View Full Version : Search redirect problem
Michael D
2012-04-21, 21:30
Hi,
Thank you for taking the time to look this over, I am baffled and I don't know really anything about how this stuff works. When I click on a link it takes me to what looks like a advertizement page with additional links on it - I do not remember if I clicked on any of those links but I might have :sad:.
As a sub note and possibly unrelated I bought and installed CyberScrub® Privacy Suite™ 4.2 Professional and it stopped working long before all this happened and when I went to their site and requested a clean download (the program works in a very limited way in that I can scrub individual files but not drives), they wanted to sell me the new version and would not give me the version I purchased because they don't support it. Right now I don't have the money to purchase the new version. I really liked this program but don't know really if it does what it says it does. Like I stated I am a complete novice about this stuff. So if you are allowed to elaborate on this product, I would be interested in how you felt about it... thumbs up, thumbs down... sort of thing. The reason I bring this up and I don't mean to waste your time, but I saw the program on one of the logs and thought about it.
So thank you again, it amazes me how you all can see this stuff in a way and find fixes for these problems. I see by looking over the site that many other people have this very same problem.
I am on a home network - I am renting - where there might be up to 4 other devices on at various times. I don't know enough to be aware if their behavior would influence my computer and the settings or me them. I don't understand traffic and what is allowed in what direction but of course do not want my personal property stored on my computer stolen or just stumbled upon by them or anyone else. Thanks for your help you have my gratitude. I have followed all the instructions and I hope I got everything you need. Thank you and :rockon:
Please notice the attachment and...
Here is the log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.1
Run by Owner at 10:40:50 on 2012-04-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.311 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\office
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212714337317
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212769596000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{77B3BB3A-0FAB-42D1-AB17-77A11E5D8029} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5927AE0-655D-4A43-96BF-CDD9CFAB6835} : DhcpNameServer = 192.168.0.1
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\119ckrol.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-3 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-14 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-14 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-14 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-11 44768]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2008-6-9 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2008-6-9 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2008-6-9 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2008-6-9 10368]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\ct20xut.sys --> c:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\ct20xut.sys --> c:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\cteapsfx.sys --> c:\windows\system32\drivers\CTEAPSFX.SYS [?]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\cteapsfx.sys --> c:\windows\system32\drivers\CTEAPSFX.SYS [?]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\ctedspfx.sys --> c:\windows\system32\drivers\CTEDSPFX.SYS [?]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\ctedspfx.sys --> c:\windows\system32\drivers\CTEDSPFX.SYS [?]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\ctedspio.sys --> c:\windows\system32\drivers\CTEDSPIO.SYS [?]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\ctedspio.sys --> c:\windows\system32\drivers\CTEDSPIO.SYS [?]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\ctedspsy.sys --> c:\windows\system32\drivers\CTEDSPSY.SYS [?]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\ctedspsy.sys --> c:\windows\system32\drivers\CTEDSPSY.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\ctexfifx.sys --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\ctexfifx.sys --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\cthwiut.sys --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\cthwiut.sys --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-6-5 17149]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2008-6-5 362944]
.
=============== Created Last 30 ================
.
2012-04-21 02:45:47 -------- d-----w- c:\program files\PC Tools
2012-04-21 02:30:54 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-21 02:30:54 -------- d-----w- c:\program files\common files\PC Tools
2012-04-21 02:30:10 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-04-21 02:30:09 -------- d-----w- c:\documents and settings\owner\application data\TestApp
2012-03-30 02:19:50 -------- d-----w- c:\program files\iPod
2012-03-30 02:19:35 -------- d-----w- c:\program files\iTunes
2012-03-26 15:41:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-21 05:56:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-13 05:51:22 26112 ----a-w- c:\windows\system32\userinit.exe
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10:44:36.98 ===============
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
First we need to make all files and folders VISIBLE:
Go to start>control panel>folder options>view
Choose to "show hidden files and folders,"
Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
Close the window with OK
---------
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.
Right click and Run as Administrator the aswMBR icon to run it.
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png (http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan.png)
Click the image to enlarge it
----------
Michael D
2012-04-22, 07:18
Hi Jeff,
Thank you for taking my situation on, I really appreciate it very much!
Right now I am having trouble getting to the download page... there is a icon to this program you mention that I downloaded a while back and I did run the scan and it said that access was denied to save it to the desktop - the default was the WINDOWS folder that has a lot of stuff in it. Not sure what to do next. Sorry I am such a pain.
I will try again.
Michael
Michael D
2012-04-22, 09:29
Yep, I am not able to connect to public.avast.com/~gmerek/aswMBR.exe. It takes a long time and when it stops trying it shows this message on Firefox:
The connection was reset
The connection to the server was reset while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.
The scan version I used is aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST software - this is what I had already on my computer desktop.
Here is the log from v0.9.7.675:
aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-21 13:28:50
-----------------------------
13:28:50.500 OS Version: Windows 5.1.2600 Service Pack 3
13:28:50.500 Number of processors: 2 586 0x602
13:28:50.500 ComputerName: MICHAEL-9L4P8YF UserName: Owner
13:28:50.968 Initialize success
13:28:51.500 AVAST engine defs: 11062100
13:29:56.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
13:29:56.015 Disk 0 Vendor: WDC_WD1600JS-19MHB0 02.01C03 Size: 152627MB BusType: 3
13:29:58.062 Disk 0 MBR read successfully
13:29:58.078 Disk 0 MBR scan
13:29:58.453 Disk 0 Windows XP default MBR code
13:30:00.484 Disk 0 scanning sectors +312560640
13:30:00.546 Disk 0 scanning C:\WINDOWS\system32\drivers
13:30:21.250 Service scanning
13:30:22.468 Disk 0 trace - called modules:
13:30:22.500 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:30:22.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8736cab8]
13:30:22.531 3 CLASSPNP.SYS[f760efd7] -> nt!IofCallDriver -> \Device\00000078[0x873c5f18]
13:30:22.546 5 ACPI.sys[f7485620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x873ca350]
13:30:23.671 AVAST engine scan C:\WINDOWS
14:02:35.218 AVAST engine scan C:\Documents and Settings\Owner
14:39:39.859 AVAST engine scan C:\Documents and Settings\All Users
14:44:28.359 Scan finished successfully
16:45:29.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
16:45:29.500 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2012-04-21 22:01:18
-----------------------------
22:01:18.109 OS Version: Windows 5.1.2600 Service Pack 3
22:01:18.109 Number of processors: 2 586 0x602
22:01:18.109 ComputerName: MICHAEL-9L4P8YF UserName: Owner
22:01:20.593 Initialize success
22:01:21.062 AVAST engine defs: 12042101
22:01:23.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
22:01:23.546 Disk 0 Vendor: WDC_WD1600JS-19MHB0 02.01C03 Size: 152627MB BusType: 3
22:01:25.593 Disk 0 MBR read successfully
22:01:25.609 Disk 0 MBR scan
22:01:25.625 Disk 0 Windows XP default MBR code
22:01:27.671 Disk 0 scanning sectors +312560640
22:01:27.703 Disk 0 scanning C:\WINDOWS\system32\drivers
22:01:49.281 Service scanning
22:01:50.578 Disk 0 trace - called modules:
22:01:50.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:01:50.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87342ab8]
22:01:50.625 3 CLASSPNP.SYS[f760efd7] -> nt!IofCallDriver -> \Device\00000079[0x8737c0e0]
22:01:50.656 5 ACPI.sys[f7485620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x873464d0]
22:01:51.031 AVAST engine scan C:\WINDOWS
22:45:09.734 AVAST engine scan C:\Documents and Settings\Owner
22:45:19.718 File: C:\Documents and Settings\Owner\Application Data\Apple Computer\Apple Computer\lfbegkzq.dll **INFECTED** Win32:Malware-gen
22:51:23.875 File: C:\Documents and Settings\Owner\Local Settings\temp\nsf43.tmp\lfbegkzq.dll **INFECTED** Win32:Malware-gen
22:51:24.218 File: C:\Documents and Settings\Owner\Local Settings\temp\nsf43.tmp\sgpeue.dll **INFECTED** Win32:Malware-gen
23:23:48.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
23:23:48.203 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
Michael D
2012-04-22, 09:36
Ok, what a pain I am!
