framar97
2010-11-05, 17:28
Dear Spybot team,
My notebook has a google redirect malware. Before knowing this forum, I run tdsskiller and kaspersky, finding and fixing some problems, but google is still redirected.
Following your instructions, I post DSS log.
Thank you for your help, Francesco
DDS (Ver_10-11-03.01) - NTFSx86
Run by myName at 15.49.21,62 on 05/11/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.39.1040.18.3535.1641 [GMT 1:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
D:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
D:\oracle\ora9cl\bin\omtsreco.exe
D:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
D:\oracle\product\10.2.0\db_1\jdk\bin\java.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\system32\wbem\wmiprvse.exe
D:\oracle\product\10.2.0\db_1\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe
D:\oracle\product\10.2.0\db_1\jdk\bin\java.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
D:\oracle\product\10.2.0\db_1\bin\emagent.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\myName\Downloads\dds.com
============== Pseudo HJT Report ===============
uWindow Title = Windows Internet Explorer provided by The HR company
uStart Page = about:blank
uDefault_Page_URL = hxxp://inmyCompany.myCompany.com/MYCOMPANY_Intranet/rubrica.html
uSearch Bar = hxxp://www.google.it/
uInternet Settings,ProxyServer = proxy.vignale.lan:80
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
uPolicies-explorer: NoStartMenuMyGames = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: UseDefaultTile = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: FilterAdministratorToken = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxp://svquickr1.myCompany.com/qp2.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://webmail.myCompany.com/iNotes6W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://webmail2.myCompany.com/dwa8W.cab
DPF: {B20D9D6A-0DEC-4D76-9BEF-175896006B4A} - hxxp://tosrv-peopleweb/wiasp/distribution/RptViewerit.cab
DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\myName\appdata\roaming\mozilla\firefox\profiles\rgfx2dvv.default\
FF - prefs.js: browser.startup.homepage - hxxp://it.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: network.proxy.ftp - proxy2k3
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - proxy2k3
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - proxy2k3
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - proxy2k3
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - proxy2k3
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
============= SERVICES / DRIVERS ===============
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]
R2 OracleDBConsoleSIPE;OracleDBConsoleSIPE;d:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe [2009-6-11 24064]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-11-11 2477304]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-9-18 9216]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-1-22 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-6-8 224384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-21 102448]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-6-8 112128]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-6-8 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-6-8 277440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-9 133104]
S2 Joulemeter Service;Joulemeter Service;c:\program files\microsoft research\joulemeter\JoulemeterService.exe [2010-5-27 60928]
S3 MYCOMPANY_CONTABILIZZA_ART;MYCOMPANY_CONTABILIZZA_ART;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_JAVAORBITER;MYCOMPANY_JAVAORBITER;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_LIQUIDAZIONE_ART;MYCOMPANY_LIQUIDAZIONE_ART;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_MAIN;MYCOMPANY_MAIN;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_MISTOCHIUSURA_ART;MYCOMPANY_MISTOCHIUSURA_ART;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_RETTLIVAUT_ART;MYCOMPANY_RETTLIVAUT_ART;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_RICALCOLOESENZIONI_ART;MYCOMPANY_RICALCOLOESENZIONI_ART;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_RICALCOLOKM_ART;MYCOMPANY_RICALCOLOKM_ART;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_SOS;MYCOMPANY_SOS;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-11-11 23888]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-5-7 112128]
S3 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-5-7 100736]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-3-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-3-19 8320]
S3 OracleORA9_CLIENTClientCache;OracleORA9_CLIENTClientCache;d:\oracle\ora9cl\bin\ONRSD.EXE [2002-4-26 242328]
S3 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;d:\oracle\product\10.2.0\db_1\bin\tnslsnr --> d:\oracle\product\10.2.0\db_1\bin\TNSLSNR [?]
