d-sh--w- c:\documents and settings\Administrator.JASMINEPC\PrivacIE...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-03-07 05:33 . 2009-07-31 21:24 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-03-04 06:37 . 2008-04-14 09:42 420864 ----a-w- c:\windows\system32\vbscript.dll2011-03-03 13:21 . 2008-04-14 05:00 1857920 ----a-w- c:\windows\system32\win32k.sys2011-02-22 23:06 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-02-22 23:06 . 2008-04-14 09:42 916480 ----a-w- c:\windows\system32\wininet.dll2011-02-22 23:06 . 2008-04-14 09:41 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-02-22 11:41 . 2008-04-14 04:07 385024 ----a-w- c:\windows\system32\html.iec2011-02-17 13:18 . 2008-04-14 04:47 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-02-17 13:18 . 2008-04-14 04:45 357888 ----a-w- c:\windows\system32\drivers\srv.sys2011-02-17 12:32 . 2009-07-31 23:18 5120 ----a-w- c:\windows\system32\xpsp4res.dll2011-02-15 12:56 . 2008-04-14 09:39 290432 ----a-w- c:\windows\system32\atmfd.dll2011-02-09 13:53 . 2008-04-14 09:42 270848 ----a-w- c:\windows\system32\sbe.dll2011-02-09 13:53 . 2008-04-14 09:41 186880 ----a-w- c:\windows\system32\encdec.dll2011-02-08 13:33 . 2008-04-14 09:41 978944 ----a-w- c:\windows\system32\mfc42.dll2011-02-08 13:33 . 2007-04-03 12:44 974848 ----a-w- c:\windows\system32\mfc42u.dll2011-02-06 01:42 . 2011-02-06 01:42 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-02-06 01:42 . 2011-02-06 01:42 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-02-02 07:58 . 2009-07-31 21:23 2067456 ----a-w- c:\windows\system32\mstscax.dll2008-10-28 17:41 . 2009-12-11 06:39 238896 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll2008-10-28 17:41 . 2009-12-11 06:39 210320 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll2008-10-28 17:41 . 2009-12-11 06:39 83248 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll2008-10-28 17:41 . 2009-12-11 06:39 431512 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll2008-10-28 17:41 . 2009-12-11 06:39 464176 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll2008-10-28 17:41 . 2009-12-11 06:39 144688 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll2008-10-28 17:41 . 2009-12-11 06:39 210224 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll2008-10-28 17:41 . 2009-12-11 06:39 111920 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll2008-10-28 17:41 . 2009-12-11 06:39 218416 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll2008-10-28 17:41 . 2009-12-11 06:39 173360 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll2011-03-18 17:53 . 2011-04-22 00:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..------- Sigcheck -------.[-] 2008-05-08 . 9F42478360E9B053A6703DEF39B4CE33 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll.((((((((((((((((((((((((((((( SnapShot@2011-04-13_22.34.02 ))))))))))))))))))))))))))))))))))))))))).- 2006-02-28 12:00 . 2011-04-13 22:31 71462 c:\windows\system32\perfc009.dat+ 2006-02-28 12:00 . 2011-04-28 10:58 71462 c:\windows\system32\perfc009.dat- 2008-04-14 09:42 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll+ 2008-04-14 09:42 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll- 2009-03-08 09:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll+ 2009-03-08 09:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll- 2008-04-14 09:41 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll+ 2008-04-14 09:41 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll+ 2008-04-14 09:41 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll- 2008-04-14 09:41 . 2008-04-14 09:41 45568 c:\windows\system32\dnsrslvr.dll+ 2009-12-25 15:35 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll- 2009-12-25 15:35 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll- 2008-04-14 09:42 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll+ 2008-04-14 09:42 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll- 2009-12-25 15:35 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll+ 2009-12-25 15:35 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll- 2008-04-14 09:41 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll+ 2008-04-14 09:41 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll+ 2008-04-14 09:41 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll- 2008-04-14 09:41 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll- 2008-04-14 09:41 . 2008-04-14 09:41 45568 c:\windows\system32\dllcache\dnsrslvr.dll+ 2008-04-14 09:41 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll- 2011-01-25 16:34 . 2011-01-25 16:34 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe+ 2011-04-28 10:42 . 2011-04-28 10:42 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe+ 2009-08-04 16:58 . 2011-04-28 10:48 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe- 2009-08-04 16:58 . 2011-03-09 22:00 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe- 2009-08-04 16:58 . 2011-03-09 22:00 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe+ 2009-08-04 16:58 . 