I was able to finally download the latest version and I am running the scan now...
I will post results shortly - wow I amaze myself! :sick:
Michael D
2012-04-22, 10:32
Okay, there might be some redundancy but here is what the log shows...
Thank you for your effort Jeff :cool:
aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-21 13:28:50
-----------------------------
13:28:50.500 OS Version: Windows 5.1.2600 Service Pack 3
13:28:50.500 Number of processors: 2 586 0x602
13:28:50.500 ComputerName: MICHAEL-9L4P8YF UserName: Owner
13:28:50.968 Initialize success
13:28:51.500 AVAST engine defs: 11062100
13:29:56.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
13:29:56.015 Disk 0 Vendor: WDC_WD1600JS-19MHB0 02.01C03 Size: 152627MB BusType: 3
13:29:58.062 Disk 0 MBR read successfully
13:29:58.078 Disk 0 MBR scan
13:29:58.453 Disk 0 Windows XP default MBR code
13:30:00.484 Disk 0 scanning sectors +312560640
13:30:00.546 Disk 0 scanning C:\WINDOWS\system32\drivers
13:30:21.250 Service scanning
13:30:22.468 Disk 0 trace - called modules:
13:30:22.500 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:30:22.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8736cab8]
13:30:22.531 3 CLASSPNP.SYS[f760efd7] -> nt!IofCallDriver -> \Device\00000078[0x873c5f18]
13:30:22.546 5 ACPI.sys[f7485620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x873ca350]
13:30:23.671 AVAST engine scan C:\WINDOWS
14:02:35.218 AVAST engine scan C:\Documents and Settings\Owner
14:39:39.859 AVAST engine scan C:\Documents and Settings\All Users
14:44:28.359 Scan finished successfully
16:45:29.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
16:45:29.500 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2012-04-21 22:01:18
-----------------------------
22:01:18.109 OS Version: Windows 5.1.2600 Service Pack 3
22:01:18.109 Number of processors: 2 586 0x602
22:01:18.109 ComputerName: MICHAEL-9L4P8YF UserName: Owner
22:01:20.593 Initialize success
22:01:21.062 AVAST engine defs: 12042101
22:01:23.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
22:01:23.546 Disk 0 Vendor: WDC_WD1600JS-19MHB0 02.01C03 Size: 152627MB BusType: 3
22:01:25.593 Disk 0 MBR read successfully
22:01:25.609 Disk 0 MBR scan
22:01:25.625 Disk 0 Windows XP default MBR code
22:01:27.671 Disk 0 scanning sectors +312560640
22:01:27.703 Disk 0 scanning C:\WINDOWS\system32\drivers
22:01:49.281 Service scanning
22:01:50.578 Disk 0 trace - called modules:
22:01:50.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:01:50.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87342ab8]
22:01:50.625 3 CLASSPNP.SYS[f760efd7] -> nt!IofCallDriver -> \Device\00000079[0x8737c0e0]
22:01:50.656 5 ACPI.sys[f7485620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x873464d0]
22:01:51.031 AVAST engine scan C:\WINDOWS
22:45:09.734 AVAST engine scan C:\Documents and Settings\Owner
22:45:19.718 File: C:\Documents and Settings\Owner\Application Data\Apple Computer\Apple Computer\lfbegkzq.dll **INFECTED** Win32:Malware-gen
22:51:23.875 File: C:\Documents and Settings\Owner\Local Settings\temp\nsf43.tmp\lfbegkzq.dll **INFECTED** Win32:Malware-gen
22:51:24.218 File: C:\Documents and Settings\Owner\Local Settings\temp\nsf43.tmp\sgpeue.dll **INFECTED** Win32:Malware-gen
23:23:48.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
23:23:48.203 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-21 23:32:19
-----------------------------
23:32:19.765 OS Version: Windows 5.1.2600 Service Pack 3
23:32:19.765 Number of processors: 2 586 0x602
23:32:19.765 ComputerName: MICHAEL-9L4P8YF UserName: Owner
23:32:20.765 Initialize success
23:32:21.890 AVAST engine defs: 12042101
23:32:49.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
23:32:49.218 Disk 0 Vendor: WDC_WD1600JS-19MHB0 02.01C03 Size: 152627MB BusType: 3
23:32:49.296 Disk 0 MBR read successfully
23:32:49.312 Disk 0 MBR scan
23:32:49.328 Disk 0 Windows XP default MBR code
23:32:49.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
23:32:49.406 Disk 0 scanning sectors +312560640
23:32:49.671 Disk 0 scanning C:\WINDOWS\system32\drivers
23:33:49.390 Service scanning
23:34:04.953 Modules scanning
23:34:46.875 Disk 0 trace - called modules:
23:34:46.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:34:46.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87342ab8]
23:34:46.921 3 CLASSPNP.SYS[f760efd7] -> nt!IofCallDriver -> \Device\00000079[0x8737c0e0]
23:34:46.921 5 ACPI.sys[f7485620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x873464d0]
23:34:47.359 AVAST engine scan C:\WINDOWS
23:36:19.984 AVAST engine scan C:\WINDOWS\system32
23:46:58.609 AVAST engine scan C:\WINDOWS\system32\drivers
23:48:31.062 AVAST engine scan C:\Documents and Settings\Owner
23:48:45.796 File: C:\Documents and Settings\Owner\Application Data\Apple Computer\Apple Computer\lfbegkzq.dll **INFECTED** Win32:Malware-gen
23:57:58.250 File: C:\Documents and Settings\Owner\Local Settings\temp\nsf43.tmp\lfbegkzq.dll **INFECTED** Win32:Malware-gen
23:57:58.843 File: C:\Documents and Settings\Owner\Local Settings\temp\nsf43.tmp\sgpeue.dll **INFECTED** Win32:Malware-gen
00:17:19.031 AVAST engine scan C:\Documents and Settings\All Users
00:23:20.546 Scan finished successfully
00:26:34.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\Forum help 4-21-12\MBR.dat"
00:26:34.781 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\Forum help 4-21-12\aswMBR.txt"
Hi,
Please read through these instructions to familarize yourself with what to expect when this tool runs
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
5. If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.
---------
Michael D
2012-04-23, 00:39
Hi Jeff,
Thank you for your help! :thanks:
I got this message from the forum: The text that you have entered is too long (151499 characters). Please shorten it to 64000 characters long.
I attached a zip version to this post and split it into three parts - I hope this is ok.
part I
ComboFix 12-04-22.01 - Owner 04/22/2012 12:56:22.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.630 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\Forum help 4-21-12\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\Recent\Thumbs.db
c:\windows\system32\SET170.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))
.
.