S3 OracleServiceSIPE;OracleServiceSIPE;d:\oracle\product\10.2.0\db_1\bin\oracle.exe sipe --> d:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE SIPE [?]
S3 PeerDistSvc;BranchCache;c:\windows\system32\svchost.exe -k PeerDist [2008-1-21 21504]
S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [2010-10-27 53248]
S3 Tomcat5;Apache Tomcat;d:\tomcat5.0\bin\tomcat5.exe [2004-11-24 102400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 OracleJobSchedulerSIPE;OracleJobSchedulerSIPE;d:\oracle\product\10.2.0\db_1\bin\extjob.exe sipe --> d:\oracle\product\10.2.0\db_1\bin\extjob.exe SIPE [?]
=============== File Associations ===============
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\system32\CScript.exe "%1" %*
=============== Created Last 30 ================
2010-11-04 22:16:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-04 22:16:28 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-11-04 17:57:43 -------- d-----w- c:\users\myName\appdata\roaming\Malwarebytes
2010-11-04 17:57:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-04 17:57:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-04 17:57:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-04 17:57:05 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-04 17:50:55 6153352 ----a-w- c:\temp\mbam-setup-1.46.exe
2010-11-02 16:46:24 86528 ----a-w- C:\mbr.exe
2010-10-30 21:24:23 -------- d-----w- C:\prova
2010-10-29 08:05:05 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-29 08:05:04 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-29 08:05:04 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-28 10:05:33 -------- d-----w- c:\progra~2\Norton
2010-10-28 10:05:31 -------- d-----w- c:\users\myName\appdata\local\NPE
2010-10-27 13:19:04 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys
2010-10-21 14:52:04 -------- d-----w- c:\program files\CCleaner
2010-10-13 08:17:42 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 08:17:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 08:15:40 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 08:15:01 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 08:15:00 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 08:14:55 531968 ----a-w- c:\windows\system32\comctl32.dll
==================== Find3M ====================
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll
============= FINISH: 15.50.11,48 ===============
My notebook has a google redirect malware. Before knowing this forum, I run tdsskiller and kaspersky, finding and fixing some problems, but google is still redirected.
Following your instructions, I post DSS log.
Thank you for your help, Francesco
DDS (Ver_10-11-03.01) - NTFSx86
Run by myName at 15.49.21,62 on 05/11/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.39.1040.18.3535.1641 [GMT 1:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
D:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
D:\oracle\ora9cl\bin\omtsreco.exe
D:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
D:\oracle\product\10.2.0\db_1\jdk\bin\java.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\system32\wbem\wmiprvse.exe
D:\oracle\product\10.2.0\db_1\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe
D:\oracle\product\10.2.0\db_1\jdk\bin\java.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
D:\oracle\product\10.2.0\db_1\bin\emagent.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\myName\Downloads\dds.com
============== Pseudo HJT Report ===============
uWindow Title = Windows Internet Explorer provided by The HR company
uStart Page = about:blank
uDefault_Page_URL = hxxp://inmyCompany.myCompany.com/MYCOMPANY_Intranet/rubrica.html
uSearch Bar = hxxp://www.google.it/
uInternet Settings,ProxyServer = proxy.vignale.lan:80
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
uPolicies-explorer: NoStartMenuMyGames = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: UseDefaultTile = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: FilterAdministratorToken = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxp://svquickr1.myCompany.com/qp2.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://webmail.myCompany.com/iNotes6W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://webmail2.myCompany.com/dwa8W.cab
DPF: {B20D9D6A-0DEC-4D76-9BEF-175896006B4A} - hxxp://tosrv-peopleweb/wiasp/distribution/RptViewerit.cab
DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\myName\appdata\roaming\mozilla\firefox\profiles\rgfx2dvv.default\
FF - prefs.js: browser.startup.homepage - hxxp://it.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: network.proxy.ftp - proxy2k3
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - proxy2k3
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - proxy2k3
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - proxy2k3
