View Full Version : malware took other my computer
svchost.exe takes 100%
random advertising windows open
I am being redirected to crazy websites
and the computer is slow and the processor is working 100%
and I have a message Generic Hort Process for Win32 Services has encountered a problem and needs to close. we are sorry for the inconvenience.
I applied tdsskiller.exe (in run as mode, so no log) and he find nothing.
spybot finds click.giftload but can't erase it.
malwarebyte finds nothing.
I have a dds log and a defogger log.
I already disable tea-timer. the computer is not stable since 2 days ago. I can't use him safely. I have to restart him every 15 mn because he starts flickering (the desktop), to much process going on!!!
please help me
the dds log
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by NICOU at 22:21:45,48 on 2011-04-29
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1482 [GMT -3:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
F:\Programmes\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\NICOU\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\any video to dvd db toolbar\tbcore3.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\nicou\applic~1\mozilla\firefox\profiles\mtc5e0vx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/anyvideo2dvd/{5BC4B17D-66A1-4F00-BE33-AF17ECDA68F1}?q=
FF - plugin: c:\documents and settings\nicou\application data\mozilla\firefox\profiles\mtc5e0vx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-1-24 31816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-4-2 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-1-24 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-1-24 54608]
R2 StarWindServiceAE;StarWind AE Service;f:\programmes\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2011-4-2 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2011-4-2 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2011-4-2 171400]
S2 Cubase32;Cubase32;c:\windows\system32\drivers\Cubase32.sys [2011-4-11 11808]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-4-5 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-4-5 8456]
S3 RDID1044;Roland SP-606;c:\windows\system32\drivers\rdwm1044.sys [2011-4-11 161422]
.
=============== Created Last 30 ================
.
2011-04-29 23:45:13 -------- d-sha-r- C:\cmdcons
2011-04-29 23:41:53 98816 ----a-w- c:\windows\sed.exe
2011-04-29 23:41:53 89088 ----a-w- c:\windows\MBR.exe
2011-04-29 23:41:53 256512 ----a-w- c:\windows\PEV.exe
2011-04-29 23:41:53 161792 ----a-w- c:\windows\SWREG.exe
2011-04-29 20:28:09 0 ----a-w- c:\documents and settings\nicou\ntuser.tmp
2011-04-29 01:26:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-29 01:26:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-28 20:20:08 -------- d-----w- c:\program files\CCleaner
2011-04-28 03:21:56 0 ----a-w- c:\windows\Xgihetiy.bin
2011-04-28 03:20:39 157184 --sha-r- c:\windows\system32\MsPMSPU.dll
2011-04-28 03:20:39 157184 --sha-r- c:\windows\system32\dispexv.dll
2011-04-28 03:20:39 157184 --sha-r- c:\windows\system32\confmspl.dll
2011-04-21 06:22:57 -------- d-----w- c:\docume~1\nicou\applic~1\Toolbar4
2011-04-21 06:22:53 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Somoto
2011-04-21 06:22:48 -------- d-----w- c:\program files\Any Video To DVD DB Toolbar
2011-04-12 17:32:59 -------- d-sh--w- c:\documents and settings\nicou\IECompatCache
2011-04-12 04:49:18 -------- d-----w- c:\docume~1\nicou\applic~1\OpenOffice.org
2011-04-12 04:43:50 -------- d-----w- c:\program files\OpenOffice.org 3
2011-04-11 18:51:08 38401 ----a-r- c:\windows\system32\RdCi1044.dll
2011-04-11 18:51:07 81920 ----a-r- c:\windows\system32\rdas1044.dll
2011-04-11 18:51:07 161422 ----a-r- c:\windows\system32\drivers\rdwm1044.sys
2011-04-11 18:51:06 57344 ----a-r- c:\windows\system32\RDCP1044.CPL
2011-04-11 18:51:06 229376 ----a-r- c:\windows\system32\RDDP1044.DAT
2011-04-11 18:51:05 51644 ----a-r- c:\windows\system32\rddv1044.dll
2011-04-11 18:09:54 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-04-11 18:09:54 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-04-11 18:08:30 85504 ----a-w- c:\windows\system32\ma_cmidn.dll
2011-04-11 18:08:29 7282 ----a-w- c:\windows\system32\MA_CMIDI.VXD
2011-04-11 18:08:29 21888 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
2011-04-11 18:08:29 17920 ----a-w- c:\windows\system32\MA_CMIDI.DLL
2011-04-11 18:08:29 14176 ----a-w- c:\windows\system32\MA_CMIDI.DRV
2011-04-11 18:08:10 -------- d-----w- c:\program files\M-Audio MA_CMIDI
2011-04-11 09:00:56 -------- d-----w- c:\program files\D16 Group
2011-04-11 08:51:41 -------- d-----w- c:\program files\Solid State Logic
2011-04-11 08:16:48 765952 ----a-w- c:\windows\system32\msvcp71d.dll
2011-04-11 08:16:48 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2011-04-11 08:16:44 -------- d-----w- c:\program files\Nomad Factory
2011-04-11 07:42:37 129024 ----a-w- c:\windows\UNWISE.EXE
2011-04-11 07:35:09 24576 ----a-w- c:\windows\system32\wavlbsys.dll
2011-04-11 07:35:09 11808 ----a-w- c:\windows\system32\drivers\Cubase32.sys
2011-04-11 05:23:45 -------- d-----w- c:\docume~1\nicou\applic~1\Blue Cat Audio
2011-04-11 04:08:03 -------- d-----w- c:\docume~1\nicou\applic~1\Daichi
2011-04-11 00:29:07 -------- d-----w- c:\program files\FXpansion
2011-04-11 00:29:07 -------- d-----w- c:\docume~1\nicou\applic~1\FXpansion
2011-04-10 21:36:12 2240 ----a-w- c:\windows\LENDIG.sys
2011-04-10 20:45:07 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Identities
2011-04-10 08:19:44 -------- d-sh--w- c:\documents and settings\nicou\PrivacIE
2011-04-10 07:32:20 691551 ----a-w- c:\program files\uninstall information\{abaf1232-6213-4062-9d52-04e04a730cea}\unins000.exe
2011-04-10 07:28:47 691551 ----a-w- c:\program files\uninstall information\{842c6afc-7856-4fd9-99af-8900554acaa2}\unins000.exe
2011-04-10 06:50:29 -------- d-----w- c:\docume~1\nicou\applic~1\Smartelectronix
2011-04-10 04:02:20 -------- d-----w- c:\program files\GForce
2011-04-10 00:55:01 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-04-10 00:55:01 1025 ----a-w- c:\windows\system32\clauth2.dll
2011-04-10 00:55:01 1025 ----a-w- c:\windows\system32\clauth1.dll
2011-04-10 00:54:55 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Native Instruments
2011-04-10 00:43:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\IK Multimedia
2011-04-08 05:51:33 319487 ----a-w- c:\windows\LOOP.exe
2011-04-08 05:37:13 -------- d-----w- c:\program files\common files\KORG
2011-04-08 05:28:06 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2011-04-08 05:28:06 -------- d-----w- c:\program files\common files\iZotope
2011-04-08 04:22:27 393216 ----a-w- c:\windows\system32\NI_IRC_1_2.dll
2011-04-08 04:22:12 61440 ----a-w- c:\windows\system32\NI_DFD_1_5.dll
2011-04-08 04:22:12 1870336 ----a-w- c:\windows\system32\bconvert.dll
2011-04-08 04:22:11 -------- d-----w- c:\program files\Native Instruments
2011-04-08 04:22:11 -------- d-----w- c:\program files\common files\Native Instruments
2011-04-08 04:06:08 86016 ----a-w- c:\windows\unvise32.exe
2011-04-08 03:20:08 151552 ----a-w- c:\windows\system32\FDlg.dll
2011-04-08 01:41:58 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2011-04-08 01:41:58 566272 ----a-w- c:\windows\system32\wmvdmoe.dll
2011-04-08 01:41:58 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2011-04-08 01:41:58 285184 ----a-w- c:\windows\system32\wmidx2.ocx
2011-04-08 01:41:58 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2011-04-08 01:34:10 1294336 ----a-w- c:\windows\system32\vorbis.acm
2011-04-07 00:07:58 -------- d-----w- C:\QUARANTINE
2011-04-06 22:39:52 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Microsoft Help
2011-04-06 22:07:29 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-06 21:46:46 -------- d-----w- c:\docume~1\nicou\applic~1\NetMedia Providers
2011-04-06 21:46:43 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Sony
2011-04-06 21:36:12 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2011-04-06 21:36:12 24576 ------w- c:\windows\system32\dbmsgnet.dll
2011-04-06 21:35:32 -------- d-----w- c:\program files\Microsoft SQL Server
2011-04-06 21:12:06 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Installer2184
2011-04-06 20:57:05 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Installer376
2011-04-06 20:54:31 -------- d-----w- c:\program files\VideoLAN
2011-04-06 20:35:11 -------- d-----w- c:\program files\common files\Control Panels
2011-04-06 20:31:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\ALM
2011-04-06 20:30:38 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2011-04-06 20:30:38 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2011-04-06 20:18:24 -------- d-----w- c:\program files\Bonjour
2011-04-06 20:07:52 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-04-06 19:49:57 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-04-06 19:49:57 20304 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-04-06 19:22:25 -------- d-----w- c:\docume~1\nicou\applic~1\Serif
2011-04-06 18:41:46 -------- d-----w- c:\docume~1\nicou\applic~1\Softland
2011-04-06 18:34:59 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2011-04-06 18:34:58 -------- d-----w- c:\docume~1\nicou\applic~1\FreeVideoConverter
2011-04-05 06:19:02 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2011-04-05 06:19:02 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-04-05 06:19:02 2340992 ----a-w- c:\windows\system32\BootMan.exe
2011-04-05 06:19:02 18048 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-04-05 06:19:01 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2011-04-05 06:10:35 -------- d-----w- c:\program files\EASEUS
2011-04-05 03:59:14 -------- d-----w- c:\docume~1\nicou\applic~1\QuickScan
2011-04-04 23:03:44 -------- d-----w- c:\windows\system32\LogFiles
2011-04-04 23:03:42 -------- d-----w- c:\docume~1\nicou\applic~1\Malwarebytes
2011-04-04 23:03:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 23:03:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-04 23:03:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 23:03:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-04 21:13:56 -------- d-----w- C:\bin
2011-04-04 21:00:50 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-04-04 20:59:43 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2011-04-04 20:59:43 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2011-04-04 20:59:43 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2011-04-04 20:59:42 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-04-04 20:59:42 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2011-04-04 20:59:42 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2011-04-04 20:56:23 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-04-04 20:56:18 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-04-04 20:55:47 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2011-04-04 20:55:42 74240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp054.dll
2011-04-04 20:55:40 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2011-04-04 20:53:12 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-04-04 20:53:12 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2011-04-04 20:52:53 827392 ----a-r- c:\windows\system32\hpotiop2.dll
2011-04-04 20:52:53 254026 ----a-r- c:\windows\system32\hpovst09.dll
2011-04-04 20:52:52 659456 ----a-r- c:\windows\system32\hpowiax2.dll
2011-04-04 20:52:49 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-04-04 20:52:49 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2011-04-04 20:50:17 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-04-04 20:50:17 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-04-04 06:01:53 -------- d-----w- c:\windows\pss
2011-04-04 05:41:20 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Temp
2011-04-03 21:26:45 -------- d-sh--w- c:\documents and settings\nicou\IETldCache
2011-04-03 20:06:39 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-04-03 20:06:22 -------- d-----w- c:\windows\ie8updates
2011-04-03 20:05:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-04-03 20:05:44 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-03 20:05:44 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-04-03 20:05:44 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-04-03 20:05:44 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-03 20:05:44 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-04-03 20:05:44 11080704 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-04-03 20:04:24 -------- dc-h--w- c:\windows\ie8
2011-04-03 04:36:19 -------- d-----w- c:\docume~1\nicou\applic~1\VSRevoGroup
2011-04-03 03:23:05 -------- d-----w- c:\program files\VS Revo Group
2011-04-03 03:07:51 -------- d-----w- c:\windows\system32\scripting
2011-04-03 03:07:51 -------- d-----w- c:\windows\l2schemas
2011-04-03 03:07:50 -------- d-----w- c:\windows\system32\en
2011-04-03 03:07:50 -------- d-----w- c:\windows\system32\bits
2011-04-03 03:04:04 -------- d-----w- c:\windows\network diagnostic
2011-04-03 03:01:00 -------- d-----w- c:\windows\EHome
2011-04-03 02:41:55 -------- d-----w- c:\windows\ServicePackFiles
2011-04-03 02:40:48 -------- d-----w- c:\program files\MSXML 4.0
2011-04-03 02:37:57 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2011-04-03 02:29:27 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-04-03 02:29:26 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-04-03 02:29:15 357248 ------w- c:\windows\system32\dllcache\srv.sys
2011-04-03 02:29:00 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-04-03 02:28:56 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-04-03 02:28:49 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-04-03 02:27:31 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-04-03 02:27:30 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-04-03 02:27:24 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-04-03 02:27:16 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-04-03 02:25:41 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-04-03 02:25:39 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2011-04-03 02:24:41 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-04-03 02:24:16 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-04-03 02:23:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-04-03 02:23:24 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-04-03 02:22:36 -------- d-----w- c:\windows\system32\PreInstall
2011-04-03 02:11:39 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-04-03 00:00:59 72936 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-03 00:00:59 64232 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-03 00:00:59 52104 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2011-04-03 00:00:59 33960 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-03 00:00:59 171400 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-03 00:00:42 -------- d-----w- c:\program files\McAfee
2011-04-03 00:00:42 -------- d-----w- c:\program files\common files\McAfee
2011-04-02 23:51:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-02 23:51:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-02 21:08:39 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Adobe
2011-04-02 09:24:56 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\PCHealth
2011-04-02 08:21:23 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-04-02 08:21:22 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-04-02 08:21:22 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-04-02 08:21:03 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-04-02 08:20:25 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-04-02 08:17:55 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2011-04-02 08:17:53 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-04-02 06:01:01 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Mozilla
2011-04-02 05:57:05 -------- d-sh--w- c:\documents and settings\nicou\UserData
2011-04-02 05:03:25 47104 ----a-w- c:\windows\system32\WACntlPnl.cpl
2011-04-02 05:01:59 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-04-02 05:01:59 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-04-02 05:01:53 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-04-02 03:49:14 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll
2011-04-02 03:49:14 -------- d-----w- c:\program files\common files\Cisco Systems
2011-04-02 03:42:19 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
.