2011-04-28 10:48 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe- 2009-08-04 16:58 . 2011-03-09 22:00 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe+ 2009-08-04 16:58 . 2011-04-28 10:48 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe- 2009-08-04 16:58 . 2011-03-09 22:00 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe+ 2009-08-04 16:58 . 2011-04-28 10:48 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe+ 2009-08-04 16:58 . 2011-04-28 10:48 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe- 2009-08-04 16:58 . 2011-03-09 22:00 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe- 2009-08-04 16:58 . 2011-03-09 22:00 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe+ 2009-08-04 16:58 . 2011-04-28 10:48 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe- 2010-05-05 22:52 . 2011-02-24 02:52 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll+ 2010-05-05 22:52 . 2011-04-28 10:48 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll+ 2011-04-28 10:46 . 2010-12-20 23:59 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll+ 2011-04-28 10:46 . 2010-12-20 23:59 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll+ 2011-04-28 10:46 . 2010-12-20 23:59 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll+ 2011-04-28 10:46 . 2010-12-20 23:59 43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll+ 2011-04-28 10:46 . 2010-12-20 23:59 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll+ 2011-04-28 10:53 . 2011-04-28 10:53 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll+ 2011-04-28 10:46 . 2011-04-28 10:46 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe+ 2011-04-28 10:45 . 2011-04-28 10:45 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll- 2010-10-02 21:04 . 2010-10-02 21:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll- 2010-10-02 21:04 . 2010-10-02 21:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll- 2010-10-02 21:04 . 2010-10-02 21:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll- 2010-10-02 21:04 . 2010-10-02 21:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll- 2010-10-02 21:04 . 2010-10-02 21:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll- 2010-10-02 21:04 . 2010-10-02 21:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll- 2010-10-02 21:04 . 2010-10-02 21:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll- 2010-10-02 21:04 . 2010-10-02 21:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll- 2010-10-02 21:04 . 2010-10-02 21:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll- 2010-10-02 21:04 . 2010-10-02 21:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll- 2010-10-02 21:04 . 2010-10-02 21:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll- 2010-10-02 21:04 . 2010-10-02 21:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll- 2010-10-02 21:04 . 2010-10-02 21:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll- 2010-10-02 21:04 . 2010-10-02 21:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll- 2009-08-04 16:58 . 2011-03-09 22:00 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe+ 2009-08-04 16:58 . 2011-04-28 10:48 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe+ 2011-04-28 10:44 . 2011-04-28 10:44 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll- 2010-10-02 21:04 . 2010-10-02 21:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll- 2010-10-02 21:04 . 2010-10-02 21:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll+ 2011-04-28 10:44 . 2011-04-28 10:44 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll- 2010-10-02 21:04 . 2010-10-02 21:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll- 2010-10-02 21:04 . 2010-10-02 21:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll- 2010-10-02 21:04 . 2010-10-02 21:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll- 2010-10-02 21:04 . 2010-10-02 21:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll- 2006-02-28 12:00 . 2011-04-13 22:31 441692 c:\windows\system32\perfh009.dat+ 2006-02-28 12:00 . 2011-04-28 10:58 441692 c:\windows\system32\perfh009.dat+ 2008-04-14 09:42 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll- 2008-04-14 09:42 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll- 2008-04-14 09:42 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll+ 2008-04-14 09:42 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll+ 2008-04-14 09:42 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll- 2008-04-14 09:42 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll- 2009-03-08 09:32 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll+ 2009-03-08 09:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll- 2008-04-14 09:41 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll+ 2008-04-14 09:41 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll- 2008-04-14 09:41 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll+ 2008-04-14 09:41 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll- 2008-04-14 09:41 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll+ 2008-04-14 09:41 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll+ 2008-04-14 09:42 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe- 2008-04-14 09:42 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe+ 2009-07-31 17:08 . 