View Full Version : Antimalware Doctor + more
So I'm having issues with Antimalware Doctor popups, as well as WhiteSmoke Translator popups.
ran spybot, it found a couple registry errors but really didn't do anything. ran mbam, which found 666 infected files (easy number to remember) that it quarentined.
I can't get online when running normally. I'm on Safemode with Networking at the moment. After mbam, the popups seem to have stopped. But I still can't get online via IE or Chrome. But, spybot and mbam both downloaded updates so I know I'm still connected.
Since the mbam scan, I've gotten a BSoD, the computer locks up constantly when trying to navigate control panel, network places, or My Computer. None of the internet browsers work. I just have a bad feeling that my troubles tonight are far from over.
Can I download and run the scans you need from safe mode? Is there a way to get online in normal mode that I don't know of? Or how to get my browsers working since I know I still have a connection somewhere. Sorry I'm not posting scans first but I don't know if I should be doing it in safe mode.
Thank you
Jack&Jill
2011-01-02, 10:01
Hello and welcome to Safer Networking.
I am currently assessing your situation and will be back with a fix for your problem as soon as possible.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.
Please be patient with me during this time.
Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.
Jack&Jill
2011-01-02, 10:14
Hello bob200 :),
Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.
Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.
--------------------
You have Malwarebytes' Anti-Malware (MBAM) on your machine. I wish to take a look at the most recent log file. Open MBAM and click on the Logs tab. Open the file at the bottom of the list and post the contents back here. If there is no log or you have yet to run MBAM, please let me know.
--------------------
Please download DDS from one of the links below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Link 3 (http://www.infospyware.net/sUBs/dds)
Please disable any script blocker before running DDS.
Double click on dds file and a command window will appear. This is normal.
Shortly after, two logs will appear:
DDS.txt
Attach.txt
A window will open instructing you save and post the logs.
Save the logs to a convenient location such as your desktop.
Copy the contents of both logs and post them in your next reply.
You can do it in Safe Mode if having problems running in Normal Mode.
--------------------
Please post back:
1. the previous MBAM log
2. the DDS logs (DDS.txt and Attach.txt)
Thank you. I've subscribed to the thread.
Just to update from my original post.
After the above post, I ran a SUPERantispyware scan. After the scan I was asked to restart. After the restart, my explorer.exe stopped working (Im assuming) because all I have is a blank desktop and ctrl-alt-del for Task Manager.
I tried running explorer.exe via New Task, nothing.
I can get online now via New Task, even in normal mode. But the computer locks up a lot, and whenever I try and shut down/restart, it locks up on the Windows is saving you settings part.
However, I haven't seen any new popups from Antimalware doctor.
Haven't tried any new scans or anything since... I didn't want to keep going backwards. I bought this computer from my boss not too long ago... I don't know where the windows CD is.
I actually don't have the old mbam logs. I uninstalled it after it kept crashing when i tried to do another scan.
So I just downloaded mbam again and scanned.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5363
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
1/2/2011 12:24:09 AM
mbam-log-2011-01-02 (00-24-09).txt
Scan type: Quick scan
Objects scanned: 147255
Time elapsed: 2 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS
DDS (Ver_10-12-12.02) - NTFSx86
Run by Auser at 0:24:48.03 on Sun 01/02/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1458 [GMT -8:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\DKabcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Guardian.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\wee.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Auser\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.choiceadvantage.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\auser\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [modset70700update.exe] c:\documents and settings\auser\application data\906e878b6dffa6d3ac6ca83ac93bdf64\modset70700update.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTDCPL.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\wee.exe" /runcleanupscript
mRunOnce: [*Restore] c:\windows\system32\restore\rstrui.exe -c
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {7451D317-862C-45DA-8C28-1B21ADF95877} - hxxp://208.57.191.182/WebViewS.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {DCBF889B-422B-4AA0-9914-D5045A103758} - hxxp://208.57.191.182/WebRPB.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R2 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
R2 TheGuardianService;TheGuardian;c:\windows\system32\Guardian.exe [2010-11-18 57344]
R3 CmtlPort;Comtrol Serial Port;c:\windows\system32\drivers\rp2cport.sys [2009-11-9 112128]
R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2010-2-23 209960]
R3 RcktPort;Comtrol RocketPort Infinity;c:\windows\system32\drivers\rp2.sys [2009-10-15 33792]
S0 cerc6;cerc6; [x]
S0 cjglq;cjglq;c:\windows\system32\drivers\vwkaailq.sys --> c:\windows\system32\drivers\vwkaailq.sys [?]
S0 sshtrc;sshtrc; [x]
=============== Created Last 30 ================
2011-01-02 08:20:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-02 08:20:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-02 08:20:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-01 07:45:04 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-01-01 07:45:01 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-01-01 07:45:01 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-01-01 07:43:57 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2011-01-01 07:42:57 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-01-01 07:41:57 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-01-01 07:40:58 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-01-01 07:39:56 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2011-01-01 07:38:56 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2011-01-01 07:37:57 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-01-01 07:36:58 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2011-01-01 07:35:58 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2011-01-01 07:34:59 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2011-01-01 07:33:58 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-01-01 07:32:58 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2011-01-01 07:31:57 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2011-01-01 07:30:46 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2011-01-01 07:29:59 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2011-01-01 07:28:59 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2011-01-01 07:27:57 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2011-01-01 07:26:59 114944 -c--a-w- c:\windows\system32\dllcache\epstw2k.sys
2011-01-01 07:25:59 131156 -c--a-w- c:\windows\system32\dllcache\digidbp.dll
2011-01-01 07:24:59 27164 -c--a-w- c:\windows\system32\dllcache\ce3n5.sys
2011-01-01 07:23:59 36463 -c--a-w- c:\windows\system32\dllcache\ati1tuxx.sys
2010-12-31 07:50:53 81410 ----a-w- c:\docume~1\alluse~1\applic~1\wKWswWK6.exe
2010-12-30 09:07:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-30 09:07:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-30 09:07:39 -------- d-----w- c:\docume~1\auser\applic~1\906E878B6DFFA6D3AC6CA83AC93BDF64
2010-12-29 12:55:18 -------- d-----w- c:\windows\pss
2010-12-29 11:13:20 -------- d-----w- c:\docume~1\auser\applic~1\SUPERAntiSpyware.com
2010-12-29 11:02:20 -------- d-----w- c:\program files\SUPERAntiSpyware(2)
2010-12-29 09:31:43 -------- d-----w- c:\program files\bam
2010-12-29 09:22:14 -------- d-----w- c:\docume~1\auser\applic~1\Malwarebytes
2010-12-29 09:22:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-29 08:55:16 -------- d-----w- c:\docume~1\auser\applic~1\whitesmoketoolbar(2)
2010-12-29 08:15:20 -------- d-----w- c:\program files\whitesmoketoolbar(2)
2010-12-29 08:14:51 -------- d-----w- c:\windows\system32\%APPDATA%
2010-12-29 03:47:28 21284 ---h--w- c:\windows\winamp.exe
2010-12-29 03:47:26 21284 ---h--w- c:\windows\hexdump.exe
2010-12-29 03:47:21 21284 ---h--w- c:\windows\spoolsv.exe
2010-12-29 03:47:20 21284 ---h--w- c:\windows\taskmgr.exe
2010-12-29 03:47:12 30000 ----a-w- c:\windows\system32\mh8v69.dll
2010-12-29 03:46:49 -------- d-----w- c:\docume~1\auser\locals~1\applic~1\SanctionedMedia
2010-12-21 12:47:55 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-12-21 12:47:55 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-12-21 12:47:54 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-12-21 12:47:54 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-21 12:47:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-12-21 12:47:47 -------- d-----w- c:\windows\Logs
2010-12-08 09:29:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-08 09:29:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-07 08:43:05 -------- d-----w- c:\program files\GRETECH
2010-12-06 08:06:19 -------- d-----w- c:\windows\system32\appmgmt
2010-12-05 08:06:01 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2010-12-05 07:46:23 -------- d--h--w- c:\windows\system32\1039
2010-12-04 07:26:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-17 21:01:46 344064 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD161GJ rev.1AC01122 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89D56555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d5c7b0]; MOV EAX, [0x89d5c82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89DAAAB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89DB3238]
\Driver\atapi[0x89E20258] -> IRP_MJ_CREATE -> 0x89D56555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_HD161GJ_________________________1AC01122#5&125555f1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x89D5639B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
============= FINISH: 0:25:59.84 ===============
attatch.txt was too long, will post after
attach.txt still too long.. will split it into 2 posts
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/23/2010 10:05:48 AM
System Uptime: 1/1/2011 11:23:54 PM (1 hours ago)
Motherboard: Dell Inc. | | 0HN7XN
Processor: Intel Pentium III Xeon processor | CPU | 2693/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 115.017 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 12/28/2010 7:57:36 PM - System Checkpoint
RP2: 12/29/2010 3:19:02 PM - Restore Operation
RP3: 12/30/2010 1:07:08 AM - Restore Operation
==== Installed Programs ======================
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Broadcom NetXtreme-I Netlink Driver and Management Installer
Comtrol Corporation
Dell Printer Software Uninstall
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard for Students and Teachers
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
==== Event Viewer Messages From Past Week ========
12/31/2010 11:45:05 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
12/31/2010 11:44:19 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\winzm.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:44:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\winsp.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:44:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\winpy.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:44:17 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\winime.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:44:16 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wingb.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:44:16 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\winar30.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:44:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\weitekp9.sys could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:44:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\weitekp9.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:53 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\wamreg.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:52 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\wamps.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:52 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\wam.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:38 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\w3svc.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:37 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\w3svapi.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:37 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\w3ctrs.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:37 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\w3ext.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:36 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\w32.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:29 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\applets\voicesub.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:29 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\applets\voicepad.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:42:45 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\uniime.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:42:44 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\unicdime.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:42:11 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\uihelper.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:42:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\tsprof.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:41:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\tools.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:41:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\ime\tintlgnt\tmigrate.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:41:22 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\tintlgnt.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:41:21 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\thawbrkr.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:40:24 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\svcext.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:40:12 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\status.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:40:11 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\sspifilt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:40:10 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\ssinc.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:40:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\srusbusd.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:37 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\applets\softkey.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:33 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\snprfdll.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:33 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\snmptrap.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:32 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmpthrd.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:32 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmpstup.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:31 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmpsmir.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:31 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmpincl.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:31 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\snmpmib.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:30 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmpcl.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:30 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\snmp.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:29 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\smtpctrs.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:29 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\smtpsvc.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:28 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\smtpapi.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:27 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmp\smimsgif.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:24 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmp\smierrsy.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:24 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmp\smierrsm.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:21 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmp\smi2smir.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:09 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\smb6w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sma3w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:00 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm9aw.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:00 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm93w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:59 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm92w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:56 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm90w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm8dw.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm8cw.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm8aw.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm89w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:53 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm87w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:53 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm81w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:53 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm59w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:20 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\simptcp.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:37:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\seos.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:37:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\seo.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:37:47 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\scripto.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\rwnh.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:49 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\rwia330.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:49 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\rwia001.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:47 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\rw330ext.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:47 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\rw001ext.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:34 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\rpcref.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:33 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\romanime.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:25 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\regtrace.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:25 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\register.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\ramdisk.sys could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:08 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\quser.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\quick.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\query.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:52 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\pwsdata.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:28 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\pmxviceo.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:28 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\pmxmcro.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:27 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\pmxgl.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:27 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\ime\pintlgnt\pmigrate.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:27 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\ime\pintlgnt\pintlphr.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\pintlgnt.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:26 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\chsime\applets\pintlcsd.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:26 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\chsime\applets\pintlcsa.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:22 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\phon.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\permchk.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:34:44 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\pagecnt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:34:43 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\shared\res\padrs804.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:34:43 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\shared\res\padrs412.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:34:43 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\shared\res\padrs411.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:34:42 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\shared\res\padrs404.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:33:51 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\ntfsdrv.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:33:45 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\nsepm.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:33:36 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\nextlink.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:50 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\applets\multibox.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:46 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\mtstocom.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:32 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\msiregmv.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:31 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\msir3jp.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\com\migregdb.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:06 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\migisol.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\mga.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:00 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\metadata.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\mdsync.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:52 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\md5filt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:49 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\mailmsg.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:29 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\lprmon.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:28 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\lpdsvc.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\lonsint.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:25 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\logscrpt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\lmmib2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:06 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\korwbrkr.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdurdu.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdth3.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:02 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdth2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:02 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdth1.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:02 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdth0.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdsyr2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdsyr1.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:59 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdlk41j.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:59 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdlk41a.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:58 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdintel.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:58 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdintam.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:58 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdinpun.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:58 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdinmar.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:57 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdinkan.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:57 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdinhin.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:57 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdinguj.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:56 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdindev.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:56 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdibm02.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdheb.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdfa.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbddiv2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbddiv1.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:52 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdax2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:52 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbda3.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:51 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbda2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:51 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbda1.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:51 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbd106n.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:50 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbd101.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:50 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\jupiw.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:49 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iwrps.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:48 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iscomlog.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:48 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\isapips.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:39 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\iprip.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:27 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\infoctrs.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\infocomm.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\inetinfo.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:25 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\applets\imskf.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:24 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\shared\imlang.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:24 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\applets\imskdic.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:23 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\imjputyc.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:22 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\imjpdct.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:21 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\imjpcus.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:21 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\imjpcic.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:20 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\imjp81k.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:20 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\imjp81.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:20 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\shared\imepadsm.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:19 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\imekr61.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:19 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imkr6_1\imekrcic.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:19 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imkr6_1\applets\imekrmbx.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iissync.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\iismui.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:17 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iislog.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:17 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iisfecnv.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:17 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iiscrmap.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:17 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iisclex4.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:16 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iischema.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:16 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iisadmin.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:29:39 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imkr6_1\applets\hwxkor.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:29:37 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\applets\hwxjpn.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:29:34 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\chtime\applets\hwxcht.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:29:32 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\httpodbc.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:29:31 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\httpmib.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:29:31 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\httpext.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:30 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\hostmib.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:21 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imkr6_1\dicts\hanjadic.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:20 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\gzip.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:06 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsxp32.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxswzrd.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsui.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxstiff.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxst30.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxssvc.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsst.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxssend.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsroute.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsres.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsperf.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:02 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsmon.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:02 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsext32.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:02 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsevent.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsdrv.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxscover.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxscomex.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxscom.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:00 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsclntr.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:00 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsclnt.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:00 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxscfgwz.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:59 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsapi.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\ftpsvc2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\ftpmib.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\ftpctrs2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:53 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\ftlx041e.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:45 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\flattemp.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:38 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fcachdll.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:34 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\f3ahvoas.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:31 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\exstrace.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:30 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\explorer.exe has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.0.1.