==================== Find3M ====================
.
2011-04-28 21:20:24 372736 ----a-w- c:\windows\eqoyafisequpal.dl
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST9120824A rev.3.05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D7B730]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d81a10]; MOV EAX, [0x89d81a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x89DD6AB8]
3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000075[0x89E059E8]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x89DC3940]
\Driver\atapi[0x89E11AE8] -> IRP_MJ_CREATE -> 0x89D7B730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89D7B57B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:23:58,34 ===============
spybot log
Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-04-28 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-04-26 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-04-26 Includes\TrojansC-02.sbi (*)
2011-04-26 Includes\TrojansC-03.sbi (*)
2011-04-18 Includes\TrojansC-04.sbi (*)
2011-04-26 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Your infected with a nasty Rootkit :sad:
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
Thank You Ken545, here is the log
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-06 16:16:55
-----------------------------
16:16:55.453 OS Version: Windows 5.1.2600 Service Pack 3
16:16:55.453 Number of processors: 1 586 0x2402
16:16:55.453 ComputerName: MOHICAN UserName: NICOU
16:16:56.125 Initialize success
16:16:57.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:16:57.609 Disk 0 Vendor: ST9120824A 3.05 Size: 114473MB BusType: 3
16:16:57.609 Device \Driver\atapi -> DriverStartIo 89d7b57b
16:16:59.609 Disk 0 MBR read successfully
16:16:59.609 Disk 0 MBR scan
16:16:59.609 Disk 0 TDL4@MBR code has been found
16:16:59.609 Disk 0 MBR hidden
16:16:59.609 Disk 0 MBR [TDL4] **ROOTKIT**
16:16:59.625 Disk 0 trace - called modules:
16:16:59.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89d7b730]<<
16:16:59.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dd6ab8]
16:16:59.625 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000075[0x89de25d0]
16:16:59.640 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> [0x89dc3940]
16:16:59.640 \Driver\atapi[0x89e11ae8] -> IRP_MJ_CREATE -> 0x89d7b730
16:16:59.640 Scan finished successfully
16:17:07.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\NICOU\Desktop\MBR.dat"
16:17:07.968 The log file has been saved successfully to "C:\Documents and Settings\NICOU\Desktop\aswMBR.txt"
do you think you can solve the problem?
Hi,
You most likely have more malware present but let remove the Rootkit first
Re-Run aswMBR
Click Scan
On completion of the scan
Click the Fix for TDL4
http://public.avast.com/~gmerek/aswMBR3.png
Save the log as before and post in your next reply
After your computer boots back up , run DDS again and post a new log also
So I ran the program as you said and at the fix step the computer got stuck for a while. so restarted and scanned again this time nothing showed up, I guess the fix worked
her ethe log of the program after the restart
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-06 23:30:25
-----------------------------
23:30:25.921 OS Version: Windows 5.1.2600 Service Pack 3
23:30:25.921 Number of processors: 1 586 0x2402
23:30:25.921 ComputerName: MOHICAN UserName: NICOU
23:30:26.812 Initialize success
23:30:29.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:30:29.500 Disk 0 Vendor: ST9120824A 3.05 Size: 114473MB BusType: 3
23:30:31.500 Disk 0 MBR read successfully
23:30:31.500 Disk 0 MBR scan
23:30:31.500 Disk 0 unknown MBR code
23:30:33.500 Disk 0 scanning sectors +234436545
23:30:33.531 Disk 0 scanning C:\WINDOWS\system32\drivers
23:30:40.109 Service scanning
23:30:41.406 Disk 0 trace - called modules:
23:30:41.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:30:41.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89db9ab8]
23:30:41.437 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000075[0x89e673b8]
23:30:41.437 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89e66940]
23:30:41.437 Scan finished successfully
23:31:24.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\NICOU\Desktop\MBR.dat"
23:31:24.515 The log file has been saved successfully to "C:\Documents and Settings\NICOU\Desktop\aswMBR2.txt"
Hi,
Please read through what I post as it will speed up the cleaning process
After your computer boots back up , run DDS again and post a new log also
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
1. Post a New DDS log
2. Post the log from Malwarebytes
3. Let me know how your computer is behaving as far as redirects
DDS log
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by NICOU at 15:12:11,48 on 2011-05-07
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1460 [GMT -3:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
F:\Programmes\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v3.18-delta.exe
c:\e466385720fc0e1b7b71b0d0c6\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Documents and Settings\NICOU\Desktop\dds.scr
\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\nicou\applic~1\mozilla\firefox\profiles\mtc5e0vx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/anyvideo2dvd/{5BC4B17D-66A1-4F00-BE33-AF17ECDA68F1}?q=
FF - plugin: c:\documents and settings\nicou\application data\mozilla\firefox\profiles\mtc5e0vx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-1-24 31816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-4-2 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-1-24 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-1-24 54608]
R2 StarWindServiceAE;StarWind AE Service;f:\programmes\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2011-4-2 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2011-4-2 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2011-4-2 171400]
S2 Cubase32;Cubase32;c:\windows\system32\drivers\Cubase32.sys [2011-4-11 11808]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-4-5 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-4-5 8456]
S3 RDID1044;Roland SP-606;c:\windows\system32\drivers\rdwm1044.sys [2011-4-11 161422]
.
=============== Created Last 30 ================
.
2011-05-07 18:11:37 -------- d-----w- C:\e466385720fc0e1b7b71b0d0c6
2011-05-02 19:29:51 -------- d-----w- c:\program files\ESET
2011-05-02 19:07:36 -------- d-----w- C:\_OTL
2011-04-29 23:45:13 -------- d-sha-r- C:\cmdcons
2011-04-29 23:41:53 98816 ----a-w- c:\windows\sed.exe
2011-04-29 23:41:53 89088 ----a-w- c:\windows\MBR.exe
2011-04-29 23:41:53 256512 ----a-w- c:\windows\PEV.exe
2011-04-29 23:41:53 161792 ----a-w- c:\windows\SWREG.exe
2011-04-29 01:26:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-29 01:26:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-28 20:20:08 -------- d-----w- c:\program files\CCleaner
2011-04-28 03:21:56 0 ----a-w- c:\windows\Xgihetiy.bin
2011-04-28 03:20:39 157184 --sha-r- c:\windows\system32\MsPMSPU.dll
2011-04-28 03:20:39 157184 --sha-r- c:\windows\system32\dispexv.dll
2011-04-28 03:20:39 157184 --sha-r- c:\windows\system32\confmspl.dll
2011-04-21 06:22:57 -------- d-----w- c:\docume~1\nicou\applic~1\Toolbar4
2011-04-21 06:22:53 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Somoto
2011-04-21 06:22:48 -------- d-----w- c:\program files\Any Video To DVD DB Toolbar
2011-04-12 17:32:59 -------- d-sh--w- c:\documents and settings\nicou\IECompatCache
2011-04-12 04:49:18 -------- d-----w- c:\docume~1\nicou\applic~1\OpenOffice.org
2011-04-12 04:43:50 -------- d-----w- c:\program files\OpenOffice.org 3
2011-04-11 18:51:08 38401 ----a-r- c:\windows\system32\RdCi1044.dll
2011-04-11 18:51:07 81920 ----a-r- c:\windows\system32\rdas1044.dll
2011-04-11 18:51:07 161422 ----a-r- c:\windows\system32\drivers\rdwm1044.sys
2011-04-11 18:51:06 57344 ----a-r- c:\windows\system32\RDCP1044.CPL
2011-04-11 18:51:06 229376 ----a-r- c:\windows\system32\RDDP1044.DAT
2011-04-11 18:51:05 51644 ----a-r- c:\windows\system32\rddv1044.dll
2011-04-11 18:09:54 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-04-11 18:09:54 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-04-11 18:08:30 85504 ----a-w- c:\windows\system32\ma_cmidn.dll
2011-04-11 18:08:29 7282 ----a-w- c:\windows\system32\MA_CMIDI.VXD
2011-04-11 18:08:29 21888 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
2011-04-11 18:08:29 17920 ----a-w- c:\windows\system32\MA_CMIDI.DLL
2011-04-11 18:08:29 14176 ----a-w- c:\windows\system32\MA_CMIDI.DRV
2011-04-11 18:08:10 -------- d-----w- c:\program files\M-Audio MA_CMIDI
2011-04-11 09:00:56 -------- d-----w- c:\program files\D16 Group
2011-04-11 08:51:41 -------- d-----w- c:\program files\Solid State Logic
2011-04-11 08:16:48 765952 ----a-w- c:\windows\system32\msvcp71d.dll
2011-04-11 08:16:48 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2011-04-11 08:16:44 -------- d-----w- c:\program files\Nomad Factory
2011-04-11 07:42:37 129024 ----a-w- c:\windows\UNWISE.EXE
2011-04-11 07:35:09 24576 ----a-w- c:\windows\system32\wavlbsys.dll
2011-04-11 07:35:09 11808 ----a-w- c:\windows\system32\drivers\Cubase32.sys
2011-04-11 05:23:45 -------- d-----w- c:\docume~1\nicou\applic~1\Blue Cat Audio
2011-04-11 04:08:03 -------- d-----w- c:\docume~1\nicou\applic~1\Daichi
2011-04-11 00:29:07 -------- d-----w- c:\program files\FXpansion
2011-04-11 00:29:07 -------- d-----w- c:\docume~1\nicou\applic~1\FXpansion
2011-04-10 21:36:12 2240 ----a-w- c:\windows\LENDIG.sys
2011-04-10 20:45:07 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Identities
2011-04-10 08:19:44 -------- d-sh--w- c:\documents and settings\nicou\PrivacIE
2011-04-10 07:32:20 691551 ----a-w- c:\program files\uninstall information\{abaf1232-6213-4062-9d52-04e04a730cea}\unins000.exe
2011-04-10 07:28:47 691551 ----a-w- c:\program files\uninstall information\{842c6afc-7856-4fd9-99af-8900554acaa2}\unins000.exe
2011-04-10 06:50:29 -------- d-----w- c:\docume~1\nicou\applic~1\Smartelectronix
2011-04-10 04:02:20 -------- d-----w- c:\program files\GForce
2011-04-10 00:55:01 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-04-10 00:55:01 1025 ----a-w- c:\windows\system32\clauth2.dll
2011-04-10 00:55:01 1025 ----a-w- c:\windows\system32\clauth1.dll
2011-04-10 00:54:55 -------- d-----w- c:\docume~1\nicou\locals~1\applic~1\Native Instruments
2011-04-10 00:43:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\IK Multimedia
2011-04-08 05:51:33 319487 ----a-w- c:\windows\LOOP.exe
2011-04-08 05:37:13 -------- d-----w- c:\program files\common files\KORG
2011-04-08 05:28:06 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2011-04-08 05:28:06 -------- d-----w- c:\program files\common files\iZotope
2011-04-08 04:22:27 393216 ----a-w- c:\windows\system32\NI_IRC_1_2.dll
2011-04-08 04:22:12 61440 ----a-w- c:\windows\system32\NI_DFD_1_5.dll
2011-04-08 04:22:12 1870336 ----a-w- c:\windows\system32\bconvert.dll
2011-04-08 04:22:11 -------- d-----w- c:\program files\Native Instruments
2011-04-08 04:22:11 -------- d-----w- c:\program files\common files\Native Instruments
2011-04-08 04:06:08 86016 ----a-w- c:\windows\unvise32.exe
2011-04-08 03:20:08 151552 ----a-w- c:\windows\system32\FDlg.dll
2011-04-08 01:41:58 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2011-04-08 01:41:58 566272 ----a-w- c:\windows\system32\wmvdmoe.dll
2011-04-08 01:41:58 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2011-04-08 01:41:58 285184 ----a-w- c:\windows\system32\wmidx2.ocx
2011-04-08 01:41:58 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2011-04-08 01:34:10 1294336 ----a-w- c:\windows\system32\vorbis.acm
.
==================== Find3M ====================
.
2011-04-02 23:51:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-02 23:51:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-31 14:18:18 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-03-31 14:18:16 20304 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-03-25 23:04:16 18048 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-03-25 23:03:44 2340992 ----a-w- c:\windows\system32\BootMan.exe
2011-03-24 13:57:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2011-03-24 13:57:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-03-24 13:57:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 06:55:19 149504 ----a-w- c:\windows\system32\SET10.tmp
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\SET2A.tmp
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\SET2F.tmp
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ------w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
============= FINISH: 15:14:11,32 ===============
Attach log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2011-04-02 01:55:41
System Uptime: 2011-05-07 15:07:23 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 309B
Processor: AMD Turion(tm) 64 Mobile Technology ML-37 | U23 | 1989/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 35 GiB total, 18,63 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1,247 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 20 GiB total, 17,968 GiB free.