2012-04-21 17:31 . 2012-04-21 17:31 -------- d-----w- c:\program files\ERUNT
2012-04-21 02:45 . 2012-04-21 02:45 -------- d-----w- c:\program files\PC Tools
2012-04-21 02:30 . 2012-04-21 03:23 -------- d-----w- c:\program files\Common Files\PC Tools
2012-04-21 02:30 . 2012-02-24 17:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-21 02:30 . 2012-04-21 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-21 02:30 . 2012-04-21 02:30 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp
2012-03-30 02:19 . 2012-03-30 02:19 -------- d-----w- c:\program files\iPod
2012-03-30 02:19 . 2012-03-30 02:20 -------- d-----w- c:\program files\iTunes
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2010-12-27 09:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2011-06-11 12:26 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-06-11 12:26 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-14 22:17 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-06-14 22:17 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-06-14 22:17 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-06-14 22:17 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-06-14 22:17 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2011-06-14 22:17 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2011-06-14 22:17 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2011-06-14 22:17 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2002-08-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-08-29 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-08-29 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-21 05:56 . 2011-05-14 00:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-13 05:51 . 2002-08-29 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-02-03 09:22 . 2002-08-29 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-03-18 20:06 . 2011-03-23 18:04 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-21_19.41.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-22 19:23 . 2012-04-22 19:23 16384 c:\windows\Temp\Perflib_Perfdata_7ac.dat
+ 2007-01-29 08:58 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2002-08-29 12:00 . 2012-04-12 13:14 72332 c:\windows\system32\perfc009.dat
+ 2002-08-29 12:00 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2002-08-29 12:00 . 2011-09-26 18:41 20480 c:\windows\system32\oleaccrc.dll
- 2002-08-29 12:00 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
+ 2002-08-29 12:00 . 2012-03-01 11:01 66560 c:\windows\system32\mshtmled.dll
- 2007-08-14 01:54 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 01:54 . 2012-03-01 11:01 55296 c:\windows\system32\msfeedsbs.dll
- 2002-08-29 12:00 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2002-08-29 12:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
+ 2002-08-29 12:00 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll
- 2002-08-29 12:00 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
+ 2012-03-30 02:13 . 2012-02-15 18:01 43520 c:\windows\system32\DRVSTORE\usbaapl_87F84F5DA3368BC69CA5BE7F6A79CAA709E36E13\usbaapl.sys
+ 2011-10-14 03:29 . 2011-05-10 15:06 18432 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys
+ 2002-08-29 12:00 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
- 2011-06-10 23:41 . 2011-05-25 09:00 64512 c:\windows\system32\drivers\Lbd.sys
+ 2011-11-03 20:06 . 2011-11-03 20:06 64512 c:\windows\system32\drivers\Lbd.sys
+ 2011-08-31 06:05 . 2011-08-31 06:05 73064 c:\windows\system32\dnssd.dll
+ 2011-08-31 06:05 . 2011-08-31 06:05 83816 c:\windows\system32\dns-sd.exe
- 2009-06-10 03:19 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-10 03:19 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2002-08-29 12:00 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2002-08-29 12:00 . 2011-09-26 18:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2011-08-11 06:26 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
+ 2007-01-04 13:36 . 2012-03-01 11:01 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-01-04 13:36 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-06-06 03:30 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-06-06 03:30 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2002-08-29 12:00 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2002-08-29 12:00 . 2008-04-14 00:11 23040 c:\windows\system32\dllcache\mciseq.dll
- 2002-08-29 12:00 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2002-08-29 12:00 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2002-08-29 12:00 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2002-08-29 12:00 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2002-08-29 12:00 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
- 2002-08-29 12:00 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2008-06-05 23:52 . 2012-04-16 06:34 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-05 23:52 . 2011-06-21 18:49 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-05 23:52 . 2011-06-21 18:49 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-05 23:52 . 2012-04-16 06:34 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-06-23 22:00 . 2012-04-16 06:34 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-12-25 11:49 . 2011-12-25 11:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-09-23 22:55 . 2010-09-23 22:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 19:07 . 2011-12-25 19:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 06:55 . 2011-12-25 06:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-25 06:55 . 2011-12-25 06:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-25 06:55 . 2011-12-25 06:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-09-23 10:17 . 2010-09-23 10:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 07:49 . 2011-12-25 07:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-09-23 10:17 . 2010-09-23 10:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-12-25 07:49 . 2011-12-25 07:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-06-29 03:12 . 2011-06-29 03:12 19968 c:\windows\Installer\42f2dc1.msi
- 2011-06-18 08:16 . 2011-06-18 08:16 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-12-14 05:38 . 2011-12-14 05:38 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2008-06-06 15:54 . 2011-06-18 08:14 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-06 15:54 . 2012-04-12 13:04 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-06 15:54 . 2012-04-12 13:04 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-06-06 15:54 . 2011-06-18 08:14 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-06-06 15:54 . 2011-06-18 08:14 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-06 15:54 . 2012-04-12 13:04 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-06-06 15:54 . 2011-06-18 08:14 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-06 15:54 . 2012-04-12 13:04 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-07-09 10:40 . 2011-07-09 10:40 25214 c:\windows\Installer\{7D15B945-2725-4443-AB3F-D900556612FE}\_6FEFF9B68218417F98F549.exe
+ 2011-10-08 01:02 . 2011-10-08 01:02 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2012-02-02 03:48 . 2012-02-02 03:48 75656 c:\windows\Installer\{686695ED-BB3F-415D-B0DB-18CF535F7B50}\ProductName.chm.de_D066A77819B7480BA99CC79FB02C9357.exe
+ 2012-02-02 03:48 . 2012-02-02 03:48 75656 c:\windows\Installer\{686695ED-BB3F-415D-B0DB-18CF535F7B50}\DriverDetective.pt_6CF114D33913468CBA2AA6967939B819.exe
+ 2012-02-02 03:48 . 2012-02-02 03:48 75656 c:\windows\Installer\{686695ED-BB3F-415D-B0DB-18CF535F7B50}\DriverDetective.it_251B66F1CA924E82A1EE29E85D5EC5A1.exe
+ 2012-02-02 03:48 . 2012-02-02 03:48 75656 c:\windows\Installer\{686695ED-BB3F-415D-B0DB-18CF535F7B50}\DriverDetective.fr_E1678746353A46E3A9150D3E8B3832B1.exe
+ 2012-02-02 03:48 . 2012-02-02 03:48 75656 c:\windows\Installer\{686695ED-BB3F-415D-B0DB-18CF535F7B50}\DriverDetective.es_654C8EA5162D4D4084239A5EDD67F462.exe
+ 2012-01-03 17:45 . 2012-01-03 17:45 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\ViewerPS.dll
+ 2012-01-04 06:51 . 2012-01-04 06:51 37296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\reader_sl.exe
+ 2012-01-03 17:44 . 2012-01-03 17:44 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\PDFPrevHndlr.dll
+ 2012-01-04 06:15 . 2012-01-04 06:15 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\eula.exe
+ 2012-01-04 05:52 . 2012-01-04 05:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrotextextractor.exe
+ 2012-01-03 16:19 . 2012-01-03 16:19 16824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32Info.exe
+ 2012-01-03 16:16 . 2012-01-03 16:16 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acroiehelpershim.dll
+ 2012-01-03 16:16 . 2012-01-03 16:16 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroIEHelper.dll