12/31/2010 11:27:30 PM, information: Windows File Protection [64004] - The protected system file c:\windows\explorer.exe could not be restored to its original, valid version. The file version of the bad file is 0.0.0.1 The specific error code is 0x800b0100 [No signature was present in the subject. ].
12/31/2010 11:27:27 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\evntwin.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\evntcmd.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\evntagnt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:25 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\esunid.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:22 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\esuimgd.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:20 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\esucmd.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:26:35 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\edb500.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:44 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\davcdata.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:44 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\dayi.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:21 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\cprofile.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\counters.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\convlog.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:17 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\controt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:16 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\compfilt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:08 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\cintlgnt.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\ime\cintlgnt\cintime.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:06 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\chtime\applets\chtskf.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:06 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\chtime\applets\chtskdic.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\chtbrkr.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\chsbrkr.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:05 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\chtime\applets\chtmbx.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\chgusr.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\chgport.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\chglogon.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:02 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\change.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\chajei.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:24:49 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\c_iscii.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:24:48 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\c_is2022.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:24:48 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\c_g18030.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:24:33 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\browscap.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:24:19 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\authfilt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\asptxn.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\asp.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\aspperf.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:53 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\aqueue.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:53 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\aqadmin.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:52 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\appconf.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:48 PM, information: Windows File Protection [64021] - The system file c:\windows\msagent\intl\agt0804.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:47 PM, information: Windows File Protection [64021] - The system file c:\windows\msagent\intl\agt0412.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:47 PM, information: Windows File Protection [64021] - The system file c:\windows\msagent\intl\agt0411.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:46 PM, information: Windows File Protection [64021] - The system file c:\windows\msagent\intl\agt040d.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:46 PM, information: Windows File Protection [64021] - The system file c:\windows\msagent\intl\agt0404.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:46 PM, information: Windows File Protection [64021] - The system file c:\windows\msagent\intl\agt0401.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:39 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\adrot.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:39 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\adsiisex.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:38 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\admxprox.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:37 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\admexs.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:23 PM, information: Windows File Protection [64004] - The protected system file c:\windows\system32\winlogon.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.5512 The specific error code is 0x800b0100 [No signature was present in the subject. ].
12/31/2010 11:23:22 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wamregps.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:22 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\winlogon.exe has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/31/2010 11:23:21 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\bin\1033\tcptsat.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:20 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\staxmem.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:20 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\smtpsnap.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:19 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\smtpadm.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:08 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\logui.ocx could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\infoadmn.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\isatq.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:06 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\inetmgr.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:06 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\inetmgr.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:06 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iisui.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:06 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsloc.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iisrstas.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\iisrtl.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\iisrstap.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\iisreset.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\iismap.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\iisext.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\ftpsapi2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:03 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\bin\1033\fpmmcsat.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:22:59 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\coadmin.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:22:59 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\cnfgprts.ocx could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:22:58 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certwiz.ocx could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:22:58 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:22:56 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\adsiis.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:22:56 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\admwprox.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/30/2010 12:50:17 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/30/2010 12:18:51 AM, information: Windows File Protection [64004] - The protected system file explorer.exe could not be restored to its original, valid version. The file version of the bad file is 0.0.0.1 The specific error code is 0x00000426 [The service has not been started. ].
12/29/2010 8:26:09 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
12/29/2010 6:59:37 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
12/29/2010 5:36:16 PM, error: Service Control Manager [7034] - The TheGuardian service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 5:36:16 PM, error: Service Control Manager [7034] - The dkab_device service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 4:44:58 AM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Auser.
12/29/2010 4:44:57 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\coadmin.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:56 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\cnfgprts.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:55 AM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\bin\cfgwiz.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:53 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certwiz.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:51 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:50 AM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_aut\author.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:48 AM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_aut\author.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:46 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\adsiis.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:45 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\admwprox.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:43 AM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_adm\admin.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:39 AM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_adm\admin.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:14 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
12/29/2010 4:24:26 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
12/29/2010 3:46:23 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL
12/29/2010 12:59:53 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/29/2010 12:59:53 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2010 12:59:53 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2010 12:59:53 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2010 12:59:53 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2010 12:59:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/29/2010 1:38:05 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/29/2010 1:32:44 AM, error: Service Control Manager [7022] - The Server service hung on starting.
12/29/2010 1:32:44 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
12/29/2010 1:16:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/29/2010 1:15:48 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
12/29/2010 1:04:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/29/2010 1:00:04 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/28/2010 7:47:45 PM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: A device attached to the system is not functioning.
12/27/2010 1:21:53 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer CA596-2 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{352F1033-F0A0-485B-9. The master browser is stopping or an election is being forced.
==== End Of File ===========================
Jack&Jill
2011-01-02, 13:05
Hello bob200 :),
Using the same method of New Task... via Windows Task Manager, browse to the following location:
C:\Documents and Settings\Auser\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Please note that the folder Application Data is hidden, so you will need to type in the name when you reach C:\Documents and Settings\Auser.
When you reach the Logs folder, see if there is any other log file from MBAM besides the one you have just provided. Please post it back here.
--------------------
Please download SystemLook© by jpshortstuff from one of the links below and save it to your desktop.
Link 1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Link 2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double click on SystemLook.exe to run it.
Copy and paste the following text into the main textfield:
:filefind
explorer.*
Click the Look button to start the scan. This might take a while.
When finished, a Notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your desktop as SystemLook.txt.
--------------------
Please download Rootkit Unhooker and save it to your desktop. Click here. (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE)
Double click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Ensure the following are checked (ticked):
Drivers
Stealth Code
Files
Code Hooks
Uncheck the rest, then click OK. An initial scan will be performed.
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
Save the report somewhere you can find it. Click Close to exit.
Copy the entire contents of the report and paste it in your next reply.
You may get a warning about parasite detection. Please click OK to continue.
--------------------
Please post back:
1. old MBAM log if any
2. SystemLook result
3. Rookit Unhooker log
mbam log 12/29 pt1
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5363
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
12/29/2010 1:37:00 AM
mbam-log-2010-12-29 (01-37-00).txt
Scan type: Quick scan
Objects scanned: 135344
Time elapsed: 1 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 65
Files Infected: 592
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\modset70700update.exe (Trojan.FakeAlert) -> Value: modset70700update.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Not selected for removal.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\program files\whitesmoketoolbar (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\modules (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\newtab (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\dynamicelements (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\rss (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\search (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\weather (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\options (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\searchbar (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\components (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\Auser\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\networkservice\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Not selected for removal.
Files Infected:
c:\documents and settings\Auser\application data\906e878b6dffa6d3ac6ca83ac93bdf64\modset70700update.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\whitesmoketoolbarx.dll (PUP.WhiteSmoke) -> Not selected for removal.
c:\WINDOWS\system32\drivers\sshtrc.sys (Trojan.Bubnix) -> Quarantined and deleted successfully.
c:\WINDOWS\nrftlc.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\WINDOWS\spoolsv.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\taskmgr.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\hexdump.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\winamp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\avp32.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\iexplarer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\manifest.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\toolbar.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\uninstall.exe (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\whitesmoketoolbar.dll (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\neterror.xhtml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\preferences.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\toolbar.htm (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\toolbar.xul (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\vmncode.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\vmnrsswin.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\about.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxwin.xul (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\external.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\neterror.xhtml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\rsspreview.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xsl (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\vmncode.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\modules\datastore.jsm (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\newtab\newtab.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\tb_icon.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.jsw (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget_version.txt (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\main.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css\dialog.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\bg.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\default.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\transparent.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\tb_icon.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\Thumbs.db (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.jsw (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget_version.txt (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css\twitter.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-submit.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\loginbg.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh-over.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-disable.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-down.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-disable.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-down.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-l.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-r.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-l.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-r.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\throbber.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\Thumbs.db (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter-logo48.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter_top.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\jquery.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\scripts.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\main.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css\dialog.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\bg.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\default.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\transparent.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\tb_icon.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.jsw (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget_version.txt (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\main.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css\dialog.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\bg.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-search.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\default.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\transparent.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\index.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\tb_icon.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.jsw (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget_version.txt (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css\dialog.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrow-grey.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-left.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-right.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\powered-by-youtube.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-disable.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-down.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-disable.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-down.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-l.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-r.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-l.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-r.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-l.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-r.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\throbber.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\Thumbs.db (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\vid-bg.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\youtube.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery-1.3.2.min.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery.autocomplete.min.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\main.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css\dialog.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\bg.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-search.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\default.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\transparent.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\dynamicelements\vmntoolbar.xsl (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\rss\rss.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\search\engines.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\search\search.xsl (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\weather\icons.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\634017460871087500_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\about.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\babylon_logo.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\bing_16x16.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\blank_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\bluelite.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\bluesky.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\btn-search-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\btn-search.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\btn_settings.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\ca.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\checkmytext_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\checkmytext_png_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dictionary.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dictionary_png_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\divider.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\downloadcom.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dtxlogo.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\email.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\email_on.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\eteacher_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\facebook.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon2_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\france_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\games.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\gamesicon_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\games_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred0.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred0_5.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred1.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred1_5.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred2.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred2_5.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred3.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred3_5.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred4.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred4_5.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred5.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphredna.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\grey.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\ico-shield.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\images.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\italy_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lichen.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\logo-about.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\logo-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\logo-separator.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\logo.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\mail.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\menuseparatorback.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\modify-save.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\modify.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\modifyhot.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\music.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\namespacetoolbar.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\networkicons_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dictionary_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-found.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\shopping.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\vmn.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\news.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\orange.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\pixsy.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\protect-id.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\relatedlinks.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-collapse.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-delete.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-expand.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-feed.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-remove.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-rename.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-reload.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-subscribe.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rssback.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rsstopback.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss_feed_icon_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\search-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\search.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\settings.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\siteinfo.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluelite.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluesky.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\skin-grey.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\skin-lichen.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\skin-orange.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\skin-yellow.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\skin.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\spain_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\technorati.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\throbber.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\toolbarsplitter.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\translate.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\translate_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\translate_png_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\truste_about.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\tvicons_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\tvicon_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\tv_icon3_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\usa_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\vmn.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\web.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\wikipedia.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\yahoosearch.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\yellow.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\youtube.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\zoom.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics\folder.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\add.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\aol.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\blank.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
mbam log 12/29 pt2
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn_slider.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\checkmark.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\chevron.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\collapse.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\comcast.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\dtx.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\expand.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\found.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\gmail.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_yellow.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\hotmail.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\ico-check.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\imap.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\lastsearch-thumb-back.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\loadingmid.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\lock.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\logo-separator.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\mailcom.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitem-splitter.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-down-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-down-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-down-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_bg-basic.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_bar.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-start.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_magenta.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_white.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\modify.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\move.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\movetarget.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\pop.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\reload.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\remove.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\rename.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\resize-box.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\rss.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\rsschannelback.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\RSSLogo.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\rsstabdivider.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\search-go.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\search.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\text-ellipsis.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\throbber.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\toolbarsplitter.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\transparent_1px.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\yahoo.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\footer.htm (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gamecategory.xsl (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameData.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameList.xsl (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\games.xsl (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gametype.xsl (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\inithtml.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupgames.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popuphtml.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popuprss.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupwidgets.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\scroll.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\panels.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupabout.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupgames.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupRSS.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupwidgets.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\main.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css\dialog.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\bg.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-search.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\default.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\transparent.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts\defscript.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb-on.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-topwin.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-dn.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-up.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-btnover.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-back.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-grey.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-drag.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-moredetails.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bullet-orange.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-calendar.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-download.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-joystick24.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-news24.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-play.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-tags.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Add.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-download.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-info.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-play.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-shop.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgon.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgover.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-disable.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-down.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-disable.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-down.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_grey.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_orange.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\truste_about.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-on.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-on.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\managerpanel.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\volumeslider.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\manager.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\slider.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-off.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\bg-pnl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-grey.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\collapsed_button.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\expanded_button.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-radio.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\music-note.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-on.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-0.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-1.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-2.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-3.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-track.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slider.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slideron.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\track.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_07.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_02.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_03.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_04.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_06.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_08.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_09.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_10.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_11.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_12.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_13.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_14.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_15.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_16.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_18.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_19.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_20.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_21.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-grey.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-greyover.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-hot.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-normal.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\loadingmid.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\proxy.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\templateff.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\throbber.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\weather.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupweather.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupweather.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\options\options-main.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\options\options-search.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\options\options-weather.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\options\options-widgets.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-middle.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\components\windowmediator.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\Auser\application data\whitesmoketoolbar\dtx.ini (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\Auser\application data\whitesmoketoolbar\guid.dat (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\Auser\application data\whitesmoketoolbar\preferences.dat (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\Auser\application data\whitesmoketoolbar\stats.dat (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\dtx.ini (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\exeArgs.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\guid.dat (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\setupCfg.xml (PUP.WhiteSmoke) -> Not selected for removal.