G: is FIXED (NTFS) - 48 GiB total, 13,82 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 2011-04-28 00:45:00 - System Checkpoint
RP2: 2011-04-29 01:04:13 - System Checkpoint
RP3: 2011-04-30 15:18:16 - System Checkpoint
RP4: 2011-05-02 16:08:28 - OTL Restore Point
RP5: 2011-05-07 15:09:25 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.0.1)
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AiO_Scan_CDA
AiOSoftwareNPI
Alpha 3
Any Video To DVD DB Toolbar
Arturia Moog Modular V v1.1
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
Audio Damage DubStation VST v1.0.2.0
AudioRealism Bass Line 2 (remove only)
Bass Station 1.50
Bias Sound Soap 2 DX RTAS VST v2.01
BufferChm
C4100
c4100_Help
CCleaner
Conexant AC-Link Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CS-80V
CueTour
CustomerResearchQFolder
Dash Signature daAlfa2k VSTi v2.24c
Destinations
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
doPDF 7.2 printer
EASEUS Partition Master 8.0.1 Home Edition
Edirol HQ Orchestral v1.01
Edirol Hyper Canvas v1.53
Edirol Super Quartet v1.52 TALiO
ESET Online Scanner v3
eSupportQFolder
Fax_CDA
FL Studio 6
Free Video Converter V 2.92
GForce impOSCar v1.10 VSTi RTAS
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Premier Software 6.5
HP QuickPlay 2.0
HP Software Update
HP Solution Center 7.0
HP Wireless Assistant 2.00 C1
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
InstantShareDevicesMFC
iZotope iDrum
iZotope iDrum Factory Content
iZotope pHATmatik PRO
iZotope Vinyl
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 22
JX220 (remove only)
JXSynth 1.2 (remove only)
Korg Legacy Collection v1.1.2
LightScribe 1.4.56.1
Linplug Albino VSTi v2.01
LinPlug daOrgan
LinPlug DeltaIII VSTi v3.0.5
LinPlug Organ 3
LUXONIX Ravity(S) v1.4
MA_CMIDI
Malwarebytes' Anti-Malware
MarketResearch
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
N.I Pro-53 v3.0-OxYGeN
Native Instruments Absynth v3.0.2
Native Instruments B4 v2.0.0.7
Native Instruments FM7 VSTi DXI RTAS v1.1.3.4
Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
Native.Instruments.Absynth.RegUser.Presets.Addon
NewCopy_CDA
NomadFactory Analog Mastering Tools VST RTAS v1.0
OCR Software by I.R.I.S 7.0
OpenOffice.org 3.3
OptionalContentQFolder
PanoStandAlone
PDF Settings
pdfsam
PhotoGallery
ProductContextNPI
PSP VintageWarmer2 2.1.4
Quadrafuzz v1.0
Quick Launch Buttons 5.20 G1
RandMap
Readme
ReFX Junox2 VSTi v1.4
Revo Uninstaller 1.91
Rob Papen Predator V1.1 b
SampleTank 2.5
Scan
ScannerCopy
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Serif PagePlus SE 1.0
SH-1001
SkinsHP1
SlideShow
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
Sony ACID Pro 6.0
Sony Media Manager 2.2
Sony Sound Forge 7.0
SoundFonts.it GS-201 Tape Echo v1.0 VST
Spybot - Search & Destroy
SSL LMC-1 v1.0
SSL X-ISM v1.1
Status
Steinberg Magneto VST v1.5
Sylenth1 v1.01.3
Synapse Junglist VSTi v3.2
Synaptics Pointing Device Driver
T-RackS 24
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
Toraverb
TourSetup
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V-Station 1.50
VLC media player 1.1.8
Waldorf PPG Wave 2.V v1.2
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
Wireless Home Network Setup
.
==== Event Viewer Messages From Past Week ========
.
2011-05-05 15:07:17, error: System Error [1003] - Error code 1000000a, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 804fb051.
2011-05-02 16:07:43, error: Service Control Manager [7034] - The StarWind AE Service service terminated unexpectedly. It has done this 1 time(s).
2011-05-02 16:07:42, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
2011-05-02 16:07:42, error: Service Control Manager [7034] - The McAfee Task Manager service terminated unexpectedly. It has done this 1 time(s).
2011-05-02 16:07:42, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
2011-05-02 16:07:37, error: Service Control Manager [7034] - The McAfee Framework Service service terminated unexpectedly. It has done this 1 time(s).
2011-05-02 16:07:37, error: Service Control Manager [7034] - The M-Audio CMIDI Installer service terminated unexpectedly. It has done this 1 time(s).
2011-05-02 16:07:37, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
2011-05-02 16:07:37, error: Service Control Manager [7034] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).
2011-05-02 16:07:36, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
2011-05-02 15:42:12, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service hpqwmiex with arguments "-Service" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
2011-05-02 14:40:42, error: Service Control Manager [7000] - The Cubase32 service failed to start due to the following error: The system cannot find the device specified.
2011-04-30 15:47:53, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service hpqwmiex with arguments "-Service" in order to run the server: {4BE1F202-E872-4127-8E3F-A24A4A021203}
.
==== End Of File ===========================
Malwarebytes log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6528
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2011-05-07 15:44:58
mbam-log-2011-05-07 (15-44-58).txt
Scan type: Quick scan
Objects scanned: 148722
Time elapsed: 3 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
On the other hand, the redirect seems to stop. so far, nothing happened, yet.
So what is the next step?
Hi,
Thanks for the logs. Your Master Boot Record was infected by a rootkit and aswMBR removed it so things should be better , but lets check further
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
I already installed Combo Fix. So here the log
ComboFix 11-04-29.02 - NICOU 2011-05-07 19:54:42.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1621 [GMT -3:00]
Running from: c:\documents and settings\NICOU\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-07 18:29 . 2011-05-07 18:29 -------- d-----w- c:\windows\system32\XPSViewer
2011-05-07 18:29 . 2011-05-07 18:29 -------- d-----w- c:\program files\MSBuild
2011-05-07 18:28 . 2011-05-07 18:28 -------- d-----w- c:\program files\Reference Assemblies
2011-05-07 18:28 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-05-07 18:28 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-05-07 18:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-05-07 18:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-05-07 18:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-05-07 18:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-05-07 18:28 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-05-07 18:28 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-05-07 18:28 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-05-07 18:28 . 2011-05-07 18:28 -------- d-----w- C:\ce10f287d9ee23a3100d2f7320fdee
2011-05-02 19:29 . 2011-05-02 19:29 -------- d-----w- c:\program files\ESET
2011-05-02 19:07 . 2011-05-02 19:07 -------- d-----w- C:\_OTL
2011-04-29 01:26 . 2011-04-29 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-29 01:26 . 2011-04-29 01:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-28 20:20 . 2011-04-28 20:20 -------- d-----w- c:\program files\CCleaner
2011-04-28 12:08 . 2011-04-28 12:08 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-04-28 12:08 . 2011-04-28 12:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Toolbar4
2011-04-28 12:08 . 2011-04-28 12:08 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2011-04-28 03:21 . 2011-04-28 03:21 0 ----a-w- c:\windows\Xgihetiy.bin
2011-04-28 03:20 . 2011-04-28 03:20 157184 --sha-r- c:\windows\system32\MsPMSPU.dll
2011-04-28 03:20 . 2011-04-28 03:20 157184 --sha-r- c:\windows\system32\dispexv.dll
2011-04-28 03:20 . 2011-04-28 03:20 157184 --sha-r- c:\windows\system32\confmspl.dll
2011-04-21 06:22 . 2011-04-21 06:22 -------- d-----w- c:\documents and settings\NICOU\Application Data\Toolbar4
2011-04-21 06:22 . 2011-04-21 06:22 -------- d-----w- c:\documents and settings\NICOU\Local Settings\Application Data\Somoto
2011-04-21 06:22 . 2011-04-29 23:53 -------- d-----w- c:\program files\Any Video To DVD DB Toolbar
2011-04-12 17:32 . 2011-04-12 17:32 -------- d-sh--w- c:\documents and settings\NICOU\IECompatCache
2011-04-12 04:49 . 2011-04-12 04:49 -------- d-----w- c:\documents and settings\NICOU\Application Data\OpenOffice.org
2011-04-12 04:43 . 2011-04-12 04:44 -------- d-----w- c:\program files\OpenOffice.org 3
2011-04-11 18:51 . 2004-04-20 13:30 38401 ----a-r- c:\windows\system32\RdCi1044.dll
2011-04-11 18:51 . 2004-04-20 13:30 161422 ----a-r- c:\windows\system32\drivers\rdwm1044.sys
2011-04-11 18:51 . 2004-04-20 13:30 81920 ----a-r- c:\windows\system32\rdas1044.dll
2011-04-11 18:51 . 2004-04-20 13:30 57344 ----a-r- c:\windows\system32\RDCP1044.CPL
2011-04-11 18:51 . 2004-04-20 13:30 229376 ----a-r- c:\windows\system32\RDDP1044.DAT
2011-04-11 18:51 . 2004-04-20 13:30 51644 ----a-r- c:\windows\system32\rddv1044.dll
2011-04-11 18:09 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-04-11 18:09 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-04-11 18:08 . 2005-06-14 16:44 85504 ----a-w- c:\windows\system32\ma_cmidn.dll
2011-04-11 18:08 . 2005-06-14 16:44 7282 ----a-w- c:\windows\system32\MA_CMIDI.VXD
2011-04-11 18:08 . 2005-06-14 16:44 21888 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
2011-04-11 18:08 . 2005-06-14 16:44 17920 ----a-w- c:\windows\system32\MA_CMIDI.DLL
2011-04-11 18:08 . 2005-06-14 16:44 14176 ----a-w- c:\windows\system32\MA_CMIDI.DRV
2011-04-11 18:08 . 2011-04-11 18:08 -------- d-----w- c:\program files\M-Audio MA_CMIDI
2011-04-11 09:00 . 2011-04-11 09:00 -------- d-----w- c:\program files\D16 Group
2011-04-11 08:51 . 2011-04-11 08:51 -------- d-----w- c:\program files\Solid State Logic
2011-04-11 08:16 . 2003-03-18 21:04 765952 ----a-w- c:\windows\system32\msvcp71d.dll
2011-04-11 08:16 . 2003-03-18 21:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2011-04-11 08:16 . 2011-04-11 08:16 -------- d-----w- c:\program files\Nomad Factory
2011-04-11 07:42 . 1998-04-30 17:56 129024 ----a-w- c:\windows\UNWISE.EXE
2011-04-11 07:35 . 1996-08-12 13:59 24576 ----a-w- c:\windows\system32\wavlbsys.dll
2011-04-11 07:35 . 1996-07-29 20:53 11808 ----a-w- c:\windows\system32\drivers\Cubase32.sys
2011-04-11 05:23 . 2011-04-11 05:23 -------- d-----w- c:\documents and settings\NICOU\Application Data\Blue Cat Audio
2011-04-11 04:08 . 2011-04-11 04:08 -------- d-----w- c:\documents and settings\NICOU\Application Data\Daichi
2011-04-11 00:29 . 2011-04-11 00:29 -------- d-----w- c:\program files\FXpansion
2011-04-11 00:29 . 2011-04-11 00:29 -------- d-----w- c:\documents and settings\NICOU\Application Data\FXpansion
2011-04-10 21:36 . 2006-09-14 04:21 2240 ----a-w- c:\windows\LENDIG.sys
2011-04-10 20:45 . 2011-04-10 20:45 -------- d-----w- c:\documents and settings\NICOU\Local Settings\Application Data\Identities
2011-04-10 08:19 . 2011-04-10 08:19 -------- d-sh--w- c:\documents and settings\NICOU\PrivacIE
2011-04-10 07:32 . 2011-04-10 07:31 691551 ----a-w- c:\program files\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe
2011-04-10 07:28 . 2011-04-10 07:26 691551 ----a-w- c:\program files\Uninstall Information\{842C6AFC-7856-4fd9-99AF-8900554ACAA2}\unins000.exe
2011-04-10 06:50 . 2011-04-10 06:50 -------- d-----w- c:\documents and settings\NICOU\Application Data\Smartelectronix
2011-04-10 04:02 . 2011-04-10 04:02 -------- d-----w- c:\program files\GForce
2011-04-10 00:55 . 2011-04-10 00:55 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-04-10 00:55 . 2011-04-10 00:55 1025 ----a-w- c:\windows\system32\clauth2.dll
2011-04-10 00:55 . 2011-04-10 00:55 1025 ----a-w- c:\windows\system32\clauth1.dll
2011-04-10 00:54 . 2011-04-10 00:54 -------- d-----w- c:\documents and settings\NICOU\Local Settings\Application Data\Native Instruments
2011-04-10 00:43 . 2011-04-10 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\IK Multimedia
2011-04-10 00:43 . 2011-04-10 00:43 -------- d-----w- c:\documents and settings\NICOU\Application Data\InstallShield
2011-04-08 05:51 . 2004-02-16 05:45 319487 ----a-w- c:\windows\LOOP.exe
2011-04-08 05:37 . 2011-04-08 05:37 -------- d-----w- c:\program files\Common Files\KORG
2011-04-08 05:28 . 2011-04-08 05:28 -------- d-----w- c:\program files\Common Files\iZotope
2011-04-08 05:28 . 2006-04-06 22:41 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2011-04-08 04:22 . 2006-10-04 17:13 393216 ----a-w- c:\windows\system32\NI_IRC_1_2.dll
2011-04-08 04:22 . 2006-10-04 17:13 61440 ----a-w- c:\windows\system32\NI_DFD_1_5.dll
2011-04-08 04:22 . 2006-10-04 17:13 1870336 ----a-w- c:\windows\system32\bconvert.dll
2011-04-08 04:22 . 2011-04-08 06:07 -------- d-----w- c:\program files\Native Instruments
2011-04-08 04:22 . 2011-04-08 04:22 -------- d-----w- c:\program files\Common Files\Native Instruments
2011-04-08 04:06 . 1999-12-17 13:13 86016 ----a-w- c:\windows\unvise32.exe
2011-04-08 03:20 . 2003-02-24 20:27 151552 ----a-w- c:\windows\system32\FDlg.dll
2011-04-08 01:41 . 2002-10-09 16:21 566272 ----a-w- c:\windows\system32\wmvdmoe.dll
2011-04-08 01:41 . 2001-10-19 18:40 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2011-04-08 01:41 . 2001-10-19 18:40 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2011-04-08 01:41 . 2001-10-19 18:40 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2011-04-08 01:41 . 2001-10-19 06:05 285184 ----a-w- c:\windows\system32\wmidx2.ocx
2011-04-08 01:34 . 2002-07-07 22:14 1294336 ----a-w- c:\windows\system32\vorbis.acm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 22:07 . 2011-04-06 22:07 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-02 23:51 . 2011-04-02 23:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-02 23:51 . 2011-04-02 23:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-31 14:18 . 2011-04-06 19:49 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-03-31 14:18 . 2011-04-06 19:49 20304 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-03-25 23:04 . 2011-04-05 06:19 18048 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-03-25 23:03 . 2011-04-05 06:19 2340992 ----a-w- c:\windows\system32\BootMan.exe
2011-03-24 13:57 . 2011-04-05 06:19 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2011-03-24 13:57 . 2011-04-05 06:19 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-03-24 13:57 . 2011-04-05 06:19 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2011-03-07 05:33 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 08:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 08:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-04 08:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 08:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2011-04-03 02:23 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 08:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-04 08:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 08:00 978944 ------w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-29 05:18 . 2011-04-02 08:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"wave1"=rddv1044.dll
"midi2"=rddv1044.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 19:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-08-22 231424]
S2 Cubase32;Cubase32;c:\windows\system32\drivers\Cubase32.sys [2011-04-11 11808]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-04-05 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-04-05 8456]
S3 RDID1044;Roland SP-606;c:\windows\system32\drivers\rdwm1044.sys [2011-04-11 161422]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-04-06 436792]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\NICOU\Application Data\Mozilla\Firefox\Profiles\mtc5e0vx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/anyvideo2dvd/{5BC4B17D-66A1-4F00-BE33-AF17ECDA68F1}?q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-07 19:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,d5,6d,78,57,14,53,48,ac,ec,1e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,d5,6d,78,57,14,53,48,ac,ec,1e,\
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_Protocol_Catalog"="Protocol_Catalog9"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\rddv1044.dll
.