2011-04-28 10:52 231184 c:\windows\system32\FNTCACHE.DAT- 2009-07-31 17:08 . 2011-02-09 22:17 231184 c:\windows\system32\FNTCACHE.DAT+ 2008-04-14 04:49 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys- 2008-04-14 04:49 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys+ 2008-04-14 09:41 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll+ 2008-04-14 09:42 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll- 2008-04-14 09:42 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll+ 2008-04-14 09:42 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll+ 2008-04-14 04:45 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys+ 2008-04-14 09:42 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll- 2008-04-14 09:42 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll+ 2008-04-14 09:42 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll- 2008-04-14 09:42 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll- 2008-04-14 09:42 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll+ 2008-04-14 09:42 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll- 2009-12-25 15:35 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll+ 2009-12-25 15:35 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll+ 2009-07-31 23:19 . 2011-02-17 13:18 455936 c:\windows\system32\dllcache\mrxsmb.sys- 2007-04-03 12:44 . 2010-09-18 16:23 974848 c:\windows\system32\dllcache\mfc42u.dll+ 2007-04-03 12:44 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll+ 2008-04-14 09:41 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll+ 2008-04-14 09:41 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll- 2008-04-14 09:41 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll- 2009-07-31 21:24 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll+ 2009-07-31 21:24 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll- 2009-12-25 15:35 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll+ 2009-12-25 15:35 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll+ 2008-04-14 09:41 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll- 2008-04-14 09:41 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll- 2010-06-09 21:15 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll+ 2010-06-09 21:15 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll- 2008-04-14 09:41 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll+ 2008-04-14 09:41 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll+ 2008-04-14 09:42 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe- 2008-04-14 09:42 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe+ 2008-04-14 09:41 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll+ 2008-04-14 09:39 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll- 2008-04-14 04:49 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys+ 2008-04-14 04:49 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys- 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll+ 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll+ 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll+ 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll- 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll+ 2009-08-04 16:58 . 2011-04-28 10:48 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe- 2009-08-04 16:58 . 2011-03-09 22:00 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe+ 2009-08-04 16:58 . 2011-04-28 10:48 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe- 2009-08-04 16:58 . 2011-03-09 22:00 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe+ 2009-08-04 16:58 . 2011-04-28 10:48 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe- 2009-08-04 16:58 . 2011-03-09 22:00 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe- 2009-08-04 16:58 . 2011-03-09 22:00 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe+ 2009-08-04 16:58 . 2011-04-28 10:48 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe- 2009-08-04 16:58 . 2011-03-09 22:00 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe+ 2009-08-04 16:58 . 2011-04-28 10:48 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe+ 2009-08-04 16:58 . 2011-04-28 10:48 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe- 2009-08-04 16:58 . 2011-03-09 22:00 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe+ 2011-04-28 10:42 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll+ 2011-04-28 10:42 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll+ 2011-04-28 10:42 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe+ 2011-04-28 10:42 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll+ 2011-04-28 10:46 . 2010-12-20 23:59 916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll+ 2011-04-28 10:46 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll+ 2011-04-28 10:46 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe+ 2011-04-28 10:46 . 2010-12-20 23:59 206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll+ 2011-04-28 10:46 . 