________________________
mbam log 12/30
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5421
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
12/30/2010 1:51:50 AM
mbam-log-2010-12-30 (01-51-50).txt
Scan type: Full scan (C:\|)
Objects scanned: 172076
Time elapsed: 15 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{a5de743f-0f21-43de-84df-80bca1ced990}\RP1\A0003021.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a5de743f-0f21-43de-84df-80bca1ced990}\RP1\A0008162.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a5de743f-0f21-43de-84df-80bca1ced990}\RP3\A0025565.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a5de743f-0f21-43de-84df-80bca1ced990}\RP3\A0025662.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a5de743f-0f21-43de-84df-80bca1ced990}\RP3\A0026775.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a5de743f-0f21-43de-84df-80bca1ced990}\RP3\A0026776.exe (Trojan.Agent) -> Quarantined and deleted successfully.
___________________
___________________
System Look
SystemLook 04.09.10 by jpshortstuff
Log created at 03:14 on 02/01/2011 by Auser
Administrator - Elevation successful
========== filefind ==========
Searching for "explorer.*"
C:\I386\EXPLORER.EX_ --a---- 356615 bytes [18:10 23/02/2010] [07:00 14/04/2008] D7B59A7EC9CB1429FDCEC84A22228555
C:\I386\EXPLORER.SC_ --a---- 181 bytes [18:10 23/02/2010] [07:00 14/04/2008] BC5B38879C56DFBC05C8B5C43AC4D739
C:\WINDOWS\explorer.exe --a---- 1033728 bytes [07:00 14/04/2008] [07:00 14/04/2008] 9564D9CA61999899950854EBB4B39795
-= EOF =-
Rootkit
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB971D000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6320128 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA84E1000 C:\WINDOWS\system32\drivers\RtDHDAud.sys 6070272 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF322000 C:\WINDOWS\System32\igxpdx32.DLL 3518464 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xBF05E000 C:\WINDOWS\System32\igxpdv32.DLL 2899968 bytes (Intel Corporation, Component GHAL Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9E35000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB9D24000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xA820E000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9573000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA8341000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA768B000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA7302000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 237568 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB96AC000 C:\WINDOWS\system32\DRIVERS\k57xp32.sys 217088 bytes (Broadcom Corporation, Broadcom NetLink (TM) Gigabit Ethernet NDIS5.1 Driver.)
0xB95F9000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA77FB000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9E08000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA827E000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB96E1000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA82F1000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA82CB000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA84BD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9688000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9651000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA82A9000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EEB000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB952C000 C:\WINDOWS\system32\DRIVERS\rp2cport.sys 126976 bytes (Comtrol Corporation, Serial Port Device Driver)
0xB9DEE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA81F6000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB963A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA7966000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9674000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9709000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA839A000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9629000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA308000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA258000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA79A3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA228000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA198000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA188000 C:\WINDOWS\system32\DRIVERS\rp2.sys 49152 bytes (Comtrol Corporation, Multiport Serial Device Driver)
0xBA2A8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA238000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA218000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA178000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA208000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA288000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA774B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3C0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA370000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xA6591000 C:\DOCUME~1\Auser\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA380000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA398000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA388000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA390000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3A8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA488000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA498000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA430000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA57C000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9D9D000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA7B9B000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA590000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4BC000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA83E9000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA83CD000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x89E04000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xA833D000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA5A0000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA580000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA554000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA5F6000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AA000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA60E000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5F2000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5FA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA636000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA5FE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5E0000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5E6000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5A8000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7EB000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7A9000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6D4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x89D5639B ?_empty_? 3173 bytes
==============================================
>Stealth
==============================================
0xB9F0B000 WARNING: suspicious driver modification [atapi.sys::0x89D5639B]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AJEVO10B\ath=home-organizing;path=decorating;path=living-room;path=unexpected-decorating-ideas-00000000016267;dcove=d;pos=1;pgurl=1;tile=6;pu=0;ord=872277029013[1]c
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AJEVO10B\g;path=decorating;path=living-room;path=unexpected-decorating-ideas-00000000016267;dcove=d;cmpos=global;cmtyp=tout;pgurl=1;tile=2;pu=0;ord=872277029013[1]c
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AJEVO10B\g;path=decorating;path=living-room;path=unexpected-decorating-ideas-00000000016267;dcove=d;cmpos=global;cmtyp=tout;pgurl=1;tile=7;pu=0;ord=872277029013[1]c
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GZ5CDSXL\=idgt;u=,idgt-32443640_1293874865,11d64b4f7689f0a,not_english,;;tile=1;sz=728x90;net=idgt;env=ifr;ord1=376739;contx=not_english;dc=w;btg=;ord=123456789[1]c
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GZ5CDSXL\e%3Bkvvchoiceselect%3Dtrue%3B%3B%3Bkvtakeover%3Dtrue;loc=100;noperf=1;target=_blank;cc=2;sub1=367137;sub2=367138;sub3=367141;sub4=367140;misc=392583888[1]c
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RVO1EECU\t=idgt;u=,idgt-9075052_1293874853,11d64b4f7689f0a,not_english,;;tile=1;sz=728x90;net=idgt;env=ifr;ord1=410984;contx=not_english;dc=w;btg=;ord=123456789[1]c
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T2O7XBXE\idgt;u=,idgt-71001205_1293874865,11d64b4f7689f0a,not_english,;;tile=1;sz=300x250;net=idgt;env=ifr;ord1=985069;contx=not_english;dc=w;btg=;ord=123456789[1]=
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T2O7XBXE\_trendreport_landing;sz=300x250;tile=2;kw=072610_Trend_Reports;kw=FiftiesSomething;kw=top;kw=trendreport;kw=trendsshopping;!c=top;ord=9654994987057452;[1]c
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X4YJTS5K\=idgt;u=,idgt-90670244_1293874833,11d64b4f7689f0a,not_english,;;tile=1;sz=300x250;net=idgt;env=ifr;ord1=66741;contx=not_english;dc=w;btg=;ord=123456789[1]c
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X4YJTS5K\ort_landing;sz=728x90;tile=1;dcopt=ist;kw=072610_Trend_Reports;kw=FiftiesSomething;kw=top;kw=trendreport;kw=trendsshopping;!c=top;ord=9654994987057452;[1]c
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
[2704]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2704]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[2704]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[2704]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[2704]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2704]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[2704]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[2704]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[2704]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040111C-->00000000 [shimeng.dll]
[2704]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401060-->00000000 [aclayers.dll]
[2704]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010B8-->00000000 [aclayers.dll]
[2704]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00401078-->00000000 [aclayers.dll]
[2704]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2704]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2704]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2704]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2704]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2704]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2704]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2704]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[2704]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[2704]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[2704]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[2704]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[2704]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[2704]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[2704]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[2704]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2704]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[2704]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[2704]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[2704]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[2704]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[2704]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[2704]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[3052]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3052]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3052]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3052]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3052]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3052]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3052]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[3368]SystemLook.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3368]SystemLook.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[3368]SystemLook.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[3368]SystemLook.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[3368]SystemLook.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3368]SystemLook.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[3368]SystemLook.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[3368]SystemLook.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[3368]SystemLook.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3368]SystemLook.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[3368]SystemLook.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[3368]SystemLook.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[3368]SystemLook.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[3368]SystemLook.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3368]SystemLook.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[3368]SystemLook.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[3368]SystemLook.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[3368]SystemLook.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[3368]SystemLook.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D931484-->00000000 [aclayers.dll]
[3368]SystemLook.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931418-->00000000 [aclayers.dll]
[3368]SystemLook.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D9313EC-->00000000 [aclayers.dll]
[3732]wKWswWK6.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00405004-->00000000 [unknown_code_page]
[3732]wKWswWK6.exe-->kernel32.dll-->GetProcessHeap, Type: IAT modification 0x00405014-->00000000 [unknown_code_page]
[3732]wKWswWK6.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00405008-->00000000 [unknown_code_page]
[3732]wKWswWK6.exe-->kernel32.dll-->WaitForSingleObject, Type: IAT modification 0x00405000-->00000000 [unknown_code_page]
[3732]wKWswWK6.exe-->user32.dll-->GetClassLongA, Type: IAT modification 0x00405020-->00000000 [unknown_code_page]
[3732]wKWswWK6.exe-->user32.dll-->SendMessageA, Type: IAT modification 0x00405028-->00000000 [unknown_code_page]
[3732]wKWswWK6.exe-->user32.dll-->SetTimer, Type: IAT modification 0x00405024-->00000000 [unknown_code_page]
[3732]wKWswWK6.exe-->user32.dll-->wsprintfA, Type: IAT modification 0x0040501C-->00000000 [unknown_code_page]
[524]wKWswWK6.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00405004-->00000000 [unknown_code_page]
[524]wKWswWK6.exe-->kernel32.dll-->GetProcessHeap, Type: IAT modification 0x00405014-->00000000 [unknown_code_page]
[524]wKWswWK6.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00405008-->00000000 [unknown_code_page]
[524]wKWswWK6.exe-->kernel32.dll-->WaitForSingleObject, Type: IAT modification 0x00405000-->00000000 [unknown_code_page]
[524]wKWswWK6.exe-->user32.dll-->GetClassLongA, Type: IAT modification 0x00405020-->00000000 [unknown_code_page]
[524]wKWswWK6.exe-->user32.dll-->SendMessageA, Type: IAT modification 0x00405028-->00000000 [unknown_code_page]
[524]wKWswWK6.exe-->user32.dll-->SetTimer, Type: IAT modification 0x00405024-->00000000 [unknown_code_page]
[524]wKWswWK6.exe-->user32.dll-->wsprintfA, Type: IAT modification 0x0040501C-->00000000 [unknown_code_page]
[592]wKWswWK6.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00405004-->00000000 [unknown_code_page]
[592]wKWswWK6.exe-->kernel32.dll-->GetProcessHeap, Type: IAT modification 0x00405014-->00000000 [unknown_code_page]
[592]wKWswWK6.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00405008-->00000000 [unknown_code_page]
[592]wKWswWK6.exe-->kernel32.dll-->WaitForSingleObject, Type: IAT modification 0x00405000-->00000000 [unknown_code_page]
[592]wKWswWK6.exe-->user32.dll-->GetClassLongA, Type: IAT modification 0x00405020-->00000000 [unknown_code_page]
[592]wKWswWK6.exe-->user32.dll-->SendMessageA, Type: IAT modification 0x00405028-->00000000 [unknown_code_page]
[592]wKWswWK6.exe-->user32.dll-->SetTimer, Type: IAT modification 0x00405024-->00000000 [unknown_code_page]
[592]wKWswWK6.exe-->user32.dll-->wsprintfA, Type: IAT modification 0x0040501C-->00000000 [unknown_code_page]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
Jack&Jill
2011-01-02, 13:50
Hello bob200 :),
Please download ComboFix from one of the links below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/sUBs/ComboFix.exe)
Do not mouse click on ComboFix while it is running. That may cause it to stall. ComboFix is a powerful tool and must not be used without supervision.
Install Recovery Console and run ComboFix
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click on ComboFix.exe and follow the prompts.
As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will be asked to install it if it is not present in your computer. Click Yes to proceed.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, click on Yes to continue scanning for malware.
When finished, a log will be produced as C:\ComboFix.txt. Please post this log in your next reply.
If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
Enable back your security softwares as soon as you completed the ComboFix steps.
A detailed step by step tutorial to run ComboFix can be found here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) if you need help.
--------------------
Please post back:
1. the ComboFix log
running combofix.
As soon as I started it, a System Restore window poped up saying that my computer was successfully restored to dec 28th. I haven't done any restores today, though I tried one yestarday.
Wasn't sure if automatically doing a system restore was something combo fix does before it starts. (I still haven't accepted the disclaimer.)
Gonna start combofix, will post log when its done.
Combofix installed the recovery console. Then it started its scan. Durring the scan a promp appeared saying something about rootkit activity and that combofix needed to restart my computer. I clicked ok. The computer restarted (slowly) but nothing happened after. Just a blank desktop again. I don't see a combofix.txt log anywhere.
My IE isn't connecting atm. Not sure if its related.
Should I run combofix again?
Message sent via my BlackBerry
While I was typing the above message on my phone, the computer BSoD. Under technical information it had the ***stop: 0x00007f etc. But nothinv else.
Computer restarting
back on the infected machine, but had to go into safe mode + networking to get to an internet page. the Networking tab of task manager shows my Local Area Connect had 100Mbps and was operations, but couldn't connect to any website.
not sure what to do next.
side note: coming to the forums here from safer-networking.org, I got a popup for a free walmart gift card. first time I've seen a popup like that while navigating the safer-networking site.
Jack&Jill
2011-01-02, 15:23
Hello bob200 :),
Is there a log, C:\ComboFix.txt?
I don't see a combofix.txt anywhere. not in c:\, c:\combofix, or on the desktop.