- - - - - - - > 'explorer.exe'(1036)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-05-07 19:59:27
ComboFix-quarantined-files.txt 2011-05-07 22:59
ComboFix2.txt 2011-04-29 23:58
.
Pre-Run: 19*328*946*176 bytes free
Post-Run: 19*342*860*288 bytes free
.
- - End Of File - - 12890BE47A1A9F4F08C57192E2A68B65
ps: other than that I have an icon in the system tray that says that automatic update is not on. sometimes, the firewall is disable. sine the virus fake xp update that icon is on.
Thank you
Your copy of Combofix is outdated, its updated almost daily, drag it to the trash and redownload it , run it and post a new log please
part 1
ComboFix 11-05-07.01 - NICOU 2011-05-07 20:21:01.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1573 [GMT -3:00]
Running from: c:\documents and settings\NICOU\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-07 18:29 . 2011-05-07 18:29 -------- d-----w- c:\windows\system32\XPSViewer
2011-05-07 18:29 . 2011-05-07 18:29 -------- d-----w- c:\program files\MSBuild
2011-05-07 18:28 . 2011-05-07 18:28 -------- d-----w- c:\program files\Reference Assemblies
2011-05-07 18:28 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-05-07 18:28 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-05-07 18:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-05-07 18:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-05-07 18:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-05-07 18:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-05-07 18:28 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-05-07 18:28 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-05-07 18:28 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-05-07 18:28 . 2011-05-07 18:28 -------- d-----w- C:\ce10f287d9ee23a3100d2f7320fdee
2011-05-02 19:29 . 2011-05-02 19:29 -------- d-----w- c:\program files\ESET
2011-05-02 19:07 . 2011-05-02 19:07 -------- d-----w- C:\_OTL
2011-04-29 01:26 . 2011-04-29 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-29 01:26 . 2011-04-29 01:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-28 20:20 . 2011-04-28 20:20 -------- d-----w- c:\program files\CCleaner
2011-04-28 12:08 . 2011-04-28 12:08 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-04-28 12:08 . 2011-04-28 12:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Toolbar4
2011-04-28 12:08 . 2011-04-28 12:08 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2011-04-28 03:21 . 2011-04-28 03:21 0 ----a-w- c:\windows\Xgihetiy.bin
2011-04-28 03:20 . 2011-04-28 03:20 157184 --sha-r- c:\windows\system32\MsPMSPU.dll
2011-04-28 03:20 . 2011-04-28 03:20 157184 --sha-r- c:\windows\system32\dispexv.dll
2011-04-28 03:20 . 2011-04-28 03:20 157184 --sha-r- c:\windows\system32\confmspl.dll
2011-04-21 06:22 . 2011-04-21 06:22 -------- d-----w- c:\documents and settings\NICOU\Application Data\Toolbar4
2011-04-21 06:22 . 2011-04-21 06:22 -------- d-----w- c:\documents and settings\NICOU\Local Settings\Application Data\Somoto
2011-04-21 06:22 . 2011-04-29 23:53 -------- d-----w- c:\program files\Any Video To DVD DB Toolbar
2011-04-12 17:32 . 2011-04-12 17:32 -------- d-sh--w- c:\documents and settings\NICOU\IECompatCache
2011-04-12 04:49 . 2011-04-12 04:49 -------- d-----w- c:\documents and settings\NICOU\Application Data\OpenOffice.org
2011-04-12 04:43 . 2011-04-12 04:44 -------- d-----w- c:\program files\OpenOffice.org 3
2011-04-11 18:51 . 2004-04-20 13:30 38401 ----a-r- c:\windows\system32\RdCi1044.dll
2011-04-11 18:51 . 2004-04-20 13:30 161422 ----a-r- c:\windows\system32\drivers\rdwm1044.sys
2011-04-11 18:51 . 2004-04-20 13:30 81920 ----a-r- c:\windows\system32\rdas1044.dll
2011-04-11 18:51 . 2004-04-20 13:30 57344 ----a-r- c:\windows\system32\RDCP1044.CPL
2011-04-11 18:51 . 2004-04-20 13:30 229376 ----a-r- c:\windows\system32\RDDP1044.DAT
2011-04-11 18:51 . 2004-04-20 13:30 51644 ----a-r- c:\windows\system32\rddv1044.dll
2011-04-11 18:09 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-04-11 18:09 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-04-11 18:08 . 2005-06-14 16:44 85504 ----a-w- c:\windows\system32\ma_cmidn.dll
2011-04-11 18:08 . 2005-06-14 16:44 7282 ----a-w- c:\windows\system32\MA_CMIDI.VXD
2011-04-11 18:08 . 2005-06-14 16:44 21888 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
2011-04-11 18:08 . 2005-06-14 16:44 17920 ----a-w- c:\windows\system32\MA_CMIDI.DLL
2011-04-11 18:08 . 2005-06-14 16:44 14176 ----a-w- c:\windows\system32\MA_CMIDI.DRV
2011-04-11 18:08 . 2011-04-11 18:08 -------- d-----w- c:\program files\M-Audio MA_CMIDI
2011-04-11 09:00 . 2011-04-11 09:00 -------- d-----w- c:\program files\D16 Group
2011-04-11 08:51 . 2011-04-11 08:51 -------- d-----w- c:\program files\Solid State Logic
2011-04-11 08:16 . 2003-03-18 21:04 765952 ----a-w- c:\windows\system32\msvcp71d.dll
2011-04-11 08:16 . 2003-03-18 21:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2011-04-11 08:16 . 2011-04-11 08:16 -------- d-----w- c:\program files\Nomad Factory
2011-04-11 07:42 . 1998-04-30 17:56 129024 ----a-w- c:\windows\UNWISE.EXE
2011-04-11 07:35 . 1996-08-12 13:59 24576 ----a-w- c:\windows\system32\wavlbsys.dll
2011-04-11 07:35 . 1996-07-29 20:53 11808 ----a-w- c:\windows\system32\drivers\Cubase32.sys
2011-04-11 05:23 . 2011-04-11 05:23 -------- d-----w- c:\documents and settings\NICOU\Application Data\Blue Cat Audio
2011-04-11 04:08 . 2011-04-11 04:08 -------- d-----w- c:\documents and settings\NICOU\Application Data\Daichi
2011-04-11 00:29 . 2011-04-11 00:29 -------- d-----w- c:\program files\FXpansion
2011-04-11 00:29 . 2011-04-11 00:29 -------- d-----w- c:\documents and settings\NICOU\Application Data\FXpansion
2011-04-10 21:36 . 2006-09-14 04:21 2240 ----a-w- c:\windows\LENDIG.sys
2011-04-10 20:45 . 2011-04-10 20:45 -------- d-----w- c:\documents and settings\NICOU\Local Settings\Application Data\Identities
2011-04-10 08:19 . 2011-04-10 08:19 -------- d-sh--w- c:\documents and settings\NICOU\PrivacIE
2011-04-10 07:32 . 2011-04-10 07:31 691551 ----a-w- c:\program files\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe
2011-04-10 07:28 . 2011-04-10 07:26 691551 ----a-w- c:\program files\Uninstall Information\{842C6AFC-7856-4fd9-99AF-8900554ACAA2}\unins000.exe
2011-04-10 06:50 . 2011-04-10 06:50 -------- d-----w- c:\documents and settings\NICOU\Application Data\Smartelectronix
2011-04-10 04:02 . 2011-04-10 04:02 -------- d-----w- c:\program files\GForce
2011-04-10 00:55 . 2011-04-10 00:55 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-04-10 00:55 . 2011-04-10 00:55 1025 ----a-w- c:\windows\system32\clauth2.dll
2011-04-10 00:55 . 2011-04-10 00:55 1025 ----a-w- c:\windows\system32\clauth1.dll
2011-04-10 00:54 . 2011-04-10 00:54 -------- d-----w- c:\documents and settings\NICOU\Local Settings\Application Data\Native Instruments
2011-04-10 00:43 . 2011-04-10 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\IK Multimedia
2011-04-10 00:43 . 2011-04-10 00:43 -------- d-----w- c:\documents and settings\NICOU\Application Data\InstallShield
2011-04-08 05:51 . 2004-02-16 05:45 319487 ----a-w- c:\windows\LOOP.exe
2011-04-08 05:37 . 2011-04-08 05:37 -------- d-----w- c:\program files\Common Files\KORG
2011-04-08 05:28 . 2011-04-08 05:28 -------- d-----w- c:\program files\Common Files\iZotope
2011-04-08 05:28 . 2006-04-06 22:41 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2011-04-08 04:22 . 2006-10-04 17:13 393216 ----a-w- c:\windows\system32\NI_IRC_1_2.dll
2011-04-08 04:22 . 2006-10-04 17:13 61440 ----a-w- c:\windows\system32\NI_DFD_1_5.dll
2011-04-08 04:22 . 2006-10-04 17:13 1870336 ----a-w- c:\windows\system32\bconvert.dll
2011-04-08 04:22 . 2011-04-08 06:07 -------- d-----w- c:\program files\Native Instruments
2011-04-08 04:22 . 2011-04-08 04:22 -------- d-----w- c:\program files\Common Files\Native Instruments
2011-04-08 04:06 . 1999-12-17 13:13 86016 ----a-w- c:\windows\unvise32.exe
2011-04-08 03:20 . 2003-02-24 20:27 151552 ----a-w- c:\windows\system32\FDlg.dll
2011-04-08 01:41 . 2002-10-09 16:21 566272 ----a-w- c:\windows\system32\wmvdmoe.dll
2011-04-08 01:41 . 2001-10-19 18:40 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2011-04-08 01:41 . 2001-10-19 18:40 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2011-04-08 01:41 . 2001-10-19 18:40 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2011-04-08 01:41 . 2001-10-19 06:05 285184 ----a-w- c:\windows\system32\wmidx2.ocx
2011-04-08 01:34 . 2002-07-07 22:14 1294336 ----a-w- c:\windows\system32\vorbis.acm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 22:07 . 2011-04-06 22:07 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-02 23:51 . 2011-04-02 23:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-02 23:51 . 2011-04-02 23:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-31 14:18 . 2011-04-06 19:49 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-03-31 14:18 . 2011-04-06 19:49 20304 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-03-25 23:04 . 2011-04-05 06:19 18048 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-03-25 23:03 . 2011-04-05 06:19 2340992 ----a-w- c:\windows\system32\BootMan.exe
2011-03-24 13:57 . 2011-04-05 06:19 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2011-03-24 13:57 . 2011-04-05 06:19 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-03-24 13:57 . 2011-04-05 06:19 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2011-03-07 05:33 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 08:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 08:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-04 08:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 08:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2011-04-03 02:23 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 08:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-04 08:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 08:00 978944 ------w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-29 05:18 . 2011-04-02 08:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
part2
.