2010-12-20 23:59 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll+ 2011-04-28 10:46 . 2010-12-20 23:59 602112 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll+ 2011-04-28 10:46 . 2010-12-20 23:59 247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll+ 2011-04-28 10:46 . 2010-12-20 23:59 184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll+ 2011-04-28 10:46 . 2010-12-20 23:59 743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll+ 2011-04-28 10:46 . 2010-12-20 23:59 387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll+ 2011-04-28 10:46 . 2010-12-20 12:55 173568 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe+ 2009-07-31 23:19 . 2011-02-17 13:18 455936 c:\windows\Driver Cache\i386\mrxsmb.sys+ 2011-04-28 10:53 . 2011-04-28 10:53 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll+ 2011-04-28 10:53 . 2011-04-28 10:53 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll+ 2011-04-28 10:53 . 2011-04-28 10:53 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll+ 2011-04-28 10:48 . 2011-04-28 10:48 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll+ 2011-04-28 10:47 . 2011-04-28 10:47 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll+ 2011-04-28 10:47 . 2011-04-28 10:47 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll+ 2011-04-28 10:47 . 2011-04-28 10:47 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll+ 2011-04-28 10:47 . 2011-04-28 10:47 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll- 2010-10-02 21:04 . 2010-10-02 21:04 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll- 2010-10-02 21:04 . 2010-10-02 21:04 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll- 2010-10-02 21:04 . 2010-10-02 21:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll- 2010-10-02 21:04 . 2010-10-02 21:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll- 2010-10-02 21:04 . 2010-10-02 21:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll- 2010-10-02 21:04 . 2010-10-02 21:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll- 2010-10-02 21:04 . 2010-10-02 21:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll- 2010-10-02 21:04 . 2010-10-02 21:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll- 2010-10-02 21:04 . 2010-10-02 21:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll- 2010-10-02 21:04 . 2010-10-02 21:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll- 2010-10-02 21:04 . 2010-10-02 21:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll- 2010-10-02 21:05 . 2010-10-02 21:05 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll- 2010-10-02 21:04 . 2010-10-02 21:05 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll- 2010-10-02 21:04 . 2010-10-02 21:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll- 2010-10-02 21:04 . 2010-10-02 21:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll- 2010-10-02 21:04 . 2010-10-02 21:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll- 2010-10-02 21:04 . 2010-10-02 21:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll- 2010-10-02 21:04 . 2010-10-02 21:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll- 2010-10-02 21:04 . 2010-10-02 21:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll- 2010-10-02 21:04 . 2010-10-02 21:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll- 2010-10-02 21:04 . 2010-10-02 21:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll- 2010-10-02 21:04 . 2010-10-02 21:04 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll- 2010-10-02 21:04 . 2010-10-02 21:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll- 2010-10-02 21:04 . 2010-10-02 21:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll- 2010-10-02 21:04 . 2010-10-02 21:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll- 2010-10-02 21:04 . 2010-10-02 21:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll+ 2011-04-28 09:47 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll+ 2008-04-14 09:42 . 2011-02-22 23:06 1210880 c:\windows\system32\urlmon.dll- 2008-04-14 09:42 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll+ 2008-04-14 09:42 . 2011-02-22 23:06 5962240 c:\windows\system32\mshtml.dll+ 2009-03-08 09:32 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll- 2009-03-08 09:32 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll+ 2008-04-14 05:00 . 2011-03-03 13:21 1857920 c:\windows\system32\dllcache\win32k.sys- 2008-04-14 09:42 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll+ 2008-04-14 09:42 . 2011-02-22 23:06 1210880 c:\windows\system32\dllcache\urlmon.dll+ 2008-04-14 09:42 . 2011-02-22 23:06 5962240 c:\windows\system32\dllcache\mshtml.dll+ 2009-12-25 15:35 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll- 2009-12-25 15:35 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll+ 2011-01-18 08:39 . 2011-01-18 08:39 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll- 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll+ 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll+ 2011-01-27 18:49 . 