After combofix asked me to restart, the computer restarted but combofix never came back up.
still having connection issues in normal mode as well, im in safe mode.
Jack&Jill
2011-01-02, 15:36
Hello bob200 :),
Please run ComboFix again and post back the log.
I restarted back in normal mode.
Ran combofix. The loading bar finished, then dissapeared. Nothing happened. The combofix interface never poped up. The disclaimer never poped up. Waited 10 minutes, still nothing.
Tried to run it again. A popup said that I appear to have a corrupted download of combofix, and instructed me to download a new one.
Restarted in safe mode, went to your link again and downloaded combofix again.
Restarted back in normal mode. Ran combo fix. Loading bar finished, then dissapeared. Then nothing again. Waited anothe 10 minutes. Nothing. Tried combofix again, same "Corrupted file" message telling me I need to download a new copy of combo fix.
Back in safe mode again to post this. Should I run combofix in safe mode?
Jack&Jill
2011-01-02, 16:17
Hello bob200 :),
Please post a new DDS log.
DDS (Ver_10-12-12.02) - NTFSx86
Run by Auser at 2:28:18.39 on Wed 12/29/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1628 [GMT -8:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\DKabcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTDCPL.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\Guardian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\getmac.exe
C:\Documents and Settings\Auser\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.choiceadvantage.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\auser\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTDCPL.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\bam\mabm.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {7451D317-862C-45DA-8C28-1B21ADF95877} - hxxp://208.57.191.182/WebViewS.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {DCBF889B-422B-4AA0-9914-D5045A103758} - hxxp://208.57.191.182/WebRPB.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R2 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
R2 TheGuardianService;TheGuardian;c:\windows\system32\Guardian.exe [2010-11-18 57344]
R3 CmtlPort;Comtrol Serial Port;c:\windows\system32\drivers\rp2cport.sys [2009-11-9 112128]
R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2010-2-23 209960]
R3 RcktPort;Comtrol RocketPort Infinity;c:\windows\system32\drivers\rp2.sys [2009-10-15 33792]
S0 cerc6;cerc6; [x]
S0 sshtrc;sshtrc; [x]
S0 xvrsxcb;xvrsxcb;c:\windows\system32\drivers\uvqhyj.sys --> c:\windows\system32\drivers\uvqhyj.sys [?]
=============== Created Last 30 ================
2010-12-29 09:31:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 09:31:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 09:31:43 -------- d-----w- c:\program files\bam
2010-12-29 09:22:14 -------- d-----w- c:\docume~1\auser\applic~1\Malwarebytes
2010-12-29 09:22:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-29 08:55:16 -------- d-----w- c:\docume~1\auser\applic~1\whitesmoketoolbar
2010-12-29 08:15:20 -------- d-----w- c:\program files\whitesmoketoolbar
2010-12-29 08:14:51 -------- d-----w- c:\windows\system32\%APPDATA%
2010-12-29 03:47:12 30000 ----a-w- c:\windows\system32\scyiks.dll
2010-12-29 03:47:12 30000 ----a-w- c:\windows\system32\mh8v69.dll
2010-12-29 03:46:49 -------- d-----w- c:\docume~1\auser\locals~1\applic~1\SanctionedMedia
2010-12-29 03:46:28 -------- d-----w- c:\docume~1\auser\applic~1\906E878B6DFFA6D3AC6CA83AC93BDF64
2010-12-21 12:47:55 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-12-21 12:47:55 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-12-21 12:47:54 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-12-21 12:47:54 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-21 12:47:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-12-21 12:47:47 -------- d-----w- c:\windows\Logs
2010-12-08 09:29:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-08 09:29:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-07 08:43:05 -------- d-----w- c:\program files\GRETECH
2010-12-06 08:06:19 -------- d-----w- c:\windows\system32\appmgmt
2010-12-05 08:06:01 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2010-12-05 07:46:23 -------- d--h--w- c:\windows\system32\1039
2010-12-04 07:26:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-17 21:01:46 344064 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD161GJ rev.1AC01122 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89D64555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d6a7b0]; MOV EAX, [0x89d6a82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89D79AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89E1EC20]
\Driver\atapi[0x89E14030] -> IRP_MJ_CREATE -> 0x89D64555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_HD161GJ_________________________1AC01122#5&125555f1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x89D6439B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
============= FINISH: 2:29:13.70 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/23/2010 10:05:48 AM
System Uptime: 12/29/2010 2:24:27 AM (0 hours ago)
Motherboard: Dell Inc. | | 0HN7XN
Processor: Intel Pentium III Xeon processor | CPU | 2693/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 116.057 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 12/28/2010 7:57:36 PM - System Checkpoint
==== Installed Programs ======================
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Broadcom NetXtreme-I Netlink Driver and Management Installer
Comtrol Corporation
Dell Printer Software Uninstall
ERUNT 1.1j
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard for Students and Teachers
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
==== Event Viewer Messages From Past Week ========
12/29/2010 12:59:53 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/29/2010 12:59:53 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2010 12:59:53 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2010 12:59:53 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2010 12:59:53 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2010 12:59:37 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/29/2010 12:59:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/29/2010 12:59:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/29/2010 1:38:05 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/29/2010 1:08:44 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
12/29/2010 1:00:04 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/28/2010 8:12:31 PM, error: Service Control Manager [7022] - The Server service hung on starting.
12/28/2010 8:12:31 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
12/28/2010 7:47:45 PM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: A device attached to the system is not functioning.
12/27/2010 1:21:53 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer CA596-2 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{352F1033-F0A0-485B-9. The master browser is stopping or an election is being forced.
==== End Of File ===========================
Jack&Jill
2011-01-02, 16:41
Hello bob200 :),
The logs are the same as the previous. Maybe I did not word the instructions properly.
Please rerun DDS and post back a new DDS.txt.
Sorry about that. I did a new DDS scan but I must have copy-pasted the old log.
Im still switching back from normal mode to run the program and safe mode to post it.
DDS (Ver_10-12-12.02) - NTFSx86
Run by Auser at 6:47:00.29 on Sun 01/02/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1671 [GMT -8:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
svchost.exe
C:\WINDOWS\system32\DKabcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Guardian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\getmac.exe
C:\Documents and Settings\Auser\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.choiceadvantage.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\auser\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [modset70700update.exe] c:\documents and settings\auser\application data\906e878b6dffa6d3ac6ca83ac93bdf64\modset70700update.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTDCPL.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\wee.exe" /runcleanupscript
mRun: [combofix] "c:\combofix\cf30113.cfxxe" /c "c:\combofix\C.bat"
mRunOnce: [combofix] "c:\combofix\cf30113.cfxxe" /c "c:\combofix\C.bat"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {7451D317-862C-45DA-8C28-1B21ADF95877} - hxxp://208.57.191.182/WebViewS.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {DCBF889B-422B-4AA0-9914-D5045A103758} - hxxp://208.57.191.182/WebRPB.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R2 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
R2 TheGuardianService;TheGuardian;c:\windows\system32\Guardian.exe [2010-11-18 57344]
R3 CmtlPort;Comtrol Serial Port;c:\windows\system32\drivers\rp2cport.sys [2009-11-9 112128]
R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2010-2-23 209960]
R3 RcktPort;Comtrol RocketPort Infinity;c:\windows\system32\drivers\rp2.sys [2009-10-15 33792]
S0 cerc6;cerc6; [x]
S0 cjglq;cjglq;c:\windows\system32\drivers\vwkaailq.sys --> c:\windows\system32\drivers\vwkaailq.sys [?]
S0 sshtrc;sshtrc; [x]
=============== Created Last 30 ================
2011-01-02 12:37:35 17664 ----a-w- c:\windows\system32\drivers\sermouse.sys
2011-01-02 12:15:22 -------- d-sha-r- C:\cmdcons
2011-01-02 12:13:34 98816 ----a-w- c:\windows\sed.exe
2011-01-02 12:13:34 89088 ----a-w- c:\windows\MBR.exe
2011-01-02 12:13:34 256512 ----a-w- c:\windows\PEV.exe
2011-01-02 12:13:34 161792 ----a-w- c:\windows\SWREG.exe
2011-01-02 12:13:16 -------- d-s---w- C:\ComboFix
2011-01-02 08:20:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-02 08:20:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-02 08:20:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-01 07:45:04 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-01-01 07:45:01 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-01-01 07:45:01 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-01-01 07:43:57 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2011-01-01 07:42:57 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-01-01 07:41:57 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-01-01 07:40:58 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-01-01 07:39:56 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2011-01-01 07:38:56 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2011-01-01 07:37:57 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-01-01 07:36:58 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2011-01-01 07:35:58 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2011-01-01 07:34:59 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2011-01-01 07:33:58 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-01-01 07:32:58 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2011-01-01 07:31:57 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2011-01-01 07:30:46 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2011-01-01 07:29:59 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2011-01-01 07:28:59 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2011-01-01 07:27:57 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2011-01-01 07:26:59 114944 -c--a-w- c:\windows\system32\dllcache\epstw2k.sys
2011-01-01 07:25:59 131156 -c--a-w- c:\windows\system32\dllcache\digidbp.dll
2011-01-01 07:24:59 27164 -c--a-w- c:\windows\system32\dllcache\ce3n5.sys
2011-01-01 07:23:59 36463 -c--a-w- c:\windows\system32\dllcache\ati1tuxx.sys
2010-12-31 07:50:53 81410 ----a-w- c:\docume~1\alluse~1\applic~1\wKWswWK6.exe
2010-12-30 09:07:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-30 09:07:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-30 09:07:39 -------- d-----w- c:\docume~1\auser\applic~1\906E878B6DFFA6D3AC6CA83AC93BDF64
2010-12-29 12:55:18 -------- d-----w- c:\windows\pss
2010-12-29 11:13:20 -------- d-----w- c:\docume~1\auser\applic~1\SUPERAntiSpyware.com
2010-12-29 11:02:20 -------- d-----w- c:\program files\SUPERAntiSpyware(2)
2010-12-29 09:31:43 -------- d-----w- c:\program files\bam
2010-12-29 09:22:14 -------- d-----w- c:\docume~1\auser\applic~1\Malwarebytes
2010-12-29 09:22:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-29 08:55:16 -------- d-----w- c:\docume~1\auser\applic~1\whitesmoketoolbar(2)
2010-12-29 08:15:20 -------- d-----w- c:\program files\whitesmoketoolbar(2)
2010-12-29 08:14:51 -------- d-----w- c:\windows\system32\%APPDATA%
2010-12-29 03:47:28 21284 ---h--w- c:\windows\winamp.exe
2010-12-29 03:47:26 21284 ---h--w- c:\windows\hexdump.exe
2010-12-29 03:47:21 21284 ---h--w- c:\windows\spoolsv.exe
2010-12-29 03:47:20 21284 ---h--w- c:\windows\taskmgr.exe
2010-12-29 03:47:12 30000 ----a-w- c:\windows\system32\mh8v69.dll
2010-12-29 03:46:49 -------- d-----w- c:\docume~1\auser\locals~1\applic~1\SanctionedMedia
2010-12-21 12:47:55 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-12-21 12:47:55 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-12-21 12:47:54 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-12-21 12:47:54 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-21 12:47:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-12-21 12:47:47 -------- d-----w- c:\windows\Logs
2010-12-08 09:29:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-08 09:29:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-07 08:43:05 -------- d-----w- c:\program files\GRETECH
2010-12-06 08:06:19 -------- d-----w- c:\windows\system32\appmgmt
2010-12-05 08:06:01 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2010-12-05 07:46:23 -------- d--h--w- c:\windows\system32\1039
2010-12-04 07:26:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-17 21:01:46 344064 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD161GJ rev.1AC01122 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89D89555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d8f7b0]; MOV EAX, [0x89d8f82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89E14AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89D9E030]
\Driver\atapi[0x89E09F38] -> IRP_MJ_CREATE -> 0x89D89555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_HD161GJ_________________________1AC01122#5&125555f1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x89D8939B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
============= FINISH: 6:48:19.95 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/23/2010 10:05:48 AM
System Uptime: 1/2/2011 6:45:35 AM (0 hours ago)
Motherboard: Dell Inc. | | 0HN7XN
Processor: Intel Pentium III Xeon processor | CPU | 2693/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 114.915 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 12/28/2010 7:57:36 PM - System Checkpoint
RP2: 12/29/2010 3:19:02 PM - Restore Operation
RP3: 12/30/2010 1:07:08 AM - Restore Operation
RP4: 1/2/2011 4:13:52 AM - ComboFix created restore point
==== Installed Programs ======================
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Broadcom NetXtreme-I Netlink Driver and Management Installer
Comtrol Corporation
Dell Printer Software Uninstall
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard for Students and Teachers
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
==== Event Viewer Messages From Past Week ========
12/31/2010 11:45:05 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
12/31/2010 11:44:19 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\winzm.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:44:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\winsp.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:44:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\winpy.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:44:17 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\winime.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:44:16 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wingb.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:44:16 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\winar30.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:44:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\weitekp9.sys could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:44:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\weitekp9.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:53 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\wamreg.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:52 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\wamps.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:52 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\wam.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:38 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\w3svc.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:37 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\w3svapi.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:37 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\w3ctrs.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:37 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\w3ext.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:36 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\w32.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:29 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\applets\voicesub.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:43:29 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\applets\voicepad.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:42:45 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\uniime.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:42:44 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\unicdime.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:42:11 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\uihelper.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:42:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\tsprof.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:41:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\tools.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:41:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\ime\tintlgnt\tmigrate.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:41:22 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\tintlgnt.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:41:21 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\thawbrkr.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:40:24 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\svcext.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:40:12 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\status.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:40:11 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\sspifilt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:40:10 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\ssinc.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:40:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\srusbusd.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:37 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\applets\softkey.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:33 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\snprfdll.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:33 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\snmptrap.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:32 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmpthrd.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:32 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmpstup.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:31 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmpsmir.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:31 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmpincl.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:31 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\snmpmib.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:30 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmpcl.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:30 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\snmp.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:29 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\smtpctrs.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:29 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\smtpsvc.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:28 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\smtpapi.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:27 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmp\smimsgif.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:24 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmp\smierrsy.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:24 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmp\smierrsm.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:21 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wbem\snmp\smi2smir.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:09 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\smb6w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sma3w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:00 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm9aw.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:39:00 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm93w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:59 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm92w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:56 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm90w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm8dw.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm8cw.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm8aw.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm89w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:53 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm87w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:53 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm81w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:53 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\sm59w.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:38:20 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\simptcp.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:37:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\seos.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:37:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\seo.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:37:47 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\scripto.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\rwnh.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:49 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\rwia330.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:49 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\rwia001.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:47 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\rw330ext.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:47 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\rw001ext.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:34 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\rpcref.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:33 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\romanime.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:25 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\regtrace.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:25 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\register.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\ramdisk.sys could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:08 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\quser.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\quick.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:36:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\query.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:52 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\pwsdata.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:28 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\pmxviceo.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:28 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\pmxmcro.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:27 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\pmxgl.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:27 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\ime\pintlgnt\pmigrate.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:27 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\ime\pintlgnt\pintlphr.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\pintlgnt.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:26 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\chsime\applets\pintlcsd.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:26 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\chsime\applets\pintlcsa.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:22 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\phon.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:35:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\permchk.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:34:44 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\pagecnt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:34:43 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\shared\res\padrs804.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:34:43 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\shared\res\padrs412.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:34:43 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\shared\res\padrs411.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:34:42 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\shared\res\padrs404.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:33:51 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\ntfsdrv.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:33:45 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\nsepm.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:33:36 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\nextlink.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:50 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\applets\multibox.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:46 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\mtstocom.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:32 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\msiregmv.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:31 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\msir3jp.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\com\migregdb.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:06 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\migisol.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\mga.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:32:00 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\metadata.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\mdsync.