+ 2012-04-12 13:20 . 2011-12-17 19:46 12800 c:\windows\ie8updates\KB2675157-IE8\xpshims.dll
+ 2012-04-12 13:19 . 2011-12-17 19:46 66560 c:\windows\ie8updates\KB2675157-IE8\mshtmled.dll
+ 2012-04-12 13:19 . 2011-12-17 19:46 55296 c:\windows\ie8updates\KB2675157-IE8\msfeedsbs.dll
+ 2012-04-12 13:19 . 2011-12-17 19:46 43520 c:\windows\ie8updates\KB2675157-IE8\licmgr10.dll
+ 2012-04-12 13:19 . 2011-12-17 19:46 25600 c:\windows\ie8updates\KB2675157-IE8\jsproxy.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2011-12-14 05:39 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2011-12-14 05:38 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2011-12-14 05:38 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2011-12-14 05:38 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2011-12-14 05:38 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2011-10-13 05:22 . 2011-06-23 18:36 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll
+ 2011-10-13 05:22 . 2011-06-23 18:36 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll
+ 2011-10-13 05:22 . 2011-06-23 18:36 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll
+ 2011-10-13 05:22 . 2011-06-23 18:36 43520 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll
+ 2011-10-13 05:22 . 2011-06-23 18:36 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll
+ 2011-08-12 18:45 . 2011-04-25 16:11 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-08-12 18:45 . 2011-04-25 16:11 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-08-12 18:45 . 2011-04-25 16:11 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-08-12 18:45 . 2011-04-25 16:11 43520 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-08-12 18:45 . 2011-04-25 16:11 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2012-01-08 22:11 . 2012-01-08 22:11 81920 c:\windows\assembly\tmp\AD6DGJMB\System.Drawing.Design.dll
+ 2012-01-08 22:14 . 2012-01-08 22:14 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_adccf198\System.Drawing.Design.dll
+ 2012-04-12 13:17 . 2012-04-12 13:17 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_4ba78832\System.Drawing.Design.dll
+ 2012-01-08 22:14 . 2012-01-08 22:14 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7ce43d99\CustomMarshalers.dll
+ 2011-10-13 05:34 . 2011-10-13 05:34 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
+ 2012-02-16 20:52 . 2012-02-16 20:52 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-04-12 13:49 . 2012-04-12 13:49 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\36124bfc4baaa1c2063d699e77324080\System.Web.DynamicData.Design.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-10-13 08:28 . 2011-10-13 08:28 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2012-02-16 19:39 . 2012-02-16 19:39 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-02-16 19:39 . 2012-02-16 19:39 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
+ 2011-10-13 08:28 . 2011-10-13 08:28 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9855d3fb15e6c63a811b1f0b66d78428\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2011-10-13 08:28 . 2011-10-13 08:28 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7618f444d33b1311e952ba9285e4a4b2\Microsoft.PowerShell.Security.resources.ni.dll
+ 2011-10-13 07:12 . 2011-10-13 07:12 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1b23e2c0707d81e7eb14f78552562635\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2011-10-13 08:28 . 2011-10-13 08:28 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05bbffbe100ede49139819641a41dfda\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2011-10-13 07:11 . 2011-10-13 07:11 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2011-10-13 07:11 . 2011-10-13 07:11 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2011-10-13 07:11 . 2011-10-13 07:11 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2011-10-13 06:55 . 2011-10-13 06:55 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-04-12 13:12 . 2012-04-12 13:12 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-07 21:20 . 2010-10-07 21:20 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-08 22:14 . 2012-01-08 22:14 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-12-14 05:37 . 2011-07-08 13:49 46080 c:\windows\$NtUninstallKB2633952$\tzchange.exe
+ 2011-12-14 05:37 . 2011-11-08 14:58 16896 c:\windows\$NtUninstallKB2633952$\spuninst\tzchange.dll
+ 2011-12-14 05:37 . 2011-04-26 11:07 33280 c:\windows\$NtUninstallKB2620712$\csrsrv.dll
+ 2012-01-14 01:29 . 2008-04-14 00:11 23040 c:\windows\$NtUninstallKB2598479$\mciseq.dll
+ 2012-01-14 01:29 . 2008-04-14 00:12 58368 c:\windows\$NtUninstallKB2584146$\packager.exe
+ 2011-08-27 23:30 . 2010-11-03 13:12 46080 c:\windows\$NtUninstallKB2570791$\tzchange.exe
+ 2011-08-27 23:30 . 2011-07-09 00:32 16896 c:\windows\$NtUninstallKB2570791$\spuninst\tzchange.dll
+ 2011-08-11 06:55 . 2008-04-13 18:57 10112 c:\windows\$NtUninstallKB2566454$\ndistapi.sys
+ 2011-10-13 05:30 . 2002-08-29 12:00 16896 c:\windows\$NtUninstallKB2564958$\oleaccrc.dll
+ 2011-07-13 06:16 . 2010-12-09 14:30 33280 c:\windows\$NtUninstallKB2507938$\csrsrv.dll
+ 2012-02-16 19:23 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2661637\update\spcustom.dll
+ 2012-02-16 19:23 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2661637\spmsg.dll
+ 2012-02-16 19:25 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2660465\update\spcustom.dll
+ 2012-02-16 19:25 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2660465\spmsg.dll
+ 2012-03-15 04:12 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2647518\update\spcustom.dll
+ 2012-03-15 04:12 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2647518\spmsg.dll
+ 2012-02-16 19:25 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2647516-IE8\update\spcustom.dll
+ 2012-02-16 19:25 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2647516-IE8\spmsg.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 12800 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\xpshims.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 66560 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\mshtmled.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 55296 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\msfeedsbs.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 43520 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\licmgr10.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 25600 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\jsproxy.dll
+ 2012-01-14 01:37 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2646524\update\spcustom.dll
+ 2012-01-14 01:37 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2646524\spmsg.dll
+ 2011-11-12 22:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2641690\update\spcustom.dll
+ 2011-11-12 22:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2641690\spmsg.dll
+ 2012-03-15 04:17 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2641653\update\spcustom.dll
+ 2012-03-15 04:17 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2641653\spmsg.dll
+ 2011-12-14 05:36 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2639417\update\spcustom.dll
+ 2011-12-14 05:36 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2639417\spmsg.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2633171\update\spcustom.dll
+ 2011-12-14 05:29 . 2011-10-26 10:50 16896 c:\windows\$hf_mig$\KB2633171\update\mpsyschk.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2633171\spmsg.dll
+ 2012-01-14 01:36 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2631813\update\spcustom.dll
+ 2012-01-14 01:36 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2631813\spmsg.dll
+ 2011-12-14 05:36 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2624667\update\spcustom.dll
+ 2011-12-14 05:36 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2624667\spmsg.dll
+ 2012-03-15 04:13 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2621440\update\spcustom.dll
+ 2012-03-15 04:13 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2621440\spmsg.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2620712\update\spcustom.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2620712\spmsg.dll
+ 2011-10-28 05:31 . 2011-10-28 05:31 33280 c:\windows\$hf_mig$\KB2620712\SP3QFE\csrsrv.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2619339\update\spcustom.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2619339\spmsg.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2618451\update\spcustom.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2618451\spmsg.dll
+ 2011-12-14 05:39 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2618444-IE8\update\spcustom.dll