2011-01-27 18:49 6825472 c:\windows\Installer\3b92ec.msp+ 2011-04-05 16:52 . 2011-04-05 16:52 5519872 c:\windows\Installer\3b92b8.msp+ 2010-11-21 03:34 . 2010-11-21 03:34 1198080 c:\windows\Installer\3b9298.msp+ 2011-03-18 00:01 . 2011-03-18 00:01 9563648 c:\windows\Installer\3b9290.msp+ 2011-03-03 15:25 . 2011-03-03 15:25 5051904 c:\windows\Installer\3b9288.msp+ 2011-01-11 21:50 . 2011-01-11 21:50 8177152 c:\windows\Installer\3b9273.msp+ 2009-08-17 20:32 . 2009-08-17 20:32 1787728 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\PPCNV.DLL+ 2011-04-28 10:46 . 2010-12-20 23:59 1210880 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll+ 2011-04-28 10:46 . 2010-12-20 23:59 5961216 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll+ 2011-04-28 10:46 . 2010-12-20 23:59 1991680 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll+ 2011-04-28 10:45 . 2011-04-28 10:45 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll+ 2011-04-28 10:53 . 2011-04-28 10:53 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll+ 2011-04-28 10:45 . 2011-04-28 10:45 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll+ 2011-04-28 10:53 . 2011-04-28 10:53 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll+ 2011-04-28 10:52 . 2011-04-28 10:52 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll+ 2011-04-28 10:48 . 2011-04-28 10:48 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll+ 2011-04-28 10:48 . 2011-04-28 10:48 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll+ 2011-04-28 10:47 . 2011-04-28 10:47 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll+ 2011-04-28 10:48 . 2011-04-28 10:48 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll+ 2011-04-28 10:47 . 2011-04-28 10:47 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll+ 2011-04-28 10:47 . 2011-04-28 10:47 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll+ 2011-04-28 10:47 . 2011-04-28 10:47 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll+ 2011-04-28 10:45 . 2011-04-28 10:45 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b117bf63daa7e587f1bb2d975dccb4af\PresentationBuildTasks.ni.dll- 2010-10-02 21:05 . 2010-10-02 21:05 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll- 2010-10-02 21:05 . 2010-10-02 21:05 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll- 2010-10-02 21:04 . 2010-10-02 21:04 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll- 2010-10-02 21:04 . 2010-10-02 21:04 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll- 2010-10-02 21:04 . 2010-10-02 21:04 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll- 2010-10-02 21:04 . 2010-10-02 21:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll- 2010-10-02 21:04 . 2010-10-02 21:04 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll+ 2011-04-28 10:44 . 2011-04-28 10:44 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll+ 2009-07-31 23:30 . 2011-04-28 10:44 42181064 c:\windows\system32\MRT.exe- 2009-03-08 09:39 . 2010-12-21 10:29 11080704 c:\windows\system32\ieframe.dll+ 2009-03-08 09:39 . 2011-02-22 23:06 11080704 c:\windows\system32\ieframe.dll+ 2009-12-25 15:35 . 2011-02-22 23:06 11080704 c:\windows\system32\dllcache\ieframe.dll- 2009-12-25 15:35 . 2010-12-21 10:29 11080704 c:\windows\system32\dllcache\ieframe.dll+ 2011-04-28 10:47 . 2011-04-28 10:47 20314624 c:\windows\Installer\3b92d8.msp+ 2011-02-24 13:38 . 2011-02-24 13:38 10984448 c:\windows\Installer\3b92cd.msp+ 2011-02-12 00:47 . 2011-02-12 00:47 12028928 c:\windows\Installer\3b92a3.msp+ 2011-04-28 10:46 . 2010-12-21 10:29 11080704 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll+ 2011-04-28 10:52 . 2011-04-28 10:52 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll+ 2011-04-28 10:48 . 2011-04-28 10:48 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll+ 2011-04-28 10:46 . 2011-04-28 10:46 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll+ 2011-04-28 10:46 . 2011-04-28 10:46 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll+ 2011-04-28 10:45 . 2011-04-28 10:45 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll.-- Snapshot reset to current date --.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]2010-12-20 18:09 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-05-20 660136]"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-03-07 107008]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160].[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)"DisableNotifications"= 1 (0x1).