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:52 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\md5filt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:49 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\mailmsg.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:29 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\lprmon.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:28 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\lpdsvc.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\lonsint.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:25 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\logscrpt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\lmmib2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:06 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\korwbrkr.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdurdu.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdth3.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:02 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdth2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:02 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdth1.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:02 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdth0.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdsyr2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:31:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdsyr1.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:59 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdlk41j.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:59 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdlk41a.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:58 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdintel.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:58 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdintam.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:58 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdinpun.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:58 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdinmar.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:57 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdinkan.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:57 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdinhin.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:57 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdinguj.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:56 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdindev.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:56 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdibm02.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdheb.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdfa.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbddiv2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbddiv1.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:52 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbdax2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:52 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbda3.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:51 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbda2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:51 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbda1.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:51 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbd106n.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:50 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\kbd101.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:50 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\jupiw.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:49 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iwrps.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:48 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iscomlog.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:48 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\isapips.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:39 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\iprip.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:27 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\infoctrs.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\infocomm.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\inetinfo.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:25 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\applets\imskf.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:24 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\shared\imlang.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:24 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\applets\imskdic.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:23 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\imjputyc.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:22 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\imjpdct.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:21 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\imjpcus.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:21 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\imjpcic.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:20 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\imjp81k.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:20 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\imjp81.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:20 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\shared\imepadsm.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:19 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\imekr61.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:19 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imkr6_1\imekrcic.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:19 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imkr6_1\applets\imekrmbx.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iissync.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\iismui.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:17 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iislog.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:17 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iisfecnv.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:17 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iiscrmap.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:17 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iisclex4.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:16 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iischema.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:30:16 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iisadmin.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:29:39 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imkr6_1\applets\hwxkor.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:29:37 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\applets\hwxjpn.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:29:34 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\chtime\applets\hwxcht.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:29:32 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\httpodbc.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:29:31 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\httpmib.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:29:31 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\httpext.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:30 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\hostmib.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:21 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\imkr6_1\dicts\hanjadic.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:20 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\gzip.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:06 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsxp32.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxswzrd.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsui.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxstiff.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxst30.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxssvc.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsst.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxssend.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsroute.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsres.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsperf.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:02 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsmon.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:02 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsext32.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:02 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsevent.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsdrv.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxscover.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxscomex.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxscom.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:00 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsclntr.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:00 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsclnt.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:28:00 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxscfgwz.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:59 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fxsapi.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\ftpsvc2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\ftpmib.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:54 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\ftpctrs2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:53 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\ftlx041e.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:45 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\flattemp.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:38 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\fcachdll.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:34 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\f3ahvoas.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:31 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\exstrace.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:30 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\explorer.exe has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.0.1.
12/31/2010 11:27:30 PM, information: Windows File Protection [64004] - The protected system file c:\windows\explorer.exe could not be restored to its original, valid version. The file version of the bad file is 0.0.0.1 The specific error code is 0x800b0100 [No signature was present in the subject. ].
12/31/2010 11:27:27 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\evntwin.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\evntcmd.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\evntagnt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:25 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\esunid.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:22 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\esuimgd.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:27:20 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\esucmd.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:26:35 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\edb500.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:44 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\davcdata.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:44 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\dayi.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:21 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\cprofile.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\counters.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\convlog.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:17 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\controt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:16 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\compfilt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:08 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\cintlgnt.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\ime\cintlgnt\cintime.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:06 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\chtime\applets\chtskf.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:06 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\chtime\applets\chtskdic.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\chtbrkr.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\chsbrkr.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:05 PM, information: Windows File Protection [64021] - The system file c:\windows\ime\chtime\applets\chtmbx.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\chgusr.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\chgport.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:03 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\chglogon.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:02 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\change.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:25:01 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\chajei.ime could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:24:49 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\c_iscii.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:24:48 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\c_is2022.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:24:48 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\c_g18030.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:24:33 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\browscap.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:24:19 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\authfilt.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\asptxn.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\asp.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:55 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\aspperf.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:53 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\aqueue.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:53 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\aqadmin.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:52 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\appconf.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:48 PM, information: Windows File Protection [64021] - The system file c:\windows\msagent\intl\agt0804.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:47 PM, information: Windows File Protection [64021] - The system file c:\windows\msagent\intl\agt0412.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:47 PM, information: Windows File Protection [64021] - The system file c:\windows\msagent\intl\agt0411.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:46 PM, information: Windows File Protection [64021] - The system file c:\windows\msagent\intl\agt040d.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:46 PM, information: Windows File Protection [64021] - The system file c:\windows\msagent\intl\agt0404.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:46 PM, information: Windows File Protection [64021] - The system file c:\windows\msagent\intl\agt0401.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:39 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\adrot.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:39 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\adsiisex.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:38 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\admxprox.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:37 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\admexs.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:23 PM, information: Windows File Protection [64004] - The protected system file c:\windows\system32\winlogon.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.5512 The specific error code is 0x800b0100 [No signature was present in the subject. ].
12/31/2010 11:23:22 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wamregps.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:22 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\winlogon.exe has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/31/2010 11:23:21 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\bin\1033\tcptsat.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:20 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\staxmem.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:20 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\smtpsnap.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:19 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\smtpadm.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:08 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\logui.ocx could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\infoadmn.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\isatq.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:06 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\inetmgr.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:06 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\inetmgr.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:06 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iisui.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:06 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsloc.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iisrstas.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\iisrtl.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:05 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\iisrstap.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\iisreset.exe could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\iismap.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\iisext.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:04 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\ftpsapi2.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:23:03 PM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\bin\1033\fpmmcsat.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:22:59 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\coadmin.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:22:59 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\cnfgprts.ocx could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:22:58 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certwiz.ocx could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:22:58 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:22:56 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\adsiis.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/31/2010 11:22:56 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\admwprox.dll could not be copied into the DLL cache. The specific error code is 0x800b0100 [No signature was present in the subject. ]. This file is necessary to maintain system stability.
12/30/2010 12:50:17 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/30/2010 12:18:51 AM, information: Windows File Protection [64004] - The protected system file explorer.exe could not be restored to its original, valid version. The file version of the bad file is 0.0.0.1 The specific error code is 0x00000426 [The service has not been started. ].
12/29/2010 8:26:09 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
12/29/2010 6:59:37 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
12/29/2010 5:36:16 PM, error: Service Control Manager [7034] - The TheGuardian service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 5:36:16 PM, error: Service Control Manager [7034] - The dkab_device service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 4:44:58 AM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Auser.
12/29/2010 4:44:57 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\coadmin.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:56 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\cnfgprts.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:55 AM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\bin\cfgwiz.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:53 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certwiz.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:51 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:50 AM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_aut\author.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:48 AM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_aut\author.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:46 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\adsiis.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:45 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\admwprox.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:43 AM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\_vti_bin\_vti_adm\admin.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:39 AM, information: Windows File Protection [64021] - The system file c:\program files\common files\microsoft shared\web server extensions\40\isapi\_vti_adm\admin.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
12/29/2010 4:44:14 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
12/29/2010 4:24:26 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
12/29/2010 3:46:23 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL
12/29/2010 3:45:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/29/2010 3:12:33 AM, error: Service Control Manager [7022] - The Server service hung on starting.
12/29/2010 3:12:33 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
12/29/2010 2:34:44 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
12/29/2010 12:59:53 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/29/2010 12:59:53 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2010 12:59:53 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2010 12:59:53 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2010 12:59:53 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2010 12:59:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/29/2010 1:38:05 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/29/2010 1:04:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/29/2010 1:00:04 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/28/2010 7:47:45 PM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: A device attached to the system is not functioning.
12/27/2010 1:21:53 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer CA596-2 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{352F1033-F0A0-485B-9. The master browser is stopping or an election is being forced.
==== End Of File ===========================
I'm going to be leaving in a few minutes, going out of town for a couple days. I won't be back at this computer probably until tuesday night PST.
Thank you so much for the help so far, I hope this thread won't be closed. You can leave further instructions for me here and I'll get back as soon as possible or if you'd prefer I can post here when I'm back at the computer.
Jack&Jill
2011-01-04, 02:08
Hello bob200 :),
I'm going to be leaving in a few minutes, going out of town for a couple days. I won't be back at this computer probably until tuesday night PST. Thanks for informing. No rush.
The Windows restore must have reactivated all the infections.
Please delete the copy of ComboFix that you have and download a fresh copy. Then run it and post back the log.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/sUBs/ComboFix.exe)
--------------------
I want you to update MBAM and run a scan.
Open MBAM and click on the Update tab, then Check for Updates.
When completed, go to back to the Scanner tab and select Perform full scan. Click Scan.
Leave the default options as it is and click on Start Scan.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
When done, you will be prompted. Click OK, then click on Show Results.
Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.
--------------------
Please post back:
1. the ComboFix log
2. MBAM report
I'm back. Thank you so much for your patience.
Going to try downloading a new combofix and mbam again. I had deleted and re-downloaded combofix a couple times already and they hadn't worked. If it still doesn't work, can I run it in safe mode?
Since I still only have website access in safe mode, could you specify if programs you want me to use can be used in safe mode or normal mode only? Thank you.
trying combo/mbam now...
Combofix gave me the same problem.
I deleted the old combofix.exe off the desktop and the combofix folder from c:\, then downloaded a new one from your link.
Then restarted in normal mode. Started combofix. The loading bar poped up, and filled up, then dissapeared and nothing happened.
Several minutes later of nothing happening, I tried to start combofix again, and it gave me the error messaging saying my copy of combofix was corrupt.
So I went on to mbam. I started mbam, and was prompted to update because it was more than 15 days old. I updated (from normal mode), and mbam started fine. I selected Full Scan and started.
The scan started but when it says "Enumerating registry objects prior to scan" it would free up. I left it like that for several minutes but nothing happened. In the task manager it's listed as "Not Responding". I shut it down and tried again. Same problem, it would lock up at "Enumerating registry objects prior to scan".
I tried renaming mbam.exe and that didn't help. I had this issue last week with the update. Which is why I didn't update mbam this time. Last week when I tried scanning with the updated mbam I would get this same problem.
On a side note:
Every time I start up in safe mode, the command prompt flashes on for a fraction of a second, with 1 line of text. I couldn't read what it said because it goes on and off so fast. But after sooo many times starting in safe mode I'm peicing it together.
It says somethign about "explorer.exe blah blah blah blah blah fit in memory."
Not sure what that means.
awaiting further instruction.
The scan started but when it says "Enumerating registry objects prior to scan" it would free up.
it would freeze up.
sorry, typo.
Jack&Jill
2011-01-05, 10:41
Hello bob200 :),
Lets take it one at a time. For ComboFix, please delete the copy you have, download it again and save it as bobCF.exe. Try running it. Please do not delete any other files or folders that I did not ask you to.
If that does not work, move the file to the root of the drive, C:\ and try again.
If both do not yield any result, then do it in Safe Mode. Let me know which step worked for you.
Since I still only have website access in safe mode, could you specify if programs you want me to use can be used in safe mode or normal mode only? Generally, please run the tools in Normal Mode first. If you encounter problems, come back to me with details so that I can evaluate the situation and recommend to you the next best step.