((((((((((((((((((((((((((((( SnapShot@2011-04-29_23.54.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-30 00:10 . 2008-07-30 00:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2008-07-29 22:59 . 2008-07-29 22:59 43544 c:\windows\system32\PresentationHostProxy.dll
+ 2004-08-07 13:10 . 2011-05-07 22:55 79146 c:\windows\system32\perfc009.dat
+ 2004-08-04 08:00 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
- 2004-08-04 08:00 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 07:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 07:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 83968 c:\windows\system32\mscories.dll
+ 2004-08-04 08:00 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 08:00 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
+ 2008-07-29 22:24 . 2008-07-29 22:24 97800 c:\windows\system32\infocardapi.dll
+ 2008-07-29 22:24 . 2008-07-29 22:24 11264 c:\windows\system32\icardres.dll
+ 2008-07-30 00:10 . 2008-07-30 00:10 73720 c:\windows\system32\dxva2.dll
- 2004-08-04 08:00 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
+ 2004-08-04 08:00 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
- 2011-04-03 20:05 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-04-03 20:05 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-12-20 22:15 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-12-20 22:15 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-04-03 20:05 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2011-04-03 20:05 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 07:34 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-03-08 07:34 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 07:33 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 07:33 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 96760 c:\windows\system32\dfshim.dll
+ 2008-07-30 02:40 . 2008-07-30 02:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 02:40 . 2008-07-30 02:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 02:40 . 2008-07-30 02:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 02:40 . 2008-07-30 02:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 02:40 . 2008-07-30 02:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 02:40 . 2008-07-30 02:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 02:40 . 2008-07-30 02:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 02:40 . 2008-07-30 02:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 02:40 . 2008-07-30 02:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 00:10 . 2008-07-30 00:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 22:59 . 2008-07-29 22:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 00:10 . 2008-07-30 00:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 22:32 . 2008-07-29 22:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-29 22:16 . 2008-07-29 22:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 22:16 . 2008-07-29 22:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 22:16 . 2008-07-29 22:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 22:16 . 2008-07-29 22:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 14:17 . 2008-07-25 14:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 10:28 . 2005-09-23 10:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 14:17 . 2008-07-25 14:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 14:17 . 2008-07-25 14:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 10:28 . 2005-09-23 10:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 14:17 . 2008-07-25 14:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 14:16 . 2008-07-25 14:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 10:28 . 2005-09-23 10:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 14:16 . 2008-07-25 14:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 10:28 . 2005-09-23 10:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 14:17 . 2008-07-25 14:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 10:28 . 2005-09-23 10:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 14:17 . 2008-07-25 14:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 14:17 . 2008-07-25 14:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 14:17 . 2008-07-25 14:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 07:59 . 2008-11-25 07:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 14:16 . 2008-07-25 14:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 14:16 . 2008-07-25 14:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 14:16 . 2008-07-25 14:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 14:16 . 2008-07-25 14:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 14:16 . 2008-07-25 14:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 14:17 . 2008-07-25 14:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 14:16 . 2008-07-25 14:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-30 00:07 . 2008-07-30 00:07 23040 c:\windows\Installer\13644d.msp
+ 2011-05-07 18:27 . 2011-05-07 18:27 88576 c:\windows\Installer\1006e3.msi
+ 2011-05-07 18:15 . 2010-12-20 23:59 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
+ 2011-05-07 18:15 . 2010-12-20 23:59 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
+ 2011-05-07 18:15 . 2010-12-20 23:59 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
+ 2011-05-07 18:15 . 2010-12-20 23:59 43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
+ 2011-05-07 18:15 . 2010-12-20 23:59 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
+ 2011-05-07 18:28 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2011-05-07 18:40 . 2011-05-07 18:40 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2011-05-07 18:39 . 2011-05-07 18:39 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2011-05-07 18:38 . 2011-05-07 18:38 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-05-07 18:28 . 2011-05-07 18:28 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-05-07 18:28 . 2011-05-07 18:28 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-05-07 18:30 . 2011-05-07 18:30 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-05-07 18:30 . 2011-05-07 18:30 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-05-07 18:30 . 2011-05-07 18:30 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2011-05-07 18:30 . 2011-05-07 18:30 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2011-05-07 18:28 . 2011-05-07 18:28 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2011-05-07 18:28 . 2011-05-07 18:28 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-05-07 18:30 . 2011-05-07 18:30 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2011-05-07 18:28 . 2011-05-07 18:28 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-07-30 02:40 . 2008-07-30 02:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 10:29 . 2005-09-23 10:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 10:28 . 2005-09-23 10:28 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 14:16 . 2008-07-25 14:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2011-05-07 18:29 . 2011-05-07 18:29 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-06 18:28 . 2011-04-06 18:28 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-30 00:26 . 2008-07-30 00:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2008-07-29 22:59 . 2008-07-29 22:59 161296 c:\windows\system32\UIAutomationCore.dll
+ 2011-05-07 18:28 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2011-05-07 18:28 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2011-05-07 18:28 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2011-05-07 18:28 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2011-05-07 18:28 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2011-04-04 20:55 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2011-04-04 20:55 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2011-04-04 20:55 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2011-05-07 18:28 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2011-05-07 18:28 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-08-24 19:15 . 2006-08-24 19:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2008-07-29 22:59 . 2008-07-29 22:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-29 23:35 . 2008-07-29 23:35 326160 c:\windows\system32\PresentationHost.exe
+ 2008-07-29 22:59 . 2008-07-29 22:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2004-08-07 13:10 . 2011-05-07 22:55 459522 c:\windows\system32\perfh009.dat
- 2004-08-04 08:00 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll
+ 2004-08-04 08:00 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
+ 2004-08-04 08:00 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
- 2004-08-04 08:00 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
- 2004-08-04 08:00 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll
+ 2004-08-04 08:00 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 07:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 07:32 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 158720 c:\windows\system32\mscorier.dll
+ 2004-08-04 08:00 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
- 2004-08-04 08:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2004-08-04 08:00 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 08:00 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 08:00 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 08:00 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 08:00 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
- 2004-08-04 08:00 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
+ 2008-07-29 22:24 . 2008-07-29 22:24 622080 c:\windows\system32\icardagt.exe
+ 2008-07-30 00:10 . 2008-07-30 00:10 493048 c:\windows\system32\evr.dll
part3
- 2004-08-04 08:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-04 08:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-04 08:00 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
- 2010-04-16 16:09 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-04-16 16:09 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-03-09 11:09 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2011-04-03 02:29 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
- 2009-03-08 07:34 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 07:34 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
- 2008-06-20 17:46 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2008-06-20 17:46 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2010-12-20 22:15 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
- 2010-12-20 22:15 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll
+ 2011-04-03 20:05 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2011-04-03 20:05 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2011-04-03 02:29 . 2011-02-17 13:18 455936 c:\windows\system32\dllcache\mrxsmb.sys
- 2010-09-18 15:23 . 2010-09-18 15:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2010-09-18 15:23 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2011-04-02 08:21 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
- 2011-04-02 08:17 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
+ 2011-04-02 08:17 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
- 2010-01-29 15:01 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-01-29 15:01 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2011-04-03 20:05 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2011-04-03 20:05 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-04-16 16:09 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-04-16 16:09 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll
- 2011-04-03 20:05 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2011-04-03 20:05 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2009-03-08 17:09 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 17:09 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 07:32 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 07:32 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-06-20 17:46 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
+ 2010-04-20 05:51 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
+ 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
- 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-07-30 02:40 . 2008-07-30 02:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 02:40 . 2008-07-30 02:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 21:47 . 2008-07-29 21:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 21:47 . 2008-07-29 21:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 02:15 . 2008-07-30 02:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 02:40 . 2008-07-30 02:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 02:40 . 2008-07-30 02:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-29 23:35 . 2008-07-29 23:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-29 22:59 . 2008-07-29 22:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 00:10 . 2008-07-30 00:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-29 22:16 . 2008-07-29 22:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-29 22:16 . 2008-07-29 22:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 22:16 . 2008-07-29 22:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-29 22:16 . 2008-07-29 22:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 22:16 . 2008-07-29 22:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 22:16 . 2008-07-29 22:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 22:16 . 2008-07-29 22:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 22:24 . 2008-07-29 22:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-29 22:16 . 2008-07-29 22:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 07:59 . 2008-11-25 07:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 07:59 . 2008-11-25 07:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 14:17 . 2008-07-25 14:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 07:59 . 2008-11-25 07:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-11-25 07:59 . 2008-11-25 07:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 10:29 . 2005-09-23 10:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 10:29 . 2005-09-23 10:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 14:17 . 2008-07-25 14:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 10:28 . 2005-09-23 10:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 14:17 . 2008-07-25 14:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 14:16 . 2008-07-25 14:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 10:28 . 2005-09-23 10:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 14:17 . 2008-07-25 14:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-12-13 12:58 . 2008-12-13 12:58 754688 c:\windows\Installer\1479e8.msp
+ 2011-05-07 18:30 . 2011-05-07 18:30 648192 c:\windows\Installer\1479bc.msi
+ 2008-07-30 00:23 . 2008-07-30 00:23 250880 c:\windows\Installer\136456.msp
+ 2008-07-30 00:28 . 2008-07-30 00:28 278016 c:\windows\Installer\136454.msp
+ 2008-07-29 22:40 . 2008-07-29 22:40 291840 c:\windows\Installer\136452.msp
+ 2011-05-07 18:29 . 2011-05-07 18:29 137728 c:\windows\Installer\13644c.msi
+ 2008-07-29 20:35 . 2008-07-29 20:35 553472 c:\windows\Installer\1006e8.msp
+ 2008-07-29 20:33 . 2008-07-29 20:33 506368 c:\windows\Installer\1006e6.msp
+ 2008-07-29 20:37 . 2008-07-29 20:37 911360 c:\windows\Installer\1006e5.msp
+ 2011-05-07 18:10 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-05-07 18:10 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-05-07 18:10 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-05-07 18:10 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-05-07 18:15 . 2010-12-20 23:59 916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll
+ 2011-05-07 18:15 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll
+ 2011-05-07 18:15 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe
+ 2011-05-07 18:15 . 2010-12-20 23:59 206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll
+ 2011-05-07 18:15 . 2010-12-20 23:59 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll
+ 2011-05-07 18:15 . 2010-12-20 23:59 602112 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll
+ 2011-05-07 18:15 . 2010-12-20 23:59 247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll
+ 2011-05-07 18:15 . 2010-12-20 23:59 184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll
+ 2011-05-07 18:15 . 2010-12-20 23:59 743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll
+ 2011-05-07 18:15 . 2010-12-20 23:59 387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll
+ 2011-05-07 18:15 . 2010-12-20 12:55 173568 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe
+ 2011-05-07 18:28 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2011-05-07 18:28 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2011-05-07 18:28 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2011-05-07 18:28 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2011-05-07 18:28 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2011-04-03 02:29 . 2011-02-17 13:18 455936 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-05-07 18:40 . 2011-05-07 18:40 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2011-05-07 18:40 . 2011-05-07 18:40 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2011-05-07 18:40 . 2011-05-07 18:40 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2011-05-07 18:40 . 2011-05-07 18:40 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2011-05-07 18:39 . 2011-05-07 18:39 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2011-05-07 18:39 . 2011-05-07 18:39 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2011-05-07 18:39 . 2011-05-07 18:39 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2011-05-07 18:39 . 2011-05-07 18:39 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-05-07 18:30 . 2011-05-07 18:30 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-06 18:28 . 2011-04-06 18:28 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-05-07 18:30 . 2011-05-07 18:30 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2011-05-07 18:33 . 2011-05-07 18:33 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2011-05-07 18:30 . 2011-05-07 18:30 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2011-05-07 18:33 . 2011-05-07 18:33 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-05-07 18:28 . 2011-05-07 18:28 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-05-07 18:30 . 2011-05-07 18:30 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-06 18:28 . 2011-04-06 18:28 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-05-07 18:30 . 2011-05-07 18:30 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-05-07 18:28 . 2011-05-07 18:28 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-05-07 18:28 . 2011-05-07 18:28 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-05-07 18:33 . 2011-05-07 18:33 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2011-05-07 18:33 . 2011-05-07 18:33 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-05-07 18:30 . 2011-05-07 18:30 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-05-07 18:28 . 2011-05-07 18:28 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2011-05-07 18:28 . 2011-05-07 18:28 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-06 18:28 . 2011-04-06 18:28 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-06 18:28 . 2011-04-06 18:28 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-05-07 18:28 . 2011-05-07 18:28 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-05-07 18:28 . 2011-05-07 18:28 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-06 18:27 . 2011-04-06 18:27 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-05-07 18:28 . 2011-05-07 18:28 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-05-07 02:33 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2004-08-04 08:00 . 2011-02-22 23:06 1210880 c:\windows\system32\urlmon.dll
- 2004-08-04 08:00 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll
+ 2011-05-07 18:28 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2011-05-07 18:28 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2011-05-07 18:28 . 2008-07-06 20:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2011-05-07 18:28 . 2008-07-06 20:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2011-05-07 18:28 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2004-08-04 08:00 . 2011-02-22 23:06 5962240 c:\windows\system32\mshtml.dll
+ 2009-03-08 07:32 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
- 2009-03-08 07:32 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
+ 2004-08-07 13:02 . 2011-05-07 18:35 1569920 c:\windows\system32\FNTCACHE.DAT
+ 2010-05-02 05:22 . 2011-03-03 13:21 1857920 c:\windows\system32\dllcache\win32k.sys
+ 2010-04-16 16:09 . 2011-02-22 23:06 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2010-04-16 16:09 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2010-04-16 16:09 . 2011-02-22 23:06 5962240 c:\windows\system32\dllcache\mshtml.dll
- 2011-04-03 20:05 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-04-03 20:05 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2008-07-30 02:40 . 2008-07-30 02:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 21:47 . 2008-07-29 21:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 21:47 . 2008-07-29 21:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 02:40 . 2008-07-30 02:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-05 22:35 . 2008-12-05 22:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-30 00:10 . 2008-07-30 00:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-30 00:10 . 2008-07-30 00:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-12-05 23:12 . 2008-12-05 23:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 07:59 . 2008-11-25 07:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 07:59 . 2008-11-25 07:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 14:17 . 2008-07-25 14:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-11-25 07:59 . 2008-11-25 07:59 5813576 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-11-25 07:59 . 2008-11-25 07:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 14:16 . 2008-07-25 14:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2008-12-13 12:57 . 2008-12-13 12:57 8397824 c:\windows\Installer\1479cd.msp
+ 2008-07-29 22:26 . 2008-07-29 22:26 1043456 c:\windows\Installer\136455.msp
+ 2008-07-29 23:37 . 2008-07-29 23:37 2679808 c:\windows\Installer\136453.msp
+ 2008-07-30 00:15 . 2008-07-30 00:15 3697664 c:\windows\Installer\136451.msp
+ 2008-07-29 22:34 . 2008-07-29 22:34 1448448 c:\windows\Installer\136450.msp
+ 2008-07-29 23:22 . 2008-07-29 23:22 4137984 c:\windows\Installer\13644f.msp
+ 2008-07-29 22:18 . 2008-07-29 22:18 3376640 c:\windows\Installer\13644e.msp
+ 2008-07-29 20:45 . 2008-07-29 20:45 2543616 c:\windows\Installer\1006ec.msp
+ 2008-07-29 20:29 . 2008-07-29 20:29 2926080 c:\windows\Installer\1006eb.msp
+ 2008-07-29 20:41 . 2008-07-29 20:41 6487040 c:\windows\Installer\1006ea.msp
+ 2008-07-29 20:39 . 2008-07-29 20:39 3403264 c:\windows\Installer\1006e9.msp
+ 2008-07-29 20:43 . 2008-07-29 20:43 1013248 c:\windows\Installer\1006e7.msp
+ 2008-07-29 20:31 . 2008-07-29 20:31 6083072 c:\windows\Installer\1006e4.msp
part4
+ 2011-05-07 18:15 . 2010-12-20 23:59 1210880 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll
+ 2011-05-07 18:15 . 2010-12-20 23:59 5961216 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
+ 2011-05-07 18:15 . 2010-12-20 23:59 1991680 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll
+ 2011-05-07 18:38 . 2011-05-07 18:38 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2011-05-07 18:40 . 2011-05-07 18:40 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2011-05-07 18:38 . 2011-05-07 18:38 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2011-05-07 18:40 . 2011-05-07 18:40 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2011-05-07 18:40 . 2011-05-07 18:40 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2011-05-07 18:40 . 2011-05-07 18:40 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2011-05-07 18:40 . 2011-05-07 18:40 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2011-05-07 18:39 . 2011-05-07 18:39 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2011-05-07 18:39 . 2011-05-07 18:39 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2011-05-07 18:39 . 2011-05-07 18:39 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2011-05-07 18:39 . 2011-05-07 18:39 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2011-05-07 18:39 . 2011-05-07 18:39 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2011-05-07 18:38 . 2011-05-07 18:38 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2011-05-07 18:28 . 2011-05-07 18:28 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-05-07 18:29 . 2011-05-07 18:29 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2011-05-07 18:28 . 2011-05-07 18:29 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-05-07 18:33 . 2011-05-07 18:33 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-05-07 18:33 . 2011-05-07 18:33 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-05-07 18:30 . 2011-05-07 18:30 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-05-07 18:33 . 2011-05-07 18:33 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-05-07 18:28 . 2011-05-07 18:28 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-05-07 18:32 . 2011-05-07 18:32 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-03 02:48 . 2011-05-07 18:11 42181064 c:\windows\system32\MRT.exe
- 2009-03-08 07:39 . 2010-12-21 08:29 11080704 c:\windows\system32\ieframe.dll
+ 2009-03-08 07:39 . 2011-02-22 23:06 11080704 c:\windows\system32\ieframe.dll
+ 2011-04-03 20:05 . 2011-02-22 23:06 11080704 c:\windows\system32\dllcache\ieframe.dll
- 2011-04-03 20:05 . 2010-12-21 08:29 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-13 13:21 . 2008-12-13 13:21 10473472 c:\windows\Installer\1479da.msp
+ 2011-05-07 18:15 . 2010-12-21 08:29 11080704 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll
+ 2011-05-07 18:40 . 2011-05-07 18:40 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2011-05-07 18:40 . 2011-05-07 18:40 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2011-05-07 18:39 . 2011-05-07 18:39 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2011-05-07 18:39 . 2011-05-07 18:39 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2011-05-07 18:36 . 2011-05-07 18:36 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
.