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\DNA\\btdna.exe"="c:\\Program Files\\BitTorrent\\bittorrent.exe"="c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="c:\\WINDOWS\\system32\\lxdncoms.exe"="c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"="c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"="c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"="c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"="c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnwbgw.exe"="c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [11/10/2009 1:00 PM 98984]S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [7/31/2009 5:56 PM 20160]S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/31/2009 7:07 PM 113024]S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [7/31/2009 7:07 PM 1656960]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/11/2009 3:31 AM 144128]S3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\drivers\OA009Afx.sys [6/7/2007 5:00 PM 148056]S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [3/6/2009 7:30 AM 133632]S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [3/19/2009 5:02 PM 271552]S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?].Contents of the 'Scheduled Tasks' folder.2011-04-28 c:\windows\Tasks\User_Feed_Synchronization-{668F4B5E-1BF3-4D04-9D35-8596016AA21C}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]..------- Supplementary Scan -------.uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:no-reply@malwarebytes.org?subject=Error%20on%20the%20forumsFF - ProfilePath - c:\documents and settings\Administrator.JASMINEPC\Application Data\Mozilla\Firefox\Profiles\8o1chhqk.default\..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-04-28 07:12Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1659004503-1284227242-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (Administrator)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,98,b3,27,88,2e,ae,48,80,9b,a3,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,98,b3,27,88,2e,ae,48,80,9b,a3,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(564)c:\windows\System32\BCMLogon.dll.- - - - - - - > 'explorer.exe'(528)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dll.Completion time: 2011-04-28 07:13:14ComboFix-quarantined-files.txt 2011-04-28 11:13ComboFix2.txt 2011-04-27 12:42ComboFix3.txt 2011-04-13 22:35.Pre-Run: 28,256,350,208 bytes freePost-Run: 28,248,678,400 bytes free.- - End Of File - - 1552A3A86A036E37632DC2D7DBCC4744.DDS (Ver_11-03-05.01) - NTFSx86 NETWORK Run by Administrator at 7:31:48.32 on Thu 04/28/2011Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3034.2766 [GMT -4:00]..============== Running Processes ===============.C:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\Administrator.JASMINEPC\My Documents\Downloads\dds.scr.============== Pseudo HJT Report ===============.uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:no-reply@malwarebytes.org?subject=Error%20on%20the%20forumsuURLSearchHooks: H - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - mRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlgmRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exemRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptmRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exemRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\docume~1\admini~1.jas\applic~1\mozilla\firefox\profiles\8o1chhqk.default\FF - plugin: c:\documents and settings\administrator.jasminepc\application data\mozilla\firefox\profiles\8o1chhqk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dllFF - plugin: c:\documents and settings\jasmine\application data\move networks\plugins\npqmp071505000010.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll.============= SERVICES / DRIVERS ===============.S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-11-10 98984]S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2009-7-31 20160]S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-7-31 113024]S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [2009-7-31 1656960]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-12-11 144128]S3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\drivers\OA009Afx.sys [2007-6-7 148056]S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?].=============== Created Last 30 ================.2011-04-22 00:45:07 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll2011-04-22 00:45:07 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll2011-04-22 00:45:07 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll2011-04-22 00:45:07 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll2011-04-22 00:45:07 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll2011-04-22 00:45:07 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll2011-04-22 00:45:07 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll2011-04-22 00:45:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll2011-04-15 01:28:23 -------- d-----w- c:\program files\ESET2011-04-13 22:31:12 -------- d-sha-r- C:\cmdcons2011-04-13 22:28:43 98816 ----a-w- c:\windows\sed.exe2011-04-13 22:28:43 89088 ----a-w- c:\windows\MBR.exe2011-04-13 22:28:43 256512 ----a-w- c:\windows\PEV.exe2011-04-13 22:28:43 161792 ----a-w- c:\windows\SWREG.exe2011-04-12 18:27:54 -------- d-----w- c:\docume~1\admini~1.jas\locals~1\applic~1\Adobe2011-04-09 00:51:54 -------- d-----w- c:\docume~1\admini~1.jas\locals~1\applic~1\PackageAware2011-04-08 15:08:14 -------- d-----w- c:\docume~1\admini~1.jas\applic~1\QuickScan2011-04-08 01:05:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com2011-04-07 02:46:40 -------- d-----w- c:\program files\AVAST Software2011-04-07 02:46:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software2011-04-07 02:07:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools2011-04-07 00:38:13 -------- d-----w- c:\program files\Free Window Registry Repair2011-04-07 00:11:09 -------- d-sh--w- c:\documents and settings\administrator.jasminepc\PrivacIE.