I downloaded and saved it as BobCF.exe
Started the program. Loading bar filled up. The mouse hourglass started up and was blinking on and off for several seconds (more activity than any of the previous attempts). Then an End Program promp came up, which was for "C:\32788R22FWJFW\License\iexplore.exe" , the promp dissapeared right away before I could click on anything.
Then combofix stopped, nothing else happened. Tried starting it again, same Corrupt error message.
Going to try saving it to C:\ now, will post back with results.
side note: "Explorer.exe too big to fit in memory" is the command propt message I get when starting in safe mode, I believe that's what it says.
Downloaded combofix as BobCF.exe and saved it to C:\
Ran program, loading bar started and filled. The hourglass on my mouse started blinking on and off for a few seconds then stopped. Nothing else happened for several minutes. Tried starting it again, same Corrupt message.
Also, since I have to do everything from the Task Manager, I'm noticing processes that I hadn't noticed before. Namely;
wKWswWK6.exe
wKWswWK6.exe
wKWswWK6.exe
pev.exe
Dunno where they came from, just hadn't noticed them before.
Going to try saving Combofix as is, on desktop, and running in safe mode. Will post back with results.
Downloaded Combofix and ran it in safe mode.
Combofix started normally, and the scan started. It prompted me that it found a rootkit TLD3 infection and that it would take some time. I clicked Ok.
Then it said that a rootkit infection had been found and needed to restart. I clicked Ok, and the computer restarted.
After the restart, nothing happened. Combofix didn't start back up, nothing was going on.
There is no Combofix.txt log anywhere that I can find. This was the same result as the first Combofix I tried, with Combofix needing to restart then nothing happening after it boots back up.
Awaiting further instruction.
Jack&Jill
2011-01-05, 12:22
Hello bob200 :),
Is Spybot's Teatimer active when you run ComboFix? It should be disabled during any of our fixes. How long did you wait before you conclude that nothing is happening after running ComboFix?
We need to disable Spybot S&D's Teatimer real-time protection temporarily as it will interfere with the fix. Please minimize going online when your security softwares are disabled or not active.
First step:
Right click the Spybot icon that looks like a blue/white calendar with a padlock symbol in the System Tray (lower right corner where the clock is situated).
For version 1.6, the steps are similar to either one of the below.
If you have version 1.5, click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now unchecked (unticked). The Spybot icon should now be colorless.
If you have Version 1.4, click on Exit Spybot S&D Resident.
Second step, for either version:
Open Spybot S&D.
Click Mode, choose Advanced Mode.
Go to the bottom of the vertical panel on the left, click Tools.
Then, also in left panel, click on Resident that shows a red/white shield.
If your firewall raises a question, say OK.
In the Resident protection status frame, uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active.
OK any prompts.
Exit Spybot S&D and reboot your machine for the changes to take effect.
Remember to enable it after the fix.
--------------------
Please download TDSSKiller© from Kaspersky and save it to your desktop. Click here. (http://support.kaspersky.com/downloads/utils/tdsskiller.exe)
Alternatively, you may get the zip version (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract the file to the desktop.
Double click on TDSSKiller.exe to execute it.
Press Start scan to begin.
If any malicious objects are found, the default action will be Cure. If any suspicious objects are found, the default action will be Skip. In case Cure is not an option, please select Skip only.
Then click on Continue at the lower right corner.
You may be prompted to reboot your computer, please consent.
Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
Please post the contents of this log.
--------------------
Please post back:
1. TDSSKiller log
Downloaded TDSSKiller, restarted in Normal mode.
Ran TDSSKiller.
It found a problem and asked for a reboot. I complied. After the reboot nothing happened, not sure if the program was supposed to start up again or not. It did produce a log though.
2011/01/05 02:29:46.0406 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/05 02:29:46.0406 ================================================================================
2011/01/05 02:29:46.0406 SystemInfo:
2011/01/05 02:29:46.0406
2011/01/05 02:29:46.0406 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/05 02:29:46.0406 Product type: Workstation
2011/01/05 02:29:46.0406 ComputerName: CA596-1
2011/01/05 02:29:46.0406 UserName: Auser
2011/01/05 02:29:46.0406 Windows directory: C:\WINDOWS
2011/01/05 02:29:46.0406 System windows directory: C:\WINDOWS
2011/01/05 02:29:46.0406 Processor architecture: Intel x86
2011/01/05 02:29:46.0406 Number of processors: 2
2011/01/05 02:29:46.0406 Page size: 0x1000
2011/01/05 02:29:46.0406 Boot type: Normal boot
2011/01/05 02:29:46.0406 ================================================================================
2011/01/05 02:29:46.0671 Initialize success
2011/01/05 02:29:53.0125 ================================================================================
2011/01/05 02:29:53.0125 Scan started
2011/01/05 02:29:53.0125 Mode: Manual;
2011/01/05 02:29:53.0125 ================================================================================
2011/01/05 02:29:54.0578 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/05 02:29:54.0609 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/05 02:29:54.0656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/05 02:29:54.0718 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/05 02:29:54.0843 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/05 02:29:54.0890 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/05 02:29:54.0906 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/05 02:29:54.0937 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/05 02:29:54.0968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/05 02:29:54.0984 Blfp (3edae8e7b40257da798c6952edb26eb0) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
2011/01/05 02:29:55.0093 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/05 02:29:55.0109 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/05 02:29:55.0125 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/05 02:29:55.0171 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/05 02:29:55.0250 CmtlPort (3701c1eec3f75dc764a8148e8f35c69f) C:\WINDOWS\system32\DRIVERS\rp2cport.sys
2011/01/05 02:29:55.0328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/05 02:29:55.0375 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/05 02:29:55.0437 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/05 02:29:55.0484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/05 02:29:55.0515 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/05 02:29:55.0546 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/05 02:29:55.0578 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/05 02:29:55.0593 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/05 02:29:55.0625 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/05 02:29:55.0640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/05 02:29:55.0671 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/05 02:29:55.0703 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/05 02:29:55.0750 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/05 02:29:55.0781 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/05 02:29:55.0796 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/05 02:29:55.0828 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/05 02:29:55.0890 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/05 02:29:55.0937 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/01/05 02:29:56.0062 ialm (a01bb8da8d73bca83702a4cf1cd56dce) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/01/05 02:29:56.0265 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/05 02:29:56.0390 IntcAzAudAddService (1660e885a2bac0cdd877aadae2d23479) C:\WINDOWS\system32\drivers\RtDHDAud.sys
2011/01/05 02:29:56.0531 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/05 02:29:56.0578 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/05 02:29:56.0609 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/05 02:29:56.0609 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/05 02:29:56.0640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/05 02:29:56.0671 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/05 02:29:56.0718 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/05 02:29:56.0718 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/05 02:29:56.0765 k57w2k (997190701bd80dd0f4412ed202cc7816) C:\WINDOWS\system32\DRIVERS\k57xp32.sys
2011/01/05 02:29:56.0812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/05 02:29:56.0859 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/05 02:29:56.0906 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/05 02:29:56.0921 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/05 02:29:56.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/05 02:29:57.0015 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/05 02:29:57.0031 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/05 02:29:57.0046 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/05 02:29:57.0078 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/05 02:29:57.0109 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/05 02:29:57.0156 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/05 02:29:57.0203 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/05 02:29:57.0250 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/05 02:29:57.0281 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/05 02:29:57.0281 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/05 02:29:57.0328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/05 02:29:57.0359 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/05 02:29:57.0421 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/05 02:29:57.0453 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/05 02:29:57.0484 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/05 02:29:57.0500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/05 02:29:57.0546 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/05 02:29:57.0578 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/05 02:29:57.0593 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/05 02:29:57.0656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/05 02:29:57.0703 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/05 02:29:57.0734 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/05 02:29:57.0781 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/05 02:29:57.0781 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/05 02:29:57.0812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/05 02:29:57.0890 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/05 02:29:57.0906 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/05 02:29:57.0937 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/05 02:29:57.0984 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/05 02:29:58.0015 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/05 02:29:58.0109 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/05 02:29:58.0125 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/05 02:29:58.0156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/05 02:29:58.0218 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/05 02:29:58.0250 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/05 02:29:58.0250 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/05 02:29:58.0265 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/05 02:29:58.0312 RcktPort (c9abee5fcfbe24205e70bb27de18ebf9) C:\WINDOWS\system32\DRIVERS\rp2.sys
2011/01/05 02:29:58.0343 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/05 02:29:58.0375 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/05 02:29:58.0406 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/05 02:29:58.0437 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/05 02:29:58.0468 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/05 02:29:58.0515 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/05 02:29:58.0546 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/05 02:29:58.0562 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/05 02:29:58.0609 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
2011/01/05 02:29:58.0640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/05 02:29:58.0703 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/05 02:29:58.0718 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/05 02:29:58.0765 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/05 02:29:58.0796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/05 02:29:58.0828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/05 02:29:58.0890 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/05 02:29:58.0953 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/05 02:29:58.0984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/05 02:29:58.0984 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/05 02:29:59.0031 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/05 02:29:59.0093 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/05 02:29:59.0140 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/05 02:29:59.0187 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/05 02:29:59.0234 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/05 02:29:59.0250 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/05 02:29:59.0281 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/05 02:29:59.0328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/05 02:29:59.0359 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/05 02:29:59.0390 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/05 02:29:59.0468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/05 02:29:59.0500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/05 02:29:59.0546 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/01/05 02:29:59.0593 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/05 02:29:59.0656 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/01/05 02:29:59.0703 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/05 02:29:59.0703 ================================================================================
2011/01/05 02:29:59.0703 Scan finished
2011/01/05 02:29:59.0703 ================================================================================
2011/01/05 02:29:59.0718 Detected object count: 1
2011/01/05 02:30:15.0250 \HardDisk0 - will be cured after reboot
2011/01/05 02:30:15.0250 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/05 02:30:20.0656 Deinitialize success
Not sure if I mentioned this earlier or not, but the computer never actually shuts down/restarts properly. Everytime I try and shut down or restart from normal mode, the computer freezes up durring the "Windows is saving your settings" phase and I have to hold down the power button to turn it off.
Not sure if this is causing problems for these programs that require restarts.
Jack&Jill
2011-01-05, 13:44
Hello bob200 :),
Is Spybot's Teatimer active when you run ComboFix? How long did you wait before you conclude that nothing is happening after running ComboFix? Please answer these questions.
Please try ComboFix now as well.
TeaTimer is not active, no.
The first several times I tried running ComboFix, I waited at least 5 minutes without anything happening before trying to run combofix again.
The last couple times today, I did not wait as long, maybe 1-2 minutes after the loading bar dissapeared.
Will try combofix again, and will wait the full 5 minutes again if needed.
Will post results.
Deleted the old copy of combofix.
downloaded a new copy from your link as BobCF.exe to C:\
There was no TeaTimer process running in my task manager. Ran BobCF.exe from normal mode.
ComboFix loading bar appeared, and loaded. Then dissapeared.
Nothing else happened. I waited a full 10 minutes this time without any activity. Tried running Combofix again, and it gave me the corrupted file message.
Should I wait longer? Should I try it in safe mode again?
Awaiting further instruction.
My eyes are bleeding, I need to get some sleep. Thank you for your help today, hopefully we can continue working on it tomorrow.
Jack&Jill
2011-01-06, 07:19
Hello bob200 :),
This is how we are going do it. I need you to rerun DDS and post back the new DDS.txt. After that, please do not shut down the computer or reboot. I will come back to you with the next step as soon as possible. If you can't get online in Normal Mode, you can do all the steps in Safe Mode, including the DDS rerun.
Well, some good news I suppose. My roommate found a windows XP CD and did a repair install of windows while I was out today.
My desktop is back, I'm online in normal mode, things look good.
I'm still concerned about the infections, especially the rootkit infection. So if it's ok, we could procede with rooting that out. Just wanted to let you know that windows was repaired and seems to be functioning in normal mode. Hopefully this will make it easier to fix the infections.
Will post the DDS logs you requested.
DDS (Ver_10-12-12.02) - NTFSx86
Run by Auser at 23:32:47.06 on Wed 01/05/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1497 [GMT -7:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Auser\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTDCPL.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R3 CmtlPort;Comtrol Serial Port;c:\windows\system32\drivers\rp2cport.sys [2009-11-9 112128]
R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2010-2-23 209960]
R3 RcktPort;Comtrol RocketPort Infinity;c:\windows\system32\drivers\rp2.sys [2009-10-15 33792]
S0 cerc6;cerc6; [x]
=============== Created Last 30 ================
2011-01-05 21:33:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-05 21:33:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-01-05 21:10:34 -------- d-sh--w- c:\documents and settings\auser\IECompatCache
2011-01-05 21:10:23 -------- d-sh--w- c:\documents and settings\auser\PrivacIE
2011-01-05 21:08:50 -------- d-sh--w- c:\documents and settings\auser\IETldCache
2011-01-05 20:57:46 -------- d-----w- c:\windows\ie8updates
2011-01-05 20:57:43 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-05 20:57:43 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-05 20:57:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-05 20:57:43 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-05 20:57:43 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-01-05 20:57:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-05 20:57:43 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-01-05 20:56:53 -------- dc-h--w- c:\windows\ie8
2011-01-05 20:45:40 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-05 20:41:00 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-05 20:41:00 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-05 20:41:00 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-05 20:39:16 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-05 20:39:16 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-05 20:31:15 -------- d-----w- c:\docume~1\auser\applic~1\Malwarebytes
2011-01-05 20:31:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-05 20:31:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-05 20:31:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-05 20:31:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-05 20:30:27 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-01-05 20:28:52 -------- d-sh--w- c:\documents and settings\auser\UserData
2011-01-05 20:28:29 -------- d-----w- c:\windows\system32\PreInstall
2011-01-05 20:28:27 -------- d--h--w- c:\windows\$hf_mig$
2011-01-05 20:25:54 -------- d-----w- c:\docume~1\auser\locals~1\applic~1\Help
2011-01-05 20:21:08 -------- d-----w- c:\windows\system32\SoftwareDistribution
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-05 05:05:35 81920 ------w- c:\windows\system32\ieencode.dll
2010-11-03 12:25:54 385024 ------w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
============= FINISH: 23:33:06.64 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/23/2010 11:05:48 AM
System Uptime: 1/5/2011 1:08:28 PM (10 hours ago)
Motherboard: Dell Inc. | | 0HN7XN
Processor: Intel Pentium III Xeon processor | CPU | 2693/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 141.901 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP9: 1/5/2011 1:28:26 PM - Software Distribution Service 3.0
RP10: 1/5/2011 1:38:35 PM - Software Distribution Service 3.0
RP11: 1/5/2011 1:50:47 PM - Software Distribution Service 3.0
RP12: 1/5/2011 2:10:04 PM - Installed Windows XP WgaNotify.