+ 2011-12-14 05:39 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2618444-IE8\spmsg.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 12800 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\xpshims.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 66560 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtmled.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 55296 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\msfeedsbs.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 43520 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\licmgr10.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 25600 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\jsproxy.dll
+ 2011-09-16 04:18 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2616676\update\spcustom.dll
+ 2011-09-16 04:18 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2616676\spmsg.dll
+ 2011-09-06 23:25 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2607712\update\spcustom.dll
+ 2011-09-06 23:25 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2607712\spmsg.dll
+ 2012-01-14 01:29 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2603381\update\spcustom.dll
+ 2012-01-14 01:29 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2603381\spmsg.dll
+ 2012-01-14 01:29 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2598479\update\spcustom.dll
+ 2012-01-14 01:29 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2598479\spmsg.dll
+ 2011-10-14 14:45 . 2011-10-14 14:45 23040 c:\windows\$hf_mig$\KB2598479\SP3QFE\mciseq.dll
+ 2011-10-13 05:23 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2592799\update\spcustom.dll
+ 2011-10-13 05:23 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2592799\spmsg.dll
+ 2011-10-13 05:22 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2586448-IE8\update\spcustom.dll
+ 2011-10-13 05:22 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2586448-IE8\spmsg.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 12800 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\xpshims.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 66560 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtmled.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 55296 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\msfeedsbs.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 43520 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\licmgr10.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 25600 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\jsproxy.dll
+ 2012-01-22 23:18 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2585542\update\spcustom.dll
+ 2012-01-22 23:18 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2585542\spmsg.dll
+ 2012-01-14 01:29 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2584146\update\spcustom.dll
+ 2012-01-14 01:29 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2584146\spmsg.dll
+ 2011-11-18 12:41 . 2011-11-18 12:41 60416 c:\windows\$hf_mig$\KB2584146\SP3QFE\packager.exe
+ 2011-09-16 04:12 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2570947\update\spcustom.dll
+ 2011-09-16 04:12 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2570947\spmsg.dll
+ 2011-08-11 06:58 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2570222\update\spcustom.dll
+ 2011-08-11 06:58 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2570222\spmsg.dll
+ 2011-08-11 06:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2567680\update\spcustom.dll
+ 2011-08-11 06:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2567680\spmsg.dll
+ 2011-10-13 05:23 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2567053\update\spcustom.dll
+ 2011-10-13 05:23 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2567053\spmsg.dll
+ 2011-08-11 06:55 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2566454\update\spcustom.dll
+ 2011-08-11 06:55 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2566454\spmsg.dll
+ 2011-08-11 06:26 . 2011-07-08 13:51 10496 c:\windows\$hf_mig$\KB2566454\SP3QFE\ndistapi.sys
+ 2011-08-11 06:55 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2562937\update\spcustom.dll
+ 2011-08-11 06:55 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2562937\spmsg.dll
+ 2011-08-12 18:45 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2559049-IE8\update\spcustom.dll
+ 2011-08-12 18:45 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2559049-IE8\spmsg.dll
+ 2011-08-12 17:50 . 2011-06-23 18:33 12800 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\xpshims.dll
+ 2011-08-12 17:50 . 2011-06-23 18:33 66560 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtmled.dll
+ 2011-08-12 17:50 . 2011-06-23 18:33 55296 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\msfeedsbs.dll
+ 2011-08-12 17:50 . 2011-06-23 18:33 43520 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\licmgr10.dll
+ 2011-08-12 17:50 . 2011-06-23 18:33 25600 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\jsproxy.dll
+ 2011-07-13 06:11 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2555917\update\spcustom.dll
+ 2011-07-13 06:11 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2555917\spmsg.dll
+ 2011-11-10 07:44 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544893-v2\update\spcustom.dll
+ 2011-11-10 07:44 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544893-v2\spmsg.dll
+ 2011-06-29 03:11 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2541763\update\spcustom.dll
+ 2011-06-29 03:11 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2541763\spmsg.dll
+ 2011-08-11 06:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2536276-v2\update\spcustom.dll
+ 2011-08-11 06:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2536276-v2\spmsg.dll
+ 2011-07-13 06:16 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2507938\update\spcustom.dll
+ 2011-07-13 06:16 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2507938\spmsg.dll
+ 2011-04-26 11:02 . 2011-04-26 11:02 33280 c:\windows\$hf_mig$\KB2507938\SP3QFE\csrsrv.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-16 14:37 . 2012-01-11 19:06 3072 c:\windows\system32\iacenc.dll
+ 2012-02-16 14:37 . 2012-01-11 19:06 3072 c:\windows\system32\dllcache\iacenc.dll
+ 2008-06-06 15:54 . 2012-04-12 13:04 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-06-06 15:54 . 2011-06-18 08:14 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2011-06-18 08:20 . 2011-06-18 08:20 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-06-18 08:21 . 2011-06-18 08:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-02-16 14:37 . 2012-01-11 19:05 3072 c:\windows\$hf_mig$\KB2661637\SP3QFE\iacenc.dll
+ 2012-01-11 19:18 . 2011-11-03 18:17 4608 c:\windows\$hf_mig$\KB2603381\update\customaddreg.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-07-12 07:02 . 2009-07-12 07:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-12 07:02 . 2009-07-12 07:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 08:05 . 2009-07-12 08:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-12 07:05 . 2009-07-12 07:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2009-07-12 07:02 . 2009-07-12 07:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-12 06:11 . 2009-07-12 06:11 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll
- 2009-07-12 05:11 . 2009-07-12 05:11 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll
+ 2009-07-12 06:11 . 2009-07-12 06:11 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll
- 2009-07-12 05:11 . 2009-07-12 05:11 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll
+ 2009-07-12 06:14 . 2009-07-12 06:14 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll
- 2009-07-12 05:14 . 2009-07-12 05:14 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll
+ 2009-07-12 06:11 . 2009-07-12 06:11 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll
- 2009-07-12 05:11 . 2009-07-12 05:11 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll
+ 2002-08-29 12:00 . 2011-11-25 21:57 293376 c:\windows\system32\winsrv.dll
- 2002-08-29 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
- 2002-08-29 12:00 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
+ 2002-08-29 12:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
+ 2008-06-06 01:10 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
- 2008-06-06 01:10 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
- 2002-08-29 12:00 . 2009-03-08 11:34 105984 c:\windows\system32\url.dll
+ 2002-08-29 12:00 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll
+ 2008-07-30 02:59 . 2011-09-26 18:41 611328 c:\windows\system32\uiautomationcore.dll
+ 2002-08-29 12:00 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
+ 2002-08-29 12:00 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
- 2002-08-29 12:00 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