==================== Find3M ====================.2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll2011-02-06 01:42:46 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-02-06 01:42:46 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll.============= FINISH: 7:32:23.23 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_11-03-05.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 7/31/2009 5:28:26 PMSystem Uptime: 4/28/2011 7:20:21 AM (0 hours ago).Motherboard: Dell Inc. | | 0G848FProcessor: Intel Pentium III Xeon processor | Microprocessor | 2194/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 59 GiB total, 26.335 GiB free.D: is CDROM ()E: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet ControllerDevice ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2Manufacturer: MarvellName: Marvell Yukon 88E8040 PCI-E Fast Ethernet ControllerPNP Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2Service: yukonwxp.==== System Restore Points ===================.RP1: 4/13/2011 6:43:17 PM - System CheckpointRP2: 4/28/2011 6:11:46 AM - System CheckpointRP3: 4/28/2011 6:41:38 AM - Software Distribution Service 3.0.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 9.4.1Advanced Audio FX EngineAdvanced Video FX EngineApple Application SupportApple Mobile Device SupportApple Software UpdateBitTorrentBonjourCA Yahoo! Anti-Spy (remove only)Compatibility Pack for the 2007 Office systemCritical Update for Windows Media Player 11 (KB959772)Dell Webcam CentralDell Wireless WLAN Card UtilityDiskeeper Professional Premier EditionESET Online Scanner v3HiJackThisHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB945060-v3)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)HP Memories DiscIDT AudioIntegrated Webcam Driver (1.02.01.0320) Intel® Graphics Media Accelerator DriverInterActual PlayeriTunesIZArc 3.81Java Auto UpdaterJava 6 Update 23KODAK Share Button AppLexmark 2600 SeriesLive! Cam Avatar CreatorMalwarebytes' Anti-MalwareMarvell Miniport DriverMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2416447)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Office Professional Edition 2003Microsoft SilverlightMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.21022.218Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Mozilla Firefox 4.0 (x86 en-US)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Nero 7 Ultra EditionQuickTimeSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972260)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974455)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB976325)Security Update for Windows XP (KB977165-v2)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Skype ToolbarsSkype Link to post Share on other sites More sharing options...
Staff screen317 Posted April 30, 2011 Staff ID:422990 Share Posted April 30, 2011 Hi,Download exeHelper from here:http://www.raktor.net/exeHelper/exeHelper.scrRun it. When it finishes, restart your computer and see if you can launch .exe files now. Link to post Share on other sites More sharing options...
Dadcanfixit Posted April 30, 2011 Author ID:423005 Share Posted April 30, 2011 Hi, Downloaded and ran exeHelper, still have same issue. Link to post Share on other sites More sharing options...
Staff screen317 Posted May 3, 2011 Staff ID:424285 Share Posted May 3, 2011 Hi,I am consulting with my colleagues and will be back with you as soon as possible. Link to post Share on other sites More sharing options...
Staff screen317 Posted May 3, 2011 Staff ID:424314 Share Posted May 3, 2011 Hi,Log in to the profile where exe files wont work, in Normal Mode. Rename mbam.exe to mbam.com; then run it, update it, run a Quick Scan, and post its log here. Link to post Share on other sites More sharing options...
Dadcanfixit Posted May 3, 2011 Author ID:424369 Share Posted May 3, 2011 Hi Chris, That was it, "open with" issue is resolved. I bow to you and your colleagues. Downloaded fresh copy of Avast, it is up and running. What is next? How many of the programs I downloaded do I need to keep and how many do I need to delete? If I remember correctly I still have defogger enabled or disabled (whatever instructed to do in the beginning). Is there anything else I should install to protect against this happening again? Here is log you requested. I have lost the latest log. It didn't store it. What I can remember is that there was a registry key and a registry value infected, both with some kind of hijack exe in system32\shell. Am now having some kind of PIF error with Malwarebytes after trying to return to an exe file. I assume I need to download a fresh copy? Link to post Share on other sites More sharing options...
Recommended Posts