RP13: 1/5/2011 2:13:30 PM - Software Distribution Service 3.0
==== Installed Programs ======================
Adobe Reader 8.1.0
Broadcom NetXtreme-I Netlink Driver and Management Installer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
==== End Of File ===========================
Jack&Jill
2011-01-06, 10:09
Hello bob200 :),
We need to disable Spybot S&D's Teatimer real-time protection temporarily as it will interfere with the fix. Please minimize going online when your security softwares are disabled or not active.
First step:
Right click the Spybot icon that looks like a blue/white calendar with a padlock symbol in the System Tray (lower right corner where the clock is situated).
For version 1.6, the steps are similar to either one of the below.
If you have version 1.5, click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now unchecked (unticked). The Spybot icon should now be colorless.
If you have Version 1.4, click on Exit Spybot S&D Resident.
Second step, for either version:
Open Spybot S&D.
Click Mode, choose Advanced Mode.
Go to the bottom of the vertical panel on the left, click Tools.
Then, also in left panel, click on Resident that shows a red/white shield.
If your firewall raises a question, say OK.
In the Resident protection status frame, uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active.
OK any prompts.
Exit Spybot S&D and reboot your machine for the changes to take effect.
Remember to enable it after the fix.
--------------------
Clear the way
Please download Rkill© by Grinler from one of the links below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/grinler/rkill.exe)
Link 2 (http://download.bleepingcomputer.com/grinler/rkill.com)
Link 3 (http://download.bleepingcomputer.com/grinler/rkill.scr)
Allow the download if prompted by your security software.
Double click on Rkill to run it.
A command window will open, then disappear upon completion. If this does not happen, delete the file and download from the next link to try again until the tool runs.
Do not reboot your computer until asked to do so. If no version of Rkill would run, please let me know.
When finished, Notepad will open with a log called rkill.log.
Please copy and paste the contents of that log in your next reply. It can also be found at C:\.
Please leave Rkill on the desktop until otherwise advised.
--------------------
Delete the old ComboFix and download a fresh copy.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/sUBs/ComboFix.exe)
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use. Do not mouse click on ComboFix while it is running. That may cause it to stall.
Run ComboFix script
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Open Notepad. Copy and paste the following text into it:
File::
c:\windows\system32\scyiks.dll
c:\windows\winamp.exe
c:\windows\hexdump.exe
c:\windows\spoolsv.exe
c:\windows\taskmgr.exe
c:\windows\system32\mh8v69.dll
Folder::
c:\docume~1\auser\applic~1\whitesmoketoolbar
c:\program files\whitesmoketoolbar
c:\docume~1\auser\applic~1\whitesmoketoolbar(2)
c:\program files\whitesmoketoolbar(2)
c:\docume~1\auser\applic~1\906E878B6DFFA6D3AC6CA83AC93BDF64
c:\docume~1\auser\locals~1\applic~1\SanctionedMedia
Driver::
cerc6
DirLook::
c:\windows\system32\%APPDATA%
c:\windows\system32\1039
FileLook::
c:\windows\system32\Guardian.exe
c:\docume~1\alluse~1\applic~1\wKWswWK6.exe
Save it as CFScript.txt at the desktop. Make sure the Save as type: is All Files (*.*).
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix may request an update, please allow it.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, a log will be produced as C:\ComboFix.txt. Copy and paste the contents of the log in your next reply.
If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
Enable back your security softwares as soon as you completed the ComboFix steps.
--------------------
Please post back:
1. the ComboFix log
I deactivated TeaTimer.
Ran rkill and combofix as instructed.
Reactivated TeaTimer after combofix was finished.
Here are the logs:
rkill:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 01/06/2011 at 0:24:58.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
Rkill completed on 01/06/2011 at 0:25:00.
ComboFix:
ComboFix 11-01-05.03 - Auser 01/06/2011 0:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1682 [GMT -7:00]
Running from: c:\documents and settings\Auser\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Auser\Desktop\CFScript.txt
FILE ::
"c:\windows\hexdump.exe"
"c:\windows\spoolsv.exe"
"c:\windows\system32\mh8v69.dll"
"c:\windows\system32\scyiks.dll"
"c:\windows\taskmgr.exe"
"c:\windows\winamp.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_cerc6
((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))
.
2011-01-05 21:33 . 2011-01-05 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-01-05 21:33 . 2011-01-05 21:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-05 21:10 . 2011-01-05 21:10 -------- d-sh--w- c:\documents and settings\Auser\IECompatCache
2011-01-05 21:10 . 2011-01-05 21:10 -------- d-sh--w- c:\documents and settings\Auser\PrivacIE
2011-01-05 21:08 . 2011-01-05 21:08 -------- d-sh--w- c:\documents and settings\Auser\IETldCache
2011-01-05 20:58 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-01-05 20:57 . 2010-11-06 00:26 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-05 20:57 . 2010-11-06 00:26 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-05 20:57 . 2010-11-06 00:26 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-01-05 20:57 . 2010-11-06 00:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-05 20:57 . 2010-11-06 00:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-05 20:57 . 2010-11-06 00:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-05 20:57 . 2010-11-06 00:26 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-01-05 20:56 . 2011-01-05 20:57 -------- dc-h--w- c:\windows\ie8
2011-01-05 20:45 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-05 20:41 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-05 20:41 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-05 20:41 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-05 20:39 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-05 20:39 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-05 20:31 . 2011-01-05 20:31 -------- d-----w- c:\documents and settings\Auser\Application Data\Malwarebytes
2011-01-05 20:31 . 2011-01-05 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-05 20:31 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-05 20:31 . 2011-01-05 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-05 20:31 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-05 20:30 . 2010-08-13 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-01-05 20:28 . 2011-01-05 20:28 -------- d-sh--w- c:\documents and settings\Auser\UserData
2011-01-05 20:28 . 2011-01-05 21:06 -------- d--h--w- c:\windows\$hf_mig$
2011-01-05 20:25 . 2011-01-05 20:25 -------- d-----w- c:\documents and settings\Auser\Local Settings\Application Data\Help
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2010-02-23 18:01 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2008-04-14 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-04-14 07:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2008-04-14 07:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-05 05:05 . 2010-11-05 05:05 81920 ------w- c:\windows\system32\ieencode.dll
2010-11-03 12:25 . 2008-04-14 07:00 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 07:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-04-14 07:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2008-04-14 07:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\%APPDATA% ----
---- Directory of c:\windows\system32\1039 ----
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-28 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-28 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-28 142872]
"RTHDCPL"="RTDCPL.EXE" [2009-08-26 2691072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R3 CmtlPort;Comtrol Serial Port;c:\windows\system32\drivers\rp2cport.sys [11/9/2009 8:19 AM 112128]
R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2/23/2010 12:28 PM 209960]
R3 RcktPort;Comtrol RocketPort Infinity;c:\windows\system32\drivers\rp2.sys [10/15/2009 12:43 PM 33792]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 00:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3224)
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdo.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-01-06 00:31:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-06 07:31
Pre-Run: 152,308,527,104 bytes free
Post-Run: 152,326,246,400 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - A29744A65D6409645D0C57BFC6297294
Jack&Jill
2011-01-06, 11:25
Hello bob200 :),
Looks like the repair install really helped. Lets do a few more scans to see if you are really clean.
I want you to update MBAM and run a scan.
Open MBAM and click on the Update tab, then Check for Updates.
When completed, go to back to the Scanner tab and select Perform full scan. Click Scan.
Leave the default options as it is and click on Start Scan.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
When done, you will be prompted. Click OK, then click on Show Results.
Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.
--------------------
Rerun Rootkit Unhooker
Double click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Ensure the following are checked (ticked):
Drivers
Stealth Code
Files
Code Hooks
Uncheck the rest, then click OK. An initial scan will be performed.
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
Save the report somewhere you can find it. Click Close to exit.
Copy the entire contents of the report and paste it in your next reply.
You may get a warning about parasite detection. Please click OK to continue.
--------------------
Please post back:
1. MBAM report
2. Rootkit Unhooker log
I didn't turn off TeaTimer before doing these scans, not sure if I was supposed to or not.
MBAM
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5468
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/6/2011 1:52:43 AM
mbam-log-2011-01-06 (01-52-43).txt
Scan type: Full scan (C:\|)
Objects scanned: 144809
Time elapsed: 4 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
___________________
RKU
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB971D000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6320128 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA84CA000 C:\WINDOWS\system32\drivers\RtDHDAud.sys 6070272 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF322000 C:\WINDOWS\System32\igxpdx32.DLL 3518464 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xBF05E000 C:\WINDOWS\System32\igxpdv32.DLL 2899968 bytes (Intel Corporation, Component GHAL Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9E35000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB9D24000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xA81F7000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB955C000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA832A000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA799E000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA77CD000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 237568 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB9695000 C:\WINDOWS\system32\DRIVERS\k57xp32.sys 217088 bytes (Broadcom Corporation, Broadcom NetLink (TM) Gigabit Ethernet NDIS5.1 Driver.)
0xB95E2000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA7A6D000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9E08000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA6C85000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA828F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB96CA000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA8302000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA82DC000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA84A6000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9671000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB963A000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA82BA000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EEB000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9515000 C:\WINDOWS\system32\DRIVERS\rp2cport.sys 126976 bytes (Comtrol Corporation, Serial Port Device Driver)
0xB9DEE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA81DF000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9623000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA7E5A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB965D000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB96F2000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA8383000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9612000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA2B8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA248000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA7FAF000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA218000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA188000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA178000 C:\WINDOWS\system32\DRIVERS\rp2.sys 49152 bytes (Comtrol Corporation, Multiport Serial Device Driver)
0xBA298000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA228000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA208000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA168000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA278000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA7AF2000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA390000 C:\ComboFix\catchme.sys 32768 bytes
0xBA400000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA398000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA3F0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3F8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA410000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA8402000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA56C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB9554000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA54C000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA83FA000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9DAD000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA83FE000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA554000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9550000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA544000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA5C2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5C8000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5C0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5C4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5E2000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA5DE000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xBA5C6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5B6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5BA000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA743000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA70A000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6D1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Qoobox\BackEnv\AppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cache.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cookies.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Desktop.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Favorites.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\History.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalAppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalSettings.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Music.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\NetHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Personal.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Pictures.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\PrintHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Programs.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Recent.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SendTo.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SetPath.bat
!-->[Hidden] C:\Qoobox\BackEnv\StartMenu.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\StartUp.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SysPath.dat
!-->[Hidden] C:\Qoobox\BackEnv\Templates.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\VikPev00
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
[2836]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2836]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[2836]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[2836]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[2836]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2836]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[2836]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[2836]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[2836]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[2836]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[2836]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[2836]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[2836]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[2836]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[2836]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[2836]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2836]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[2836]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[2836]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[2836]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[2836]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[2836]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[2836]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[2836]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[2836]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[2836]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2836]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[2836]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[2836]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[2836]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[2836]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[2836]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[2836]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[2836]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[2836]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [aclayers.dll]
[2836]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [aclayers.dll]
[2836]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [aclayers.dll]
[2836]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[2836]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[2876]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2876]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[2876]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[2876]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[2876]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2876]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[2876]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[2876]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[2876]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[2876]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[2876]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[2876]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[2876]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[2876]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[2876]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[2876]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2876]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[2876]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[2876]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[2876]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[2876]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[2876]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[2876]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[2876]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[2876]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[2876]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[2876]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2876]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[2876]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[2876]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[2876]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[2876]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[2876]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[2876]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[2876]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[2876]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
[2876]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[2876]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [aclayers.dll]
[2876]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [aclayers.dll]
[2876]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [aclayers.dll]
[2876]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[2876]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[3224]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3224]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3224]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[3224]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3224]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3224]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[3224]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
Jack&Jill
2011-01-06, 16:02
Hello bob200 :),
I didn't turn off TeaTimer before doing these scans, not sure if I was supposed to or not. You should turn it off. Sorry for not being clear about it. In fact, please keep it so until we are done. Since the computer is running better now, we should get you an Antivirus (AV) program.
I do not see any Antivirus (AV) installed on your machine. AV is a very critical part of your system to keep the it safe and clean. Without it, a computer can easily get infected. Please download and install an AV from one of the links below:
Avast (http://www.avast.com/eng/download-avast-home.html)
Avira (http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=11012914)
Microsoft Security Essentials (http://www.microsoft.com/security_essentials/)
You should only select one of these three, and keep only one installed.