+ 2002-08-29 12:00 . 2012-04-12 13:14 444456 c:\windows\system32\perfh009.dat
+ 2002-08-29 12:00 . 2011-09-26 18:41 220160 c:\windows\system32\oleacc.dll
- 2002-08-29 12:00 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
+ 2002-08-29 12:00 . 2012-03-01 11:01 206848 c:\windows\system32\occache.dll
+ 2012-01-27 08:33 . 2011-11-09 03:56 637848 c:\windows\system32\npdeployJava1.dll
+ 2002-08-29 12:00 . 2012-03-01 11:01 611840 c:\windows\system32\mstime.dll
- 2002-08-29 12:00 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
- 2007-08-14 01:54 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
+ 2007-08-14 01:54 . 2012-03-01 11:01 602112 c:\windows\system32\msfeeds.dll
+ 2012-02-21 05:56 . 2012-02-21 05:56 250016 c:\windows\system32\Macromed\Flash\FlashUtil11f_Plugin.exe
+ 2011-11-14 19:20 . 2011-11-14 19:20 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2012-01-27 08:33 . 2011-11-09 03:56 223112 c:\windows\system32\javaws.exe
+ 2012-01-27 08:33 . 2012-01-27 08:33 173960 c:\windows\system32\javaw.exe
+ 2012-01-27 08:33 . 2012-01-27 08:33 173960 c:\windows\system32\java.exe
- 2008-06-05 23:49 . 2011-05-02 15:31 692736 c:\windows\system32\inetcomm.dll
+ 2008-06-05 23:49 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
- 2002-08-29 12:00 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
+ 2002-08-29 12:00 . 2012-03-01 11:01 184320 c:\windows\system32\iepeers.dll
+ 2002-08-29 12:00 . 2012-03-01 11:01 387584 c:\windows\system32\iedkcs32.dll
- 2002-08-29 12:00 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
+ 2002-08-29 12:00 . 2012-02-29 12:17 174080 c:\windows\system32\ie4uinit.exe
- 2008-06-05 16:06 . 2011-04-15 05:20 153976 c:\windows\system32\FNTCACHE.DAT
+ 2008-06-05 16:06 . 2012-03-15 08:58 153976 c:\windows\system32\FNTCACHE.DAT
- 2002-08-29 12:00 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll
+ 2002-08-29 12:00 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll
+ 2010-07-07 05:35 . 2011-07-01 00:04 101720 c:\windows\system32\drivers\SBREDrv.sys
+ 2008-06-05 23:47 . 2012-01-09 16:20 139784 c:\windows\system32\drivers\rdpwd.sys
+ 2002-08-29 12:00 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
- 2002-08-29 12:00 . 2011-04-29 16:19 456320 c:\windows\system32\drivers\mrxsmb.sys
- 2002-08-29 12:00 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
+ 2002-08-29 12:00 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2007-01-04 13:37 . 2012-03-01 11:01 916992 c:\windows\system32\dllcache\wininet.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
- 2007-08-14 01:44 . 2009-03-08 11:34 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-14 01:44 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-08-11 06:27 . 2012-01-09 16:20 139784 c:\windows\system32\dllcache\rdpwd.sys
+ 2002-08-29 12:00 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
- 2002-08-29 12:00 . 2008-04-14 00:12 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2002-08-29 12:00 . 2011-09-26 18:41 220160 c:\windows\system32\dllcache\oleacc.dll
- 2007-08-14 01:44 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-14 01:44 . 2012-03-01 11:01 206848 c:\windows\system32\dllcache\occache.dll
- 2002-08-29 12:00 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
+ 2002-08-29 12:00 . 2012-03-01 11:01 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-06-06 03:30 . 2012-03-01 11:01 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2008-06-06 03:30 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-12 02:10 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
- 2008-11-12 02:10 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-08-13 06:37 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2008-08-13 06:37 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
+ 2009-06-10 03:19 . 2012-03-01 11:01 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-10 03:19 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2007-01-04 13:36 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-01-04 13:36 . 2012-03-01 11:01 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-14 16:10 . 2012-03-01 11:01 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-14 16:10 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2007-08-14 01:39 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 01:39 . 2012-03-01 11:01 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 01:39 . 2012-02-29 12:17 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2002-08-29 12:00 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2002-08-29 12:00 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
+ 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
- 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
+ 2011-06-22 02:10 . 2011-11-09 03:56 567184 c:\windows\system32\deployJava1.dll
+ 2011-09-19 00:03 . 2011-09-19 00:03 262144 c:\windows\system32\default_user_class.dat
- 2002-08-29 12:00 . 2008-04-14 00:11 599040 c:\windows\system32\crypt32.dll
+ 2002-08-29 12:00 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
Michael D
2012-04-23, 00:43
Part II
+ 2011-12-25 11:49 . 2011-12-25 11:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-01-31 10:38 . 2012-01-31 10:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2011-03-25 13:15 . 2011-03-25 13:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-03-25 13:15 . 2011-03-25 13:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-01-28 00:35 . 2012-01-28 00:35 471040 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2011-12-25 06:55 . 2011-12-25 06:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-09-23 09:25 . 2010-09-23 09:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2011-12-25 06:53 . 2011-12-25 06:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2011-12-25 07:49 . 2011-12-25 07:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2010-09-23 10:17 . 2010-09-23 10:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2012-02-03 06:56 . 2012-02-03 06:56 963584 c:\windows\Installer\a75c4.msp
+ 2011-12-25 13:40 . 2011-12-25 13:40 819200 c:\windows\Installer\802256.msp
+ 2011-06-22 03:11 . 2011-06-22 03:11 261632 c:\windows\Installer\35e02f.msi
+ 2012-01-27 08:37 . 2012-01-27 08:37 101376 c:\windows\Installer\35843cc.msi
+ 2012-01-27 08:37 . 2012-01-27 08:37 375808 c:\windows\Installer\35843c8.msi
+ 2012-01-27 08:35 . 2012-01-27 08:35 176128 c:\windows\Installer\35843c4.msi
+ 2012-01-27 08:32 . 2012-01-27 08:32 938496 c:\windows\Installer\35843b6.msi
+ 2012-01-27 08:24 . 2012-01-27 08:24 519168 c:\windows\Installer\35843af.msi
+ 2012-04-21 17:00 . 2012-04-21 17:00 552448 c:\windows\Installer\24d783.msi
+ 2011-06-22 02:10 . 2011-06-22 02:10 677376 c:\windows\Installer\18f3647.msi
- 2008-06-06 15:54 . 2011-06-18 08:14 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-06 15:54 . 2012-04-12 13:04 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-06-06 15:54 . 2011-06-18 08:14 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-06 15:54 . 2012-04-12 13:04 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-06-06 15:54 . 2011-06-18 08:14 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-06-06 15:54 . 2012-04-12 13:04 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-06-06 15:54 . 2011-06-18 08:14 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-06 15:54 . 2012-04-12 13:04 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-06-06 15:54 . 2011-06-18 08:14 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-06 15:54 . 2012-04-12 13:04 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2012-03-30 02:22 . 2012-03-30 02:22 380928 c:\windows\Installer\{23B8A91D-680B-462B-87AD-3D70F7341731}\iTunesIco.exe
+ 2012-01-03 16:23 . 2012-01-03 16:23 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\pdfshell.dll
+ 2012-01-03 17:44 . 2012-01-03 17:44 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\PDFPrevHndlrShim.exe
+ 2012-01-03 16:22 . 2012-01-03 16:22 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\nppdf32.dll
+ 2012-01-03 17:43 . 2012-01-03 17:43 550360 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AdobeCollabSync.exe
+ 2012-01-03 16:40 . 2012-01-03 16:40 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRdIF.dll
+ 2012-01-04 06:50 . 2012-01-04 06:50 357808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.exe
+ 2012-01-03 16:16 . 2012-01-03 16:16 665008 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroPDF.dll
+ 2012-01-03 17:38 . 2012-01-03 17:38 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrobroker.exe
+ 2012-01-03 17:08 . 2012-01-03 17:08 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\a3dutility.exe
+ 2011-01-14 14:10 . 2011-01-14 14:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 14:10 . 2011-01-14 14:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2012-04-12 13:19 . 2011-12-17 19:46 916992 c:\windows\ie8updates\KB2675157-IE8\wininet.dll