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - proxy2k3
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
============= SERVICES / DRIVERS ===============
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]
R2 OracleDBConsoleSIPE;OracleDBConsoleSIPE;d:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe [2009-6-11 24064]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-11-11 2477304]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-9-18 9216]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-1-22 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-6-8 224384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-21 102448]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-6-8 112128]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-6-8 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-6-8 277440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-9 133104]
S2 Joulemeter Service;Joulemeter Service;c:\program files\microsoft research\joulemeter\JoulemeterService.exe [2010-5-27 60928]
S3 MYCOMPANY_CONTABILIZZA_ART;MYCOMPANY_CONTABILIZZA_ART;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_JAVAORBITER;MYCOMPANY_JAVAORBITER;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_LIQUIDAZIONE_ART;MYCOMPANY_LIQUIDAZIONE_ART;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_MAIN;MYCOMPANY_MAIN;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_MISTOCHIUSURA_ART;MYCOMPANY_MISTOCHIUSURA_ART;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_RETTLIVAUT_ART;MYCOMPANY_RETTLIVAUT_ART;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_RICALCOLOESENZIONI_ART;MYCOMPANY_RICALCOLOESENZIONI_ART;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_RICALCOLOKM_ART;MYCOMPANY_RICALCOLOKM_ART;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 MYCOMPANY_SOS;MYCOMPANY_SOS;d:\mycompany\servizi\OamkSvc.exe [2009-6-11 46080]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-11-11 23888]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-5-7 112128]
S3 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-5-7 100736]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-3-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-3-19 8320]
S3 OracleORA9_CLIENTClientCache;OracleORA9_CLIENTClientCache;d:\oracle\ora9cl\bin\ONRSD.EXE [2002-4-26 242328]
S3 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;d:\oracle\product\10.2.0\db_1\bin\tnslsnr --> d:\oracle\product\10.2.0\db_1\bin\TNSLSNR [?]
S3 OracleServiceSIPE;OracleServiceSIPE;d:\oracle\product\10.2.0\db_1\bin\oracle.exe sipe --> d:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE SIPE [?]
S3 PeerDistSvc;BranchCache;c:\windows\system32\svchost.exe -k PeerDist [2008-1-21 21504]
S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [2010-10-27 53248]
S3 Tomcat5;Apache Tomcat;d:\tomcat5.0\bin\tomcat5.exe [2004-11-24 102400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 OracleJobSchedulerSIPE;OracleJobSchedulerSIPE;d:\oracle\product\10.2.0\db_1\bin\extjob.exe sipe --> d:\oracle\product\10.2.0\db_1\bin\extjob.exe SIPE [?]
=============== File Associations ===============
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\system32\CScript.exe "%1" %*
=============== Created Last 30 ================
2010-11-04 22:16:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-04 22:16:28 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-11-04 17:57:43 -------- d-----w- c:\users\myName\appdata\roaming\Malwarebytes
2010-11-04 17:57:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-04 17:57:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-04 17:57:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-04 17:57:05 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-04 17:50:55 6153352 ----a-w- c:\temp\mbam-setup-1.46.exe
2010-11-02 16:46:24 86528 ----a-w- C:\mbr.exe
2010-10-30 21:24:23 -------- d-----w- C:\prova
2010-10-29 08:05:05 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-29 08:05:04 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-29 08:05:04 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-28 10:05:33 -------- d-----w- c:\progra~2\Norton
2010-10-28 10:05:31 -------- d-----w- c:\users\myName\appdata\local\NPE
2010-10-27 13:19:04 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys
2010-10-21 14:52:04 -------- d-----w- c:\program files\CCleaner
2010-10-13 08:17:42 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 08:17:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 08:15:40 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 08:15:01 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 08:15:00 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 08:14:55 531968 ----a-w- c:\windows\system32\comctl32.dll
==================== Find3M ====================
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll
============= FINISH: 15.50.11,48 ===============