--------------------
Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
Click here (http://www.eset.com/onlinescan/) to go to ESET Online Scanner page.
Click on ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats and then check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click on Scan to proceed.
When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
Post the contents in your reply.
If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.
--------------------
Please post back:
1. the ESET online scan result
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=8ecd5cb115484c4eba6ffa52b4f2302e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-06 01:18:39
# local_time=2011-01-06 06:18:39 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=28071
# found=0
# cleaned=0
# scan_time=429
I gotta run for a bit, I'll be back on later.
I downloaded Microsoft Security Essentials, going to install that before I log off.
Jack&Jill
2011-01-06, 17:38
Hello bob200 :),
Everything is looking good. Are there any more problems?
After you installed Microsoft Security Essentials, update it and run a scan.
Please run DDS and post back a new log.
Everything looks good so far. Just ran a MSE scan, didn't find anything.
Will post DDS logs
DDS (Ver_10-12-12.02) - NTFSx86
Run by Auser at 23:36:06.75 on Thu 01/06/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.920 [GMT -7:00]
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\Printer Software\ErrorApp\DKab1err.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
svchost.exe
C:\WINDOWS\system32\DKabcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Controller.exe
C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Customer.exe
C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Controller.exe
C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Customer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\Guardian.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Auser\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DKab1err] c:\program files\dell\printer software\errorapp\DKab1err.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTDCPL.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\auser\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
R2 TheGuardianService;TheGuardian;c:\windows\system32\Guardian.exe [2011-1-6 57344]
R3 CmtlPort;Comtrol Serial Port;c:\windows\system32\drivers\rp2cport.sys [2009-11-9 112128]
R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2010-2-23 209960]
R3 RcktPort;Comtrol RocketPort Infinity;c:\windows\system32\drivers\rp2.sys [2009-10-15 33792]
=============== Created Last 30 ================
2011-01-07 06:17:16 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-01-07 06:17:11 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{8eab2cdf-8393-4d70-b669-d20942f4c97f}\mpengine.dll
2011-01-07 00:14:21 57344 ----a-w- c:\windows\system32\Guardian.exe
2011-01-07 00:14:21 31744 ----a-w- c:\windows\system32\grant.exe
2011-01-07 00:14:21 13856 ----a-w- c:\windows\system32\gbmail.exe
2011-01-07 00:14:10 -------- d-----w- C:\JEDI
2011-01-07 00:14:00 28432 ----a-w- c:\windows\system32\sleep.exe
2011-01-07 00:09:16 2401836 ----a-w- c:\temp\JEDI2.6.20.EXE
2011-01-06 18:39:53 28672 ----a-w- c:\temp\AutoPrint.exe
2011-01-06 18:34:23 17424760 ----a-w- c:\temp\R202136.exe
2011-01-06 18:14:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\CA-SupportBridge
2011-01-06 16:13:16 -------- d-----w- c:\docume~1\auser\applic~1\OpenOffice.org
2011-01-06 16:12:12 -------- d-----w- c:\program files\JRE
2011-01-06 16:12:07 -------- d-----w- c:\program files\OpenOffice.org 3
2011-01-06 16:11:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-06 16:11:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-06 15:27:17 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-06 15:27:17 215920 ----a-w- c:\windows\system32\muweb.dll
2011-01-06 15:27:17 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-01-06 13:49:47 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-06 13:42:44 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-06 07:27:35 -------- d-sha-r- C:\cmdcons
2011-01-06 07:26:34 98816 ----a-w- c:\windows\sed.exe
2011-01-06 07:26:34 89088 ----a-w- c:\windows\MBR.exe
2011-01-06 07:26:34 256512 ----a-w- c:\windows\PEV.exe
2011-01-06 07:26:34 161792 ----a-w- c:\windows\SWREG.exe
2011-01-05 21:33:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-05 21:33:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-01-05 21:10:34 -------- d-sh--w- c:\documents and settings\auser\IECompatCache
2011-01-05 21:10:23 -------- d-sh--w- c:\documents and settings\auser\PrivacIE
2011-01-05 21:08:50 -------- d-sh--w- c:\documents and settings\auser\IETldCache
2011-01-05 20:57:46 -------- d-----w- c:\windows\ie8updates
2011-01-05 20:57:43 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-05 20:57:43 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-05 20:57:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-05 20:57:43 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-05 20:57:43 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-01-05 20:57:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-05 20:57:43 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-01-05 20:56:53 -------- dc-h--w- c:\windows\ie8
2011-01-05 20:45:40 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-05 20:41:00 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-05 20:41:00 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-05 20:41:00 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-05 20:39:16 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-05 20:39:16 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-05 20:31:15 -------- d-----w- c:\docume~1\auser\applic~1\Malwarebytes
2011-01-05 20:31:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-05 20:31:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-05 20:31:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-05 20:31:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-05 20:30:27 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-01-05 20:28:52 -------- d-sh--w- c:\documents and settings\auser\UserData
2011-01-05 20:28:29 -------- d-----w- c:\windows\system32\PreInstall
2011-01-05 20:28:27 -------- d--h--w- c:\windows\$hf_mig$
2011-01-05 20:25:54 -------- d-----w- c:\docume~1\auser\locals~1\applic~1\Help
2011-01-05 20:21:08 -------- d-----w- c:\windows\system32\SoftwareDistribution
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-05 05:05:35 81920 ------w- c:\windows\system32\ieencode.dll
2010-11-03 12:25:54 385024 ------w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
============= FINISH: 23:36:33.12 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/23/2010 11:05:48 AM
System Uptime: 1/6/2011 10:26:19 AM (13 hours ago)
Motherboard: Dell Inc. | | 0HN7XN
Processor: Intel Pentium III Xeon processor | CPU | 2693/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 140.597 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP9: 1/5/2011 1:28:26 PM - Software Distribution Service 3.0
RP10: 1/5/2011 1:38:35 PM - Software Distribution Service 3.0
RP11: 1/5/2011 1:50:47 PM - Software Distribution Service 3.0
RP12: 1/5/2011 2:10:04 PM - Installed Windows XP WgaNotify.
RP13: 1/5/2011 2:13:30 PM - Software Distribution Service 3.0
RP14: 1/6/2011 6:49:47 AM - Software Distribution Service 3.0
RP15: 1/6/2011 8:37:56 AM - Software Distribution Service 3.0
RP16: 1/6/2011 9:11:39 AM - Installed Java(TM) 6 Update 20
RP17: 1/6/2011 9:12:04 AM - Installed OpenOffice.org 3.2
RP18: 1/6/2011 9:30:17 AM - Installed Java(TM) 6 Update 23
RP19: 1/6/2011 11:17:09 PM - Software Distribution Service 3.0
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.0
Broadcom NetXtreme-I Netlink Driver and Management Installer
Dell Printer Software Uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Security Client
Microsoft Security Essentials
OpenOffice.org 3.2
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
==== End Of File ===========================
I'm noticing something called MsMpEng.exe running in my task manager thats taking up a lot of CPU.
Google searching suggests it's not malicious, but I'd still like to know why it'as there all a sudden. Could it be associated with MSE?
Jack&Jill
2011-01-07, 19:17
Hello bob200 :),
I'm noticing something called MsMpEng.exe running in my task manager thats taking up a lot of CPU. Yes, it is related to MSE.
--------------------
Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.
Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:
Adobe Reader 8.1.0
Go to the Adobe download page. Click here. (http://get.adobe.com/reader/)
If your OS is not the same as stated, click on Different language or operating system? link.
Under the Select an operating system title, click on Select an OS... box and choose the OS that you have.
Change the language if you want by clicking on English below the Select a language title.
Press Continue.
Uncheck (untick) Free McAfee Security Scan (optional).
Click the Download now button after selecting the latest version.
Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.
If your OS is the same, uncheck (untick) Free McAfee Security Scan (optional).
Click Download to proceed. Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.
--------------------
Congratulations, you are All Clear to go. Glad to hear everything is good and running :). If you have any more problems, please let me know.
Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
Go to Start > Run.... Copy and paste the following text into the white box:
ComboFix /uninstall
Click OK.
Delete the SystemLook, Rootkit Unhooker, TDSSKiller and RKill files on your desktop.
Delete any logs on the desktop.
Some tips to help you stay clean and safe:
1. Keep your Windows up to date. Enable Automatic Updates for Windows XP (http://www.bleepingcomputer.com/tutorials/tutorial35.html) to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.
2. Update your Antivirus program regularly, it is a must for constant protection against viruses. If you do not have one, Microsoft Security Essentials (http://www.microsoft.com/security_essentials/), Avast (http://www.avast.com/eng/download-avast-home.html) and Avira (http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=11012914) are some great and free antivirus programs that you can try. For paid versions, Avast, ESET NOD32 (http://www.eset.com/products/nod32.php) and Kaspersky (http://www.kaspersky.com/kaspersky_anti-virus) are some good options. Please keep only one AV installed.
3. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool (http://www.malwarebytes.org/mbam.php), totally free but for real-time protection you will have to pay a small one-time fee.
4. Install WinPatrol, a great protection program (http://www.winpatrol.com/) that helps you monitor for unwanted files or applications.
5. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts (http://www.mvps.org/winhelp2002/hosts.htm) for this purpose.
6. Install Web of Trust (WOT). WOT (http://www.mywot.com/) keeps you from dangerous websites with warnings and blockings.
7. Protect your computer from removable or USB drive infections with Panda USB Vaccine (http://www.pandasecurity.com/homeusers/downloads/usbvaccine/), an effective method to prevent malware from spreading.
8. Keep all your softwares updated. Visit Secunia Software Inspector (http://secunia.com/software_inspector/) to find out if any updates required.
9. Install a third party firewall if you do not have one for additional defense against internet dangers. Built-in Windows firewall can only keep nasties from breaking in, but unable to protect against any malwares from sending information out. Some recommended firewalls are Online Armor (http://www.tallemu.com/free-firewall-protection-software.html), Outpost (http://www.agnitum.com/products/outpostfree/index.php) and PC Tools (http://www.pctools.com/firewall/download/). More information on firewalls (http://www.bleepingcomputer.com/tutorials/tutorial60.html). Please keep only one FW installed.
10. If you have been a victim of malware before, Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
11. Also look up:
Computer Security - a short guide to staying safer online By Gary R and Wingman (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=54766)
PC Safety and Security - What Do I Need? By Glaswegian (http://www.techsupportforum.com/security-center/general-computer-security/525915-pc-safety-security-what-do-i-need.html)
How to prevent malware: By miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
So how did I get infected in the first place? By Tony Klein (http://forums.spybot.info/showthread.php?t=279)
Microsoft Online Safety (http://www.microsoft.com/protect/default.aspx)
Stay safe.
Thank you so much for your help.
I just had a couple more questions...
Is having multiple HOSTS files beneficial? I used to have peter lowe's and MVPS both (in 1 host file, just copy+pasted both HOSTS lists into one file)? I assume there'd be some redundancy but if it's all directed "home" then I didn't think there'd be conflicts.
I also have a 2T external HDD, I was wondering if you had any suggestions for an "emergency kit". I almost lost web connection completely in dealing with this computer...
What sort of things might I want to keep on an external HDD to help me out in a bad situation? IE: copies of mbam, combofix, an executable notepad, web browser, etc. Would any of that be useful?
Is it possible to create "system restore points" or registry backups onto an external HDD? Is it advisable to create a bootable windows on the external HDD that I can use to recover a compromised comp?
And how would you structure an external HDD to keep it safe from infection if it's needed to recover a comp?
One more question, sorry.
Is it beneficial to have MSE and TeaTimer both active at the same time? Or is it redundant?
Jack&Jill
2011-01-08, 13:50
Hello bob200 :),
You are welcome.
Is having multiple HOSTS files beneficial? Bad sites appear by the hundreds daily, we can never keep up. Having a basic host like the MVPS in place should be good enough provided that we use the Internet with more sense and care. Nothing wrong to have a combination of more than one host file contents from different sources in one host file.
I also have a 2T external HDD, I was wondering if you had any suggestions for an "emergency kit". I almost lost web connection completely in dealing with this computer...
What sort of things might I want to keep on an external HDD to help me out in a bad situation? IE: copies of mbam, combofix, an executable notepad, web browser, etc. Would any of that be useful?
Is it possible to create "system restore points" or registry backups onto an external HDD? Is it advisable to create a bootable windows on the external HDD that I can use to recover a compromised comp?
And how would you structure an external HDD to keep it safe from infection if it's needed to recover a comp? Malware nowadays are so advanced that having an "emergency kit" may or may not save you from a bad situation. I feel that the right approach should be having a bootable CD, the best being the Windows CD so that we can alway do a reformat and reinstall or repair install, backup your important data regularly and prevent infections based on my previous recommendations rather than cure. Have you gone through all the materials that I provided in my earlier post? I only use my external hard drive for keeping a backup of data.
Please note that ComboFix should not be used without supervision. Consequences can be quite disastrous if things are done incorrectly.
Is it beneficial to have MSE and TeaTimer both active at the same time? Or is it redundant? The former is an Antivirus, the latter an Antispyware. It is alright to have them both. They will complement each other. One thing to keep in mind is that you will not be 100% secure even though you have these protection. This is where sensible and responsible use of the computer and the Internet comes into the picture.
Jack&Jill
2011-01-13, 18:17
As your problems appear to have been resolved, this topic is now closed.
We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)