+ 2012-04-12 13:19 . 2011-12-17 19:46 105984 c:\windows\ie8updates\KB2675157-IE8\url.dll
+ 2012-04-12 13:20 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2675157-IE8\spuninst\updspapi.dll
+ 2012-04-12 13:20 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2675157-IE8\spuninst\spuninst.exe
+ 2012-04-12 13:19 . 2011-12-17 19:46 206848 c:\windows\ie8updates\KB2675157-IE8\occache.dll
+ 2012-04-12 13:19 . 2011-12-17 19:46 611840 c:\windows\ie8updates\KB2675157-IE8\mstime.dll
+ 2012-04-12 13:19 . 2011-12-17 19:46 602112 c:\windows\ie8updates\KB2675157-IE8\msfeeds.dll
+ 2012-04-12 13:20 . 2011-12-17 19:46 247808 c:\windows\ie8updates\KB2675157-IE8\ieproxy.dll
+ 2012-04-12 13:19 . 2011-12-17 19:46 184320 c:\windows\ie8updates\KB2675157-IE8\iepeers.dll
+ 2012-04-12 13:20 . 2011-12-17 19:46 743424 c:\windows\ie8updates\KB2675157-IE8\iedvtool.dll
+ 2012-04-12 13:20 . 2011-12-17 19:46 387584 c:\windows\ie8updates\KB2675157-IE8\iedkcs32.dll
+ 2012-04-12 13:20 . 2011-12-16 12:23 174080 c:\windows\ie8updates\KB2675157-IE8\ie4uinit.exe
+ 2012-02-16 19:25 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
+ 2012-02-16 19:25 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
+ 2012-02-16 19:25 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
+ 2012-02-16 19:25 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
+ 2012-02-16 19:25 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
+ 2011-12-14 05:38 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2011-12-14 05:38 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2011-12-14 05:39 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2011-12-14 05:39 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2011-12-14 05:38 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2011-12-14 05:38 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2011-12-14 05:38 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2011-12-14 05:39 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2011-12-14 05:38 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2011-12-14 05:39 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2011-12-14 05:38 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2011-12-14 05:38 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2011-10-13 05:22 . 2011-06-23 18:36 916480 c:\windows\ie8updates\KB2586448-IE8\wininet.dll
+ 2011-10-13 05:22 . 2011-06-23 18:36 105984 c:\windows\ie8updates\KB2586448-IE8\url.dll
+ 2011-10-13 05:22 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2586448-IE8\spuninst\updspapi.dll
+ 2011-10-13 05:22 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2586448-IE8\spuninst\spuninst.exe
+ 2011-10-13 05:22 . 2011-06-23 18:36 206848 c:\windows\ie8updates\KB2586448-IE8\occache.dll
+ 2011-10-13 05:22 . 2011-06-23 18:36 611840 c:\windows\ie8updates\KB2586448-IE8\mstime.dll
+ 2011-10-13 05:22 . 2011-06-23 18:36 602112 c:\windows\ie8updates\KB2586448-IE8\msfeeds.dll
+ 2011-10-13 05:22 . 2011-06-23 18:36 247808 c:\windows\ie8updates\KB2586448-IE8\ieproxy.dll
+ 2011-10-13 05:22 . 2011-06-23 18:36 184320 c:\windows\ie8updates\KB2586448-IE8\iepeers.dll
+ 2011-10-13 05:22 . 2011-06-23 18:36 743424 c:\windows\ie8updates\KB2586448-IE8\iedvtool.dll
+ 2011-10-13 05:22 . 2011-06-23 18:36 387584 c:\windows\ie8updates\KB2586448-IE8\iedkcs32.dll
+ 2011-10-13 05:22 . 2011-06-23 12:05 173568 c:\windows\ie8updates\KB2586448-IE8\ie4uinit.exe
+ 2011-08-12 18:45 . 2011-04-25 16:11 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-08-12 18:45 . 2009-03-08 11:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-08-12 18:45 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-08-12 18:45 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-08-12 18:45 . 2011-04-25 16:11 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-08-12 18:45 . 2011-04-25 16:11 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-08-12 18:45 . 2011-04-25 16:11 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-08-12 18:45 . 2011-04-25 16:11 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-08-12 18:45 . 2011-04-25 16:11 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-08-12 18:45 . 2011-04-25 16:11 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-08-12 18:45 . 2011-04-25 16:11 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-08-12 18:45 . 2011-04-25 12:01 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
+ 2012-04-22 19:27 . 2012-04-22 19:27 311296 c:\windows\ERDNT\AutoBackup\4-22-2012\Users\00000002\UsrClass.dat
+ 2012-04-22 19:27 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\4-22-2012\ERDNT.EXE
+ 2012-04-21 17:38 . 2005-10-20 19:02 163328 c:\windows\ERDNT\4-21-2012\ERDNT.EXE
- 2008-11-12 02:10 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-12 02:10 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2012-02-16 19:38 . 2012-02-16 19:38 970752 c:\windows\assembly\tmp\Q7SVCLO5\System.Deployment.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 970752 c:\windows\assembly\tmp\CXEHK9GJ\System.Deployment.dll
+ 2012-04-12 13:18 . 2012-04-12 13:18 843776 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_a15497db\System.Drawing.dll
+ 2012-01-08 22:15 . 2012-01-08 22:15 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_43f18000\System.Drawing.dll
+ 2012-01-08 22:15 . 2012-01-08 22:15 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b4c0e1be\System.Drawing.Design.dll
+ 2012-04-12 13:18 . 2012-04-12 13:18 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_367443ec\System.Drawing.Design.dll
+ 2012-01-08 22:15 . 2012-01-08 22:15 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_aea81f98\CustomMarshalers.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-04-12 13:22 . 2012-04-12 13:22 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\5be064066858620a8aa628fca459a888\WindowsFormsIntegration.ni.dll
+ 2011-10-13 05:34 . 2011-10-13 05:34 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
+ 2012-02-16 19:41 . 2012-02-16 19:41 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
+ 2012-02-16 20:52 . 2012-02-16 20:52 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-04-12 13:49 . 2012-04-12 13:49 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1107b3a711bab40c83e2561ba2431d62\System.Web.Routing.ni.dll
+ 2012-02-16 20:52 . 2012-02-16 20:52 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-04-12 13:49 . 2012-04-12 13:49 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d7c8c294920cfe79765215e242308d28\System.Web.Extensions.Design.ni.dll
+ 2012-04-12 13:49 . 2012-04-12 13:49 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\5176923a8264305118a299419e1c7bde\System.Web.Entity.ni.dll
+ 2012-04-12 13:49 . 2012-04-12 13:49 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d746c0f0ed36226efb2e0115de42cdd6\System.Web.Entity.Design.ni.dll
+ 2012-04-12 13:49 . 2012-04-12 13:49 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\df5542604898c9ea3fda32c8619ae0e5\System.Web.DynamicData.ni.dll
+ 2012-04-12 13:49 . 2012-04-12 13:49 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\b9c8715157536097b489132574ad5c17\System.Web.Abstractions.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-04-12 13:49 . 2012-04-12 13:49 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2011-10-13 08:30 . 2011-10-13 08:30 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\5d6a0e02b8e1cff94d07d2507667edc7\System.Management.Automation.resources.ni.dll
+ 2012-02-16 20:48 . 2012-02-16 20:48 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-02-16 20:48 . 2012-02-16 20:48 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-04-12 13:20 . 2012-04-12 13:20 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\cc2cd3bc46c9c2b30e47281e404a3230\System.Drawing.Design.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-02-16 20:50 . 2012-02-16 20:50 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-02-16 20:49 . 2012-02-16 20:49 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-02-16 19:40 . 2012-02-16 19:40 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
+ 2012-02-16 19:40 . 2012-02-16 19:40 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
+ 2012-02-16 19:40 . 2012-02-16 19:40 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