-- Snapshot reset to current date --
part5
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"wave1"=rddv1044.dll
"midi2"=rddv1044.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 19:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-08-22 231424]
S2 Cubase32;Cubase32;c:\windows\system32\drivers\Cubase32.sys [2011-04-11 11808]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-04-05 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-04-05 8456]
S3 RDID1044;Roland SP-606;c:\windows\system32\drivers\rdwm1044.sys [2011-04-11 161422]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-04-06 436792]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\NICOU\Application Data\Mozilla\Firefox\Profiles\mtc5e0vx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/anyvideo2dvd/{5BC4B17D-66A1-4F00-BE33-AF17ECDA68F1}?q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-07 20:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,d5,6d,78,57,14,53,48,ac,ec,1e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,d5,6d,78,57,14,53,48,ac,ec,1e,\
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_Protocol_Catalog"="Protocol_Catalog9"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\rddv1044.dll
.
- - - - - - - > 'explorer.exe'(3176)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-05-07 20:26:21
ComboFix-quarantined-files.txt 2011-05-07 23:26
ComboFix2.txt 2011-05-07 22:59
ComboFix3.txt 2011-04-29 23:58
.
Pre-Run: 19*342*503*936 bytes free
Post-Run: 19*322*261*504 bytes free
.
- - End Of File - - 081C10528F57E551691DACF64756D197
Good,
Run this quick scan and let me know how things are running now
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
I just notice that I don't have the small keyboard icon next to the system tray. the space is there but it is empty...
OTL log
OTL logfile created on: 2011-05-07 21:55:38 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\NICOU\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35,01 Gb Total Space | 17,94 Gb Free Space | 51,23% Space Free | Partition Type: NTFS
Drive D: | 8,26 Gb Total Space | 1,25 Gb Free Space | 15,10% Space Free | Partition Type: FAT32
Drive F: | 19,53 Gb Total Space | 17,97 Gb Free Space | 91,98% Space Free | Partition Type: NTFS
Drive G: | 47,97 Gb Total Space | 13,82 Gb Free Space | 28,81% Space Free | Partition Type: NTFS
Computer Name: MOHICAN | User Name: NICOU | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\NICOU\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Programmes\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard )
PRC - C:\Program Files\HPQ\shared\HpqToaster.exe ()
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\NICOU\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (StarWindServiceAE) -- F:\Programmes\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
SRV - (MSSQL$SONY_MEDIAMGR) -- G:\Sony\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- G:\Sony\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RDID1044) -- C:\WINDOWS\system32\drivers\rdwm1044.sys (Roland Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (Cubase32) -- C:\WINDOWS\System32\drivers\Cubase32.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-967964055-2490943435-3194060227-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
IE - HKU\S-1-5-21-967964055-2490943435-3194060227-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-967964055-2490943435-3194060227-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..keyword.URL: "http://www.bigseekpro.com/search/toolbar/anyvideo2dvd/{5BC4B17D-66A1-4F00-BE33-AF17ECDA68F1}?q="
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-04-29 02:18:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011-04-02 03:01:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Extensions
[2011-04-28 23:43:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Firefox\Profiles\mtc5e0vx.default\extensions
[2011-04-28 23:43:08 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Firefox\Profiles\mtc5e0vx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011-04-21 13:39:04 | 000,002,382 | ---- | M] () -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Firefox\Profiles\mtc5e0vx.default\searchplugins\search.xml
[2011-04-02 20:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-04-02 20:51:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011-04-02 20:51:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-04-29 02:18:39 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010-01-01 05:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
Hosts file not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-967964055-2490943435-3194060227-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-967964055-2490943435-3194060227-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-967964055-2490943435-3194060227-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-967964055-2490943435-3194060227-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Blue Sonic.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Blue Sonic.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001-07-28 02:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011-05-07 21:53:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NICOU\Desktop\OTL.exe
[2011-05-07 21:52:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011-05-07 20:26:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011-05-07 15:29:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011-05-07 15:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011-05-07 15:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011-05-07 15:28:12 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011-05-07 15:28:12 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011-05-07 15:28:12 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011-05-07 15:28:12 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011-05-07 15:28:12 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011-05-07 15:28:12 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011-05-07 15:28:11 | 000,000,000 | ---D | C] -- C:\ce10f287d9ee23a3100d2f7320fdee
[2011-05-07 15:10:41 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\NICOU\Desktop\ATF-Cleaner.exe
[2011-05-06 16:15:17 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\NICOU\Desktop\aswMBR.exe
[2011-05-02 16:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011-05-02 16:28:44 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\NICOU\Desktop\esetsmartinstaller_enu.exe
[2011-05-02 16:07:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-04-29 20:45:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-04-29 20:41:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-04-29 20:41:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-04-29 20:41:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-04-29 20:41:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-04-29 20:41:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-04-29 20:40:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-04-29 18:43:10 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\NICOU\Desktop\TDSSKiller.exe
[2011-04-29 14:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011-04-28 22:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011-04-28 22:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011-04-28 22:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011-04-28 22:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011-04-28 21:47:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NICOU\Recent
[2011-04-28 17:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011-04-28 17:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-04-28 09:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Toolbar4
[2011-04-28 09:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011-04-28 01:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011-04-28 00:43:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011-04-28 00:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011-04-21 03:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Toolbar4
[2011-04-21 03:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Local Settings\Application Data\Somoto
[2011-04-21 03:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Any Video To DVD DB Toolbar
[2011-04-20 01:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Desktop\AVIAddXSubs
[2011-04-12 14:32:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NICOU\IECompatCache
[2011-04-12 01:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\OpenOffice.org
[2011-04-12 01:46:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
[2011-04-12 01:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011-04-11 15:51:07 | 000,161,422 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\drivers\rdwm1044.sys
[2011-04-11 15:51:07 | 000,081,920 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\rdas1044.dll
[2011-04-11 15:51:06 | 000,229,376 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\RDDP1044.DAT
[2011-04-11 15:51:05 | 000,051,644 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\rddv1044.dll
[2011-04-11 15:09:54 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011-04-11 15:08:30 | 000,085,504 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\ma_cmidn.dll
[2011-04-11 15:08:29 | 000,021,888 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\drivers\ma_cmidi.sys
[2011-04-11 15:08:29 | 000,017,920 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\MA_CMIDI.DLL
[2011-04-11 15:08:29 | 000,014,176 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\MA_CMIDI.DRV
[2011-04-11 15:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\M-Audio MA_CMIDI
[2011-04-11 15:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio MA_CMIDI
[2011-04-11 06:04:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\AAY-Audio
[2011-04-11 06:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\D16 Group
[2011-04-11 05:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Solid State Logic
[2011-04-11 05:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Solid State Logic
[2011-04-11 05:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Leslie Sanford
[2011-04-11 05:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PSPaudioware
[2011-04-11 05:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\G-Sonique
[2011-04-11 05:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\DubStation VST plug-in
[2011-04-11 05:16:48 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71d.dll
[2011-04-11 05:16:48 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71d.dll
[2011-04-11 05:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nomad Factory
[2011-04-11 05:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\Nomad Factory
[2011-04-11 05:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nomad Factory
[2011-04-11 05:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\SoundFonts.it GS-201 Tape Echo v1.0
[2011-04-11 04:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Spectral Design
[2011-04-11 04:35:09 | 000,011,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Cubase32.sys
[2011-04-11 04:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\WOK
[2011-04-11 04:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\discoDSP
[2011-04-11 04:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Steinberg
[2011-04-11 04:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bias
[2011-04-11 02:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Blue Cat Audio
[2011-04-11 02:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\KeyToSound Preferences
[2011-04-11 01:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Daichi
[2011-04-10 21:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\FXpansion
[2011-04-10 21:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\FXpansion
[2011-04-10 18:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\JXPlugins
[2011-04-10 18:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\ReFX Junox2 VSTi v1.4
[2011-04-10 18:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sylenth1
[2011-04-10 17:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Local Settings\Application Data\Identities
[2011-04-10 05:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\EDIROL
[2011-04-10 05:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\DashSignature
[2011-04-10 05:19:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NICOU\PrivacIE
[2011-04-10 04:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\LinPlug Instruments
[2011-04-10 04:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Native Instruments FM7
[2011-04-10 03:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Smartelectronix
[2011-04-10 03:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\iZotope iDrum Content
[2011-04-10 01:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\AdmiralQuality
[2011-04-10 01:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\LUXONIX
[2011-04-10 01:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rob Papen Predator
[2011-04-10 01:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\GForce
[2011-04-10 01:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\GForce
[2011-04-10 00:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Timeworks
[2011-04-10 00:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Synapse
[2011-04-09 23:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\T-RackS 24
[2011-04-09 21:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\Native Instruments
[2011-04-09 21:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Local Settings\Application Data\Native Instruments
[2011-04-09 21:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IK Multimedia
[2011-04-09 21:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IK Multimedia
[2011-04-09 21:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\InstallShield
[2011-04-08 03:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Native Instruments
[2011-04-08 03:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Native Instruments Pro-53
[2011-04-08 03:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Native Instruments FM8
[2011-04-08 03:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Native Instruments B4 II
[2011-04-08 02:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Linplug
[2011-04-08 02:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Linplug
[2011-04-08 02:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\KORG
[2011-04-08 02:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\KORG
[2011-04-08 02:28:06 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\REX Shared Library.dll
[2011-04-08 02:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iZotope
[2011-04-08 02:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iZotope
[2011-04-08 02:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\HQ Software Synthesizer
[2011-04-08 02:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Edirol Super Quartet v1.52
[2011-04-08 01:22:27 | 000,393,216 | ---- | C] (Native Instruments Software GmbH) -- C:\WINDOWS\System32\NI_IRC_1_2.dll
[2011-04-08 01:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Native Instruments Battery 3
[2011-04-08 01:22:12 | 001,870,336 | ---- | C] (Native Instruments Software Synthesis GmbH) -- C:\WINDOWS\System32\bconvert.dll
[2011-04-08 01:22:12 | 000,061,440 | ---- | C] (Native Instruments Software GmbH) -- C:\WINDOWS\System32\NI_DFD_1_5.dll
[2011-04-08 01:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2011-04-08 01:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2011-04-08 01:06:08 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2011-04-08 01:06:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Arturia
[2011-04-08 00:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Arturia
[2011-04-07 22:41:58 | 001,683,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvcore2.dll
[2011-04-07 22:41:58 | 000,665,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmoe.dll
[2011-04-07 22:41:58 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdmoe.dll
[2011-04-07 22:41:58 | 000,438,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmod.dll
[2011-04-07 22:41:58 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmidx2.ocx
[2011-04-07 22:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FL Studio 6
[2011-04-07 22:34:10 | 001,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm
[2011-04-07 22:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\FL Studio 6
========== Files - Modified Within 30 Days ==========
[2011-05-07 21:55:09 | 000,459,522 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-05-07 21:55:09 | 000,079,146 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-05-07 21:53:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NICOU\Desktop\OTL.exe
[2011-05-07 21:50:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-05-07 21:50:41 | 2145,636,352 | -HS- | M] () -- C:\hiberfil.sys
[2011-05-07 20:18:01 | 004,343,224 | R--- | M] () -- C:\Documents and Settings\NICOU\Desktop\ComboFix.exe
[2011-05-07 15:35:17 | 001,569,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-05-07 15:15:46 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-05-07 15:10:43 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\NICOU\Desktop\ATF-Cleaner.exe
[2011-05-06 23:31:24 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\MBR.dat
[2011-05-06 16:24:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-05-06 16:15:40 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\NICOU\Desktop\aswMBR.exe
[2011-05-02 16:28:47 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\NICOU\Desktop\esetsmartinstaller_enu.exe
[2011-04-30 16:22:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-04-29 22:46:32 | 000,011,142 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Attach.zip
[2011-04-29 22:16:59 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\NICOU\defogger_reenable
[2011-04-29 22:12:32 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\2b4tegls.exe
[2011-04-29 22:11:54 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\dds.scr
[2011-04-29 22:11:26 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Defogger.exe
[2011-04-29 20:45:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-04-29 19:34:49 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\RKUnhookerLE.EXE
[2011-04-29 18:32:31 | 000,044,313 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.pdf
[2011-04-29 18:32:12 | 000,015,475 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.odt
[2011-04-29 13:24:53 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-04-28 22:26:18 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011-04-28 22:26:18 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Spybot - Search & Destroy.lnk
[2011-04-28 18:25:11 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ihuhogewusuy.dat
[2011-04-28 17:20:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011-04-28 09:06:54 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6AY3WTf.dat
[2011-04-28 00:21:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xgihetiy.bin
[2011-04-28 00:20:39 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\MsPMSPU.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\dispexv.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\confmspl.dll
[2011-04-27 03:32:34 | 000,480,149 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\3l.pdf
[2011-04-20 01:08:27 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-20 00:11:38 | 000,064,553 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\1.jpg
[2011-04-12 14:37:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011-04-12 01:46:20 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011-04-11 23:02:46 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2011-04-11 23:02:46 | 000,000,016 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2011-04-09 23:33:12 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\T-RackS 24.lnk
[2011-04-09 22:12:35 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011-04-09 22:12:35 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2011-04-07 23:07:03 | 000,001,495 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Sound Forge 7.0.lnk
[2011-04-07 22:42:00 | 000,156,910 | ---- | M] () -- C:\WINDOWS\WMSysPr8.prx
[2011-04-07 22:34:19 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FL Studio 6.lnk
========== Files Created - No Company Name ==========
[2011-05-07 20:17:16 | 004,343,224 | R--- | C] () -- C:\Documents and Settings\NICOU\Desktop\ComboFix.exe
[2011-05-07 15:10:28 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011-05-06 16:17:07 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\MBR.dat
[2011-04-29 22:46:32 | 000,011,142 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Attach.zip
[2011-04-29 22:16:47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NICOU\defogger_reenable
[2011-04-29 22:12:21 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\2b4tegls.exe
[2011-04-29 22:11:54 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\dds.scr
[2011-04-29 22:11:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Defogger.exe
[2011-04-29 20:45:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-04-29 20:45:16 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011-04-29 20:41:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-04-29 20:41:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-04-29 20:41:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-04-29 20:41:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-04-29 20:41:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-04-29 19:34:49 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\RKUnhookerLE.EXE
[2011-04-29 18:32:30 | 000,044,313 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.pdf
[2011-04-29 17:44:49 | 000,015,475 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.odt
[2011-04-29 13:24:53 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-04-28 22:26:18 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011-04-28 22:26:18 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Spybot - Search & Destroy.lnk
[2011-04-28 22:19:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-04-28 17:20:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011-04-28 09:06:54 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6AY3WTf.dat
[2011-04-28 00:21:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ihuhogewusuy.dat
[2011-04-28 00:21:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xgihetiy.bin
[2011-04-28 00:20:39 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\MsPMSPU.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\dispexv.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\confmspl.dll
[2011-04-27 03:32:34 | 000,480,149 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\3l.pdf
[2011-04-12 02:11:44 | 000,064,553 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\1.jpg
[2011-04-12 01:46:20 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011-04-11 15:51:08 | 000,038,401 | R--- | C] () -- C:\WINDOWS\System32\RdCi1044.dll
[2011-04-11 15:51:06 | 000,057,344 | R--- | C] () -- C:\WINDOWS\System32\RDCP1044.CPL
[2011-04-11 15:51:05 | 000,004,088 | R--- | C] () -- C:\WINDOWS\System32\Rd4t1044.DAT
[2011-04-11 15:08:29 | 000,007,282 | ---- | C] () -- C:\WINDOWS\System32\MA_CMIDI.VXD
[2011-04-11 04:42:37 | 000,129,024 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2011-04-11 04:35:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\wavlbsys.dll
[2011-04-10 18:36:12 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2011-04-10 00:56:20 | 000,950,000 | ---- | C] () -- C:\WINDOWS\SH1001YAPA.dat
[2011-04-09 23:33:12 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\T-RackS 24.lnk
[2011-04-09 21:55:14 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\w3data.vss
[2011-04-09 21:55:14 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011-04-09 21:55:01 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011-04-09 21:55:01 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2011-04-09 21:45:49 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SampleTank 2.5.lnk
[2011-04-08 02:51:33 | 000,319,487 | ---- | C] () -- C:\WINDOWS\LOOP.exe
[2011-04-08 00:20:08 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\FDlg.dll
[2011-04-07 23:07:03 | 000,001,495 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Sound Forge 7.0.lnk
[2011-04-07 22:42:00 | 000,156,910 | ---- | C] () -- C:\WINDOWS\WMSysPr8.prx
[2011-04-07 22:34:19 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FL Studio 6.lnk
[2011-04-06 20:18:25 | 000,012,484 | -HS- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011-04-06 20:18:25 | 000,012,484 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011-04-06 17:30:38 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2011-04-05 03:19:02 | 002,340,992 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011-04-05 03:19:02 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011-04-05 03:19:02 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011-04-05 03:19:02 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011-04-05 03:19:01 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011-04-04 19:42:04 | 000,018,782 | -HS- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\t66lx23lpui6t55uvc8xwnfy34833kkwq
[2011-04-04 19:42:04 | 000,018,782 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t66lx23lpui6t55uvc8xwnfy34833kkwq
[2011-04-04 17:55:56 | 000,118,641 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2011-04-04 17:55:47 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2011-04-02 23:07:31 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-02 03:01:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-04-02 01:56:43 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\fusioncache.dat
[2011-04-02 00:49:14 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007-10-02 07:50:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2007-10-02 07:50:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2006-04-26 01:53:49 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006-04-26 01:53:49 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006-04-26 01:39:43 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006-04-26 01:19:13 | 000,087,275 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006-03-09 14:28:40 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005-12-02 07:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005-11-08 14:49:00 | 000,112,456 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004-08-07 10:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004-08-07 10:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004-08-07 10:10:30 | 000,459,522 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-07 10:10:30 | 000,079,146 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-07 10:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004-08-07 10:02:54 | 001,569,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004-08-07 09:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004-08-07 09:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004-08-04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003-09-02 11:17:40 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2002-05-28 05:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002-05-28 05:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-07-07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
========== LOP Check ==========
[2011-04-09 21:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IK Multimedia
[2011-04-02 00:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011-04-06 18:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011-04-06 15:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2011-04-28 09:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Toolbar4
[2011-04-11 02:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NICOU\Application Data\Blue Cat Audio
[2011-04-11 01:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NICOU\Application Data\Daichi
[2011-04-21 04:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NICOU\Application Data\FreeVideoConverter
[2011-04-10 21:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NICOU\Application Data\FXpansion
[2011-04-06 18:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NICOU\Application Data\NetMedia Providers
[2011-04-12 01:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NICOU\Application Data\OpenOffice.org
[2011-04-06 18:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NICOU\Application Data\Publish Providers
[2011-04-05 00:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NICOU\Application Data\QuickScan
[2011-04-06 16:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NICOU\Application Data\Serif
[2011-04-10 03:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NICOU\Application Data\Smartelectronix
[2011-04-06 15:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NICOU\Application Data\Softland
[2011-04-07 23:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NICOU\Application Data\Sony
[2011-04-21 03:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NICOU\Application Data\Toolbar4
[2011-04-03 01:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NICOU\Application Data\VSRevoGroup
========== Purity Check ==========
< End of report >
bigseekpro <--Did you install this and do you want and use it , getting mixed results on it ?
I have no idea what is BigseekPro!!!!!
I don't even know that thing was on the computer.
I want to get rid of it just like the whole virus. Please i want my perfectly working computer back!!!!
I just start the computer and he is downloading another Microsoft update (the yellow shield icon, he did that yesterday) and the keyboard language icon on the left of the system tray is still missing even if the space is there but empty.
after checking in google, That bigseekpro thing get installed after installation of the add-on IMTOO in firefox. the thing is I did not install any of them...
so I am being used!!!! big time...
Not sure about the keyboard icon, did this happen prior to us fixing your computer after one of the fixes ?
Open up Internet Explorer and go to Tools > Manage addons and look thru there for BigSeekPro , click on it to highlight and select disable
Open up Firefox and go to Tools > Addons and do the same thing
Then do this
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
IE - HKU\S-1-5-21-967964055-2490943435-3194060227-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/anyvideo2dvd/{72451267-22A7-4C23-9DCE-A7E772A37893}
FF - prefs.js..keyword.URL: "http://www.bigseekpro.com/search/toolbar/anyvideo2dvd/{5BC4B17D-66A1-4F00-BE33-AF17ECDA68F1}?q="
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
[2011-04-28 09:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Toolbar4
[2011-04-21 03:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Toolbar4
[2011-04-21 03:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Any Video To DVD DB Toolbar
:Services
:Reg
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
I think the keyboard icon went away after one of the fixes...
I am doing the back up of the registry and the scan
the log are coming next
Ken545 I have a question:
I disable IE as my main internet browser. the problem is I can't find it anymore to go delete the add-on...
How and where can I find the ie icon to start internet explorer?
Bigssekpro is not installed in firefox add-ons.
I don't see it in the firefox add-ons.
I am a bit confuse
I disable IE as my main internet browser. I dont think I am following you , I did not say to disable IE, just BigSeekPro in the addons tab
Just go ahead and run the OTL fix
I just checked IE add-ons, I don't see bigseekpro there too.
I just realized that I have a program named "any video to DVD"
I think I never installed that program. it's really suspicious because I don't convert video to DVD.
I am running the scan, but what do I do about Bigseekpro?
here is the OTL log after the runfix with the code
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-967964055-2490943435-3194060227-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://www.bigseekpro.com/search/toolbar/anyvideo2dvd/{5BC4B17D-66A1-4F00-BE33-AF17ECDA68F1}?q=" removed from keyword.URL
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\NetworkService\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E} folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Toolbar4 folder moved successfully.
C:\Documents and Settings\NICOU\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files folder moved successfully.
C:\Documents and Settings\NICOU\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache folder moved successfully.
C:\Documents and Settings\NICOU\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E} folder moved successfully.
C:\Documents and Settings\NICOU\Application Data\Toolbar4 folder moved successfully.
C:\Program Files\Any Video To DVD DB Toolbar folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
Ethernet adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\NICOU\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\NICOU\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
Ethernet adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : no-domain-set.bellcanada
IP Address. . . . . . . . . . . . : 192.168.2.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
C:\Documents and Settings\NICOU\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\NICOU\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\NICOU\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\NICOU\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 245894 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1259 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1513 bytes
User: NICOU
->Temp folder emptied: 1616 bytes
->Temporary Internet Files folder emptied: 76804 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48086617 bytes
->Flash cache emptied: 582 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103141376 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 907986 bytes
Total Files Cleaned = 145,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05082011_164823
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
New OTL log after reboot and fix
OTL logfile created on: 2011-05-08 16:56:16 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\NICOU\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35,01 Gb Total Space | 17,86 Gb Free Space | 51,01% Space Free | Partition Type: NTFS
Drive D: | 8,26 Gb Total Space | 1,25 Gb Free Space | 15,10% Space Free | Partition Type: FAT32
Drive F: | 19,53 Gb Total Space | 17,97 Gb Free Space | 91,98% Space Free | Partition Type: NTFS
Drive G: | 47,97 Gb Total Space | 13,82 Gb Free Space | 28,81% Space Free | Partition Type: NTFS
Computer Name: MOHICAN | User Name: NICOU | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\NICOU\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Programmes\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard )
PRC - C:\Program Files\HPQ\shared\HpqToaster.exe ()
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\NICOU\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (StarWindServiceAE) -- F:\Programmes\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
SRV - (MSSQL$SONY_MEDIAMGR) -- G:\Sony\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- G:\Sony\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RDID1044) -- C:\WINDOWS\system32\drivers\rdwm1044.sys (Roland Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (Cubase32) -- C:\WINDOWS\System32\drivers\Cubase32.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-04-29 02:18:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011-04-02 03:01:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Extensions
[2011-04-28 23:43:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Firefox\Profiles\mtc5e0vx.default\extensions
[2011-04-28 23:43:08 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Firefox\Profiles\mtc5e0vx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011-04-21 13:39:04 | 000,002,382 | ---- | M] () -- C:\Documents and Settings\NICOU\Application Data\Mozilla\Firefox\Profiles\mtc5e0vx.default\searchplugins\search.xml
[2011-04-02 20:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-04-02 20:51:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011-04-02 20:51:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-04-29 02:18:39 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010-01-01 05:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011-05-08 16:48:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Blue Sonic.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Blue Sonic.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001-07-28 02:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011-05-08 16:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Desktop\2011-05-08
[2011-05-08 16:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Desktop\Erunt
[2011-05-07 21:53:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NICOU\Desktop\OTL.exe
[2011-05-07 21:52:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011-05-07 20:26:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011-05-07 15:29:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011-05-07 15:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011-05-07 15:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011-05-07 15:28:12 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011-05-07 15:28:12 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011-05-07 15:28:12 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011-05-07 15:28:12 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011-05-07 15:28:12 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011-05-07 15:28:12 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011-05-07 15:28:11 | 000,000,000 | ---D | C] -- C:\ce10f287d9ee23a3100d2f7320fdee
[2011-05-07 15:10:41 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\NICOU\Desktop\ATF-Cleaner.exe
[2011-05-06 16:15:17 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\NICOU\Desktop\aswMBR.exe
[2011-05-02 16:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011-05-02 16:28:44 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\NICOU\Desktop\esetsmartinstaller_enu.exe
[2011-05-02 16:07:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-04-29 20:45:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-04-29 20:41:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-04-29 20:41:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-04-29 20:41:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-04-29 20:41:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-04-29 20:41:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-04-29 20:40:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-04-29 18:43:10 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\NICOU\Desktop\TDSSKiller.exe
[2011-04-29 14:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011-04-28 22:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011-04-28 22:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011-04-28 22:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011-04-28 22:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011-04-28 21:47:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NICOU\Recent
[2011-04-28 17:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011-04-28 17:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-04-28 09:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011-04-28 01:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011-04-28 00:43:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011-04-28 00:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011-04-21 03:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Local Settings\Application Data\Somoto
[2011-04-20 01:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Desktop\AVIAddXSubs
[2011-04-12 14:32:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NICOU\IECompatCache
[2011-04-12 01:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\OpenOffice.org
[2011-04-12 01:46:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
[2011-04-12 01:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011-04-11 15:51:07 | 000,161,422 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\drivers\rdwm1044.sys
[2011-04-11 15:51:07 | 000,081,920 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\rdas1044.dll
[2011-04-11 15:51:06 | 000,229,376 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\RDDP1044.DAT
[2011-04-11 15:51:05 | 000,051,644 | R--- | C] (Roland Corporation) -- C:\WINDOWS\System32\rddv1044.dll
[2011-04-11 15:09:54 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011-04-11 15:08:30 | 000,085,504 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\ma_cmidn.dll
[2011-04-11 15:08:29 | 000,021,888 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\drivers\ma_cmidi.sys
[2011-04-11 15:08:29 | 000,017,920 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\MA_CMIDI.DLL
[2011-04-11 15:08:29 | 000,014,176 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\MA_CMIDI.DRV
[2011-04-11 15:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\M-Audio MA_CMIDI
[2011-04-11 15:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio MA_CMIDI
[2011-04-11 06:04:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\AAY-Audio
[2011-04-11 06:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\D16 Group
[2011-04-11 05:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Solid State Logic
[2011-04-11 05:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Solid State Logic
[2011-04-11 05:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Leslie Sanford
[2011-04-11 05:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PSPaudioware
[2011-04-11 05:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\G-Sonique
[2011-04-11 05:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\DubStation VST plug-in
[2011-04-11 05:16:48 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71d.dll
[2011-04-11 05:16:48 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71d.dll
[2011-04-11 05:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nomad Factory
[2011-04-11 05:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\Nomad Factory
[2011-04-11 05:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nomad Factory
[2011-04-11 05:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\SoundFonts.it GS-201 Tape Echo v1.0
[2011-04-11 04:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Spectral Design
[2011-04-11 04:35:09 | 000,011,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Cubase32.sys
[2011-04-11 04:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\WOK
[2011-04-11 04:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\discoDSP
[2011-04-11 04:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Steinberg
[2011-04-11 04:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bias
[2011-04-11 02:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Blue Cat Audio
[2011-04-11 02:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\KeyToSound Preferences
[2011-04-11 01:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Daichi
[2011-04-10 21:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\FXpansion
[2011-04-10 21:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\FXpansion
[2011-04-10 18:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\JXPlugins
[2011-04-10 18:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\ReFX Junox2 VSTi v1.4
[2011-04-10 18:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sylenth1
[2011-04-10 17:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Local Settings\Application Data\Identities
[2011-04-10 05:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\EDIROL
[2011-04-10 05:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\DashSignature
[2011-04-10 05:19:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NICOU\PrivacIE
[2011-04-10 04:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\LinPlug Instruments
[2011-04-10 04:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Native Instruments FM7
[2011-04-10 03:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\Smartelectronix
[2011-04-10 03:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\iZotope iDrum Content
[2011-04-10 01:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\AdmiralQuality
[2011-04-10 01:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\LUXONIX
[2011-04-10 01:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rob Papen Predator
[2011-04-10 01:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\GForce
[2011-04-10 01:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\GForce
[2011-04-10 00:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Timeworks
[2011-04-10 00:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Start Menu\Programs\Synapse
[2011-04-09 23:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\T-RackS 24
[2011-04-09 21:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\My Documents\Native Instruments
[2011-04-09 21:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Local Settings\Application Data\Native Instruments
[2011-04-09 21:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IK Multimedia
[2011-04-09 21:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IK Multimedia
[2011-04-09 21:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NICOU\Application Data\InstallShield
========== Files - Modified Within 30 Days ==========
[2011-05-08 16:49:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-05-08 16:49:54 | 2145,636,352 | -HS- | M] () -- C:\hiberfil.sys
[2011-05-08 16:48:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011-05-08 16:26:53 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\erunt.zip
[2011-05-08 15:16:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\MBR.dat
[2011-05-08 14:12:07 | 000,459,522 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-05-08 14:12:07 | 000,079,146 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-05-07 21:53:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NICOU\Desktop\OTL.exe
[2011-05-07 20:18:01 | 004,343,224 | R--- | M] () -- C:\Documents and Settings\NICOU\Desktop\ComboFix.exe
[2011-05-07 15:35:17 | 001,569,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-05-07 15:15:46 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-05-07 15:10:43 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\NICOU\Desktop\ATF-Cleaner.exe
[2011-05-06 16:24:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-05-06 16:15:40 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\NICOU\Desktop\aswMBR.exe
[2011-05-02 16:28:47 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\NICOU\Desktop\esetsmartinstaller_enu.exe
[2011-04-30 16:22:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-04-29 22:46:32 | 000,011,142 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Attach.zip
[2011-04-29 22:16:59 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\NICOU\defogger_reenable
[2011-04-29 22:12:32 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\2b4tegls.exe
[2011-04-29 22:11:54 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\dds.scr
[2011-04-29 22:11:26 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Defogger.exe
[2011-04-29 20:45:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-04-29 19:34:49 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\RKUnhookerLE.EXE
[2011-04-29 18:32:31 | 000,044,313 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.pdf
[2011-04-29 18:32:12 | 000,015,475 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.odt
[2011-04-29 13:24:53 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-04-28 22:26:18 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011-04-28 22:26:18 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\Spybot - Search & Destroy.lnk
[2011-04-28 18:25:11 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ihuhogewusuy.dat
[2011-04-28 17:20:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011-04-28 09:06:54 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6AY3WTf.dat
[2011-04-28 00:21:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xgihetiy.bin
[2011-04-28 00:20:39 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\MsPMSPU.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\dispexv.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\confmspl.dll
[2011-04-27 03:32:34 | 000,480,149 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\3l.pdf
[2011-04-20 01:08:27 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-20 00:11:38 | 000,064,553 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\1.jpg
[2011-04-12 14:37:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011-04-12 01:46:20 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011-04-11 23:02:46 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2011-04-11 23:02:46 | 000,000,016 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2011-04-09 23:33:12 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\NICOU\Desktop\T-RackS 24.lnk
[2011-04-09 22:12:35 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011-04-09 22:12:35 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
========== Files Created - No Company Name ==========
[2011-05-08 16:26:51 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\erunt.zip
[2011-05-07 20:17:16 | 004,343,224 | R--- | C] () -- C:\Documents and Settings\NICOU\Desktop\ComboFix.exe
[2011-05-07 15:10:28 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011-05-06 16:17:07 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\MBR.dat
[2011-04-29 22:46:32 | 000,011,142 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Attach.zip
[2011-04-29 22:16:47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NICOU\defogger_reenable
[2011-04-29 22:12:21 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\2b4tegls.exe
[2011-04-29 22:11:54 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\dds.scr
[2011-04-29 22:11:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Defogger.exe
[2011-04-29 20:45:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-04-29 20:45:16 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011-04-29 20:41:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-04-29 20:41:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-04-29 20:41:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-04-29 20:41:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-04-29 20:41:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-04-29 19:34:49 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\RKUnhookerLE.EXE
[2011-04-29 18:32:30 | 000,044,313 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.pdf
[2011-04-29 17:44:49 | 000,015,475 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Lettre Yvon.odt
[2011-04-29 13:24:53 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-04-28 22:26:18 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\NICOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011-04-28 22:26:18 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\Spybot - Search & Destroy.lnk
[2011-04-28 22:19:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-04-28 17:20:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011-04-28 09:06:54 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6AY3WTf.dat
[2011-04-28 00:21:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ihuhogewusuy.dat
[2011-04-28 00:21:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xgihetiy.bin
[2011-04-28 00:20:39 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\MsPMSPU.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\dispexv.dll
[2011-04-28 00:20:39 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\confmspl.dll
[2011-04-27 03:32:34 | 000,480,149 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\3l.pdf
[2011-04-12 02:11:44 | 000,064,553 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\1.jpg
[2011-04-12 01:46:20 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011-04-11 15:51:08 | 000,038,401 | R--- | C] () -- C:\WINDOWS\System32\RdCi1044.dll
[2011-04-11 15:51:06 | 000,057,344 | R--- | C] () -- C:\WINDOWS\System32\RDCP1044.CPL
[2011-04-11 15:51:05 | 000,004,088 | R--- | C] () -- C:\WINDOWS\System32\Rd4t1044.DAT
[2011-04-11 15:08:29 | 000,007,282 | ---- | C] () -- C:\WINDOWS\System32\MA_CMIDI.VXD
[2011-04-11 04:42:37 | 000,129,024 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2011-04-11 04:35:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\wavlbsys.dll
[2011-04-10 18:36:12 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2011-04-10 00:56:20 | 000,950,000 | ---- | C] () -- C:\WINDOWS\SH1001YAPA.dat
[2011-04-09 23:33:12 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\NICOU\Desktop\T-RackS 24.lnk
[2011-04-09 21:55:14 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\w3data.vss
[2011-04-09 21:55:14 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011-04-09 21:55:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011-04-09 21:55:01 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011-04-09 21:55:01 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2011-04-09 21:45:49 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SampleTank 2.5.lnk
[2011-04-08 02:51:33 | 000,319,487 | ---- | C] () -- C:\WINDOWS\LOOP.exe
[2011-04-08 00:20:08 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\FDlg.dll
[2011-04-06 20:18:25 | 000,012,484 | -HS- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011-04-06 20:18:25 | 000,012,484 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\d370ib50k8d5s35bk41t72fyy28xc84
[2011-04-06 17:30:38 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2011-04-05 03:19:02 | 002,340,992 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011-04-05 03:19:02 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011-04-05 03:19:02 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011-04-05 03:19:02 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011-04-05 03:19:01 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011-04-04 19:42:04 | 000,018,782 | -HS- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\t66lx23lpui6t55uvc8xwnfy34833kkwq
[2011-04-04 19:42:04 | 000,018,782 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t66lx23lpui6t55uvc8xwnfy34833kkwq
[2011-04-04 17:55:56 | 000,118,641 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2011-04-04 17:55:47 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2011-04-02 23:07:31 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-02 03:01:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-04-02 01:56:43 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\NICOU\Local Settings\Application Data\fusioncache.dat
[2011-04-02 00:49:14 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007-10-02 07:50:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2007-10-02 07:50:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2006-04-26 01:53:49 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006-04-26 01:53:49 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006-04-26 01:39:43 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006-04-26 01:19:13 | 000,087,275 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006-03-09 14:28:40 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005-12-02 07:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005-11-08 14:49:00 | 000,112,456 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004-08-07 10:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004-08-07 10:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004-08-07 10:10:30 | 000,459,522 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-07 10:10:30 | 000,079,146 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-07 10:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004-08-07 10:02:54 | 001,569,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004-08-07 09:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004-08-07 09:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004-08-04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003-09-02 11:17:40 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2002-05-28 05:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002-05-28 05:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-07-07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >
Matson,
Your logs look fine. Let me tell you, when you first posted your computer was very seriously infected with a nasty nasty nasty rootkit, infections like this are not to be taken lightly. Sometimes when removing this garbage it may effect some other things.
Why dont you go to Add Remove Programs in the Control Panel and uninstall the software for your keyboard and then use the set up disk that came with it and reinstall it. If you have problems with this let me know and I can direct you to a good windows forum that can help you.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
log of eset scan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2\A0002492.exe probably a variant of Win32/Agent.EDQCSRE trojan
about the keyboard icon, this the language icon of windows which usually stays next to the system tray.
if i reload the recovery DVD, I'll have to reinstall the whole system I think..
Hi,
What ESET found was in your System Restore program, lets flush it all out and create a new restore point
System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.
Please follow the steps below to create a clean restore point:
Click Start > Run > copy and paste the following into the run box:
%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.
Then remove all previous Restore Points
Click Start > Run > copy and paste the following into the run box:
cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.
We need to uninstall previous versions of Java and install the latest one, this will help making your computer more secure
Please download JavaRa (http://raproducts.org/click/click.php?id=1) to your desktop and unzip it to its own folder
Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
1. Click Start > Settings > Control Panel.
2. Double-click the Java Plug-in icon in the control panel.
3. Click the Cache tab.
4. Click Clear A confirmation dialog box appears.
5. Click Yes to confirm.
6. Click Apply.
As far as you Icon for your Keyboard, why dont you post here in there windows forum, we all work together so you can link them to this thread if you wish so they can see what we have done.
http://forums.whatthetech.com/index.php?showforum=119
Combofix <---Is not a general cleaning tool, just run it with supervision or you can damage your system
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
I did exactly what you told me to do.
Technically, the virus is gone. I'll monitor the behavior of the computer the next hours to be sure.
OTL did not remove everything. for example, aswmbr.exe, ATF-cleaner.exe, RKHunhookerLE.exe, are still on the desktop. I think I'll just delete them.
ESET installed some component, so do I have to do another scan and when he asks me what to do I check the uninstall component after scan box, in order to uninstall ESET on the computer?
I remembered that I used defogger to disable some thing, but I don't remember what. do I have to reinstall defogger in order to unable whatever he disabled?
about the keyboard icon, I don't know how but it is back in place, here a small pic to let you see what I meant
To avoid these type of root-kit, do I have to have a real-time anti-spyware?
I am getting rid of McAfee, I want to install avira or avast, what is the best between these two? what will you recommend?
Thank You very much ken545!!!!!!
One more thing can you please have a look at this scan from RogueKiller
before I use to have a host file (some 125....) now this is Yp1. is it bad?
RogueKiller V4.3.7 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: NICOU [Admin rights]
Mode: Scan -- Date : 05/09/2011 17:17:09
Bad processes: 0
Registry Entries: 0
HOSTS File:
ÿþ1
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
the previous log from 3 days ago
RogueKiller V4.3.7 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: NICOU [Admin rights]
Mode: Scan -- Date : 05/06/2011 17:09:01
Bad processes: 0
Registry Entries: 0
HOSTS File:
Finished : << RKreport[1].txt >>
RKreport[1].txt
Well, when we ran the OTL fix we reset your hosts file back to Microsoft defaults, so thats fine
As far as Anti Virus software, whatever your comfortable with and like, what one scan finds another may not, there is no silver bullet. But you should only have one so if you install one of the other ones you posted about you need to uninstall McAfee
You can uninstall ESET via Add Remove Programs in the Control Panel
To re-enable your Emulation drivers, double click DeFogger to run the tool.
The application window will appear
Click the Re-enable button to re-enable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
Your Emulation drivers are now re-enabled.
The rest you can just drag to the trash
Anymore questions please post back
ok you answered all the questions except that one:
"I remembered that I used defogger to disable some thing, but I don't remember what. do I have to reinstall defogger in order to unable whatever he disabled?"
other that that so far, everything runs smooth and I'll install one antivirus only.
We crossed post, the enable defogger is in my prior post
Glad all is well :bigthumb:
So the emulation driver is enable, thank you.
i ran spybot and again, click.giftload. I am so afraid I took no action.
I am still sick? I mean the computer, beside that, no redirect so far and no excessive process of svchost
here is the log (it is so long that i can't paste it here but this is the result)
--- Search result list ---
Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe
Do this
Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-
If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg
Run Spybot again and it should be gone
KEN545 YOU'RE GOOD!!!!!
I follow your instruction and the scan came CLEAN!!!!!!!!!!
well I think the machine is back on track. I'll put some protection to surf safer and THANK YOU VERY MUCH ONCE AGAIN KEN545!!!!
WELL DONE!!!!!!
muha:
:bigthumb:
Great, glad things are working well for you again.
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Ken545, please can you look at this thread
http://forums.spybot.info/showthread.php?t=62601
it is another computer and a new thread.
Thank You