+ 2012-02-16 19:40 . 2012-02-16 19:40 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-02-16 20:49 . 2012-02-16 20:49 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fb938a1d399e2cfca2304bdca4fe76dc\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8a25afef0d57ac430ba392595eba639f\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\875af0c2a5e8a4bed88232b6f445cfaa\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-04-12 13:48 . 2012-04-12 13:48 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3e041a29f5dfd7b1063478673fff4376\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-10-13 07:11 . 2011-10-13 07:11 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2012-02-16 20:48 . 2012-02-16 20:48 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-04-12 13:48 . 2012-04-12 13:48 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\8d6cd6a93f679608d52b6c874088b963\AspNetMMCExt.ni.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-04-12 13:12 . 2012-04-12 13:12 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-12 13:17 . 2012-04-12 13:17 471040 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-16 19:23 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2661637$\spuninst\updspapi.dll
+ 2012-02-16 19:23 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2661637$\spuninst\spuninst.exe
+ 2012-02-16 19:25 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2660465$\spuninst\updspapi.dll
+ 2012-02-16 19:25 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2660465$\spuninst\spuninst.exe
+ 2012-03-15 04:12 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2647518$\spuninst\updspapi.dll
+ 2012-03-15 04:12 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2647518$\spuninst\spuninst.exe
+ 2012-01-14 01:37 . 2011-06-20 17:44 293376 c:\windows\$NtUninstallKB2646524$\winsrv.dll
+ 2012-01-14 01:37 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2646524$\spuninst\updspapi.dll
+ 2012-01-14 01:37 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2646524$\spuninst\spuninst.exe
+ 2011-11-12 22:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2641690$\spuninst\updspapi.dll
+ 2011-11-12 22:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2641690$\spuninst\spuninst.exe
+ 2011-11-12 22:01 . 2011-09-09 09:12 599040 c:\windows\$NtUninstallKB2641690$\crypt32.dll
+ 2012-03-15 04:17 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2641653$\spuninst\updspapi.dll
+ 2012-03-15 04:17 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2641653$\spuninst\spuninst.exe
+ 2011-12-14 05:36 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2639417$\spuninst\updspapi.dll
+ 2011-12-14 05:36 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2639417$\spuninst\spuninst.exe
+ 2011-12-14 05:37 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2633952$\spuninst\updspapi.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2633952$\spuninst\spuninst.exe
+ 2011-12-14 05:37 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2633171$\spuninst\updspapi.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2633171$\spuninst\spuninst.exe
+ 2012-01-14 01:36 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2631813$\spuninst\updspapi.dll
+ 2012-01-14 01:36 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2631813$\spuninst\spuninst.exe
+ 2012-01-14 01:36 . 2008-04-14 00:12 386048 c:\windows\$NtUninstallKB2631813$\qdvd.dll
+ 2011-12-14 05:36 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2624667$\spuninst\updspapi.dll
+ 2011-12-14 05:36 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2624667$\spuninst\spuninst.exe
+ 2012-03-15 04:13 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2621440$\spuninst\updspapi.dll
+ 2012-03-15 04:13 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2621440$\spuninst\spuninst.exe
+ 2012-03-15 04:13 . 2011-06-24 14:10 139656 c:\windows\$NtUninstallKB2621440$\rdpwd.sys
+ 2011-12-14 05:37 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2620712$\spuninst\updspapi.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2620712$\spuninst\spuninst.exe
+ 2011-12-14 05:37 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2619339$\spuninst\updspapi.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2619339$\spuninst\spuninst.exe
+ 2011-12-14 05:37 . 2011-02-09 13:53 186880 c:\windows\$NtUninstallKB2619339$\encdec.dll
+ 2011-12-14 05:37 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2618451$\spuninst\updspapi.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2618451$\spuninst\spuninst.exe
+ 2011-09-16 04:18 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2616676$\spuninst\updspapi.dll
+ 2011-09-16 04:18 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2616676$\spuninst\spuninst.exe
+ 2011-09-16 04:18 . 2011-09-03 10:17 599040 c:\windows\$NtUninstallKB2616676$\crypt32.dll
+ 2011-09-06 23:25 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2607712$\spuninst\updspapi.dll
+ 2011-09-06 23:25 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2607712$\spuninst\spuninst.exe
+ 2011-09-06 23:25 . 2008-04-14 00:11 599040 c:\windows\$NtUninstallKB2607712$\crypt32.dll
+ 2012-01-14 01:29 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2603381$\spuninst\updspapi.dll
+ 2012-01-14 01:29 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2603381$\spuninst\spuninst.exe
+ 2012-01-14 01:29 . 2008-04-14 00:12 176128 c:\windows\$NtUninstallKB2598479$\winmm.dll
+ 2012-01-14 01:29 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2598479$\spuninst\updspapi.dll
+ 2012-01-14 01:29 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2598479$\spuninst\spuninst.exe
+ 2011-10-13 05:23 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2592799$\spuninst\updspapi.dll
+ 2011-10-13 05:23 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2592799$\spuninst\spuninst.exe
+ 2011-10-13 05:23 . 2011-02-16 13:22 138496 c:\windows\$NtUninstallKB2592799$\afd.sys
+ 2012-01-22 23:18 . 2009-08-25 09:17 354816 c:\windows\$NtUninstallKB2585542$\winhttp.dll
+ 2012-01-22 23:18 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2585542$\spuninst\updspapi.dll
+ 2012-01-22 23:18 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2585542$\spuninst\spuninst.exe
+ 2012-01-22 23:18 . 2011-04-29 17:25 151552 c:\windows\$NtUninstallKB2585542$\schannel.dll
+ 2012-01-14 01:29 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2584146$\spuninst\updspapi.dll
+ 2012-01-14 01:29 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2584146$\spuninst\spuninst.exe
+ 2011-09-16 04:12 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2570947$\spuninst\updspapi.dll
+ 2011-09-16 04:12 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2570947$\spuninst\spuninst.exe
+ 2011-08-27 23:30 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2570791$\spuninst\updspapi.dll
+ 2011-08-27 23:30 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2570791$\spuninst\spuninst.exe
+ 2011-08-11 06:58 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2570222$\spuninst\updspapi.dll
+ 2011-08-11 06:58 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2570222$\spuninst\spuninst.exe
+ 2011-08-11 06:58 . 2008-04-14 00:13 139656 c:\windows\$NtUninstallKB2570222$\rdpwd.sys
+ 2011-08-11 06:59 . 2011-04-26 11:07 293376 c:\windows\$NtUninstallKB2567680$\winsrv.dll
+ 2011-08-11 06:59 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2567680$\spuninst\updspapi.dll
+ 2011-08-11 06:59 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2567680$\spuninst\spuninst.exe
+ 2011-10-13 05:23 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2567053$\spuninst\updspapi.dll
+ 2011-10-13 05:23 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2567053$\spuninst\spuninst.exe
+ 2011-08-11 06:55 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2566454$\spuninst\updspapi.dll
+ 2011-08-11 06:55 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2566454$\spuninst\spuninst.exe
+ 2011-10-13 05:30 . 2008-07-30 02:59 161296 c:\windows\$NtUninstallKB2564958$\uiautomationcore.dll
+ 2011-10-13 05:30 . 2011-08-12 20:51 382840 c:\windows\$NtUninstallKB2564958$\spuninst\updspapi.dll
+ 2011-10-13 05:30 . 2011-08-12 20:51 231288 c:\windows\$NtUninstallKB2564958$\spuninst\spuninst.exe
+ 2011-10-13 05:30 . 2002-08-29 12:00 163328 c:\windows\$NtUninstallKB2564958$\oleacc.dll
+ 2011-08-11 06:55 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2562937$\spuninst\updspapi.dll
+ 2011-08-11 06:55 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2562937$\spuninst\spuninst.exe
+ 2011-07-13 06:10 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2555917$\spuninst\updspapi.dll
+ 2011-07-13 06:10 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2555917$\spuninst\spuninst.exe
+ 2011-11-10 07:44 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2544893-v2$\spuninst\updspapi.dll
+ 2011-11-10 07:44 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe
+ 2011-11-10 07:44 . 2011-05-02 15:31 692736 c:\windows\$NtUninstallKB2544893-v2$\inetcomm.dll
+ 2011-06-29 03:11 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2541763$\spuninst\updspapi.dll
+ 2011-06-29 03:11 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2541763$\spuninst\spuninst.exe
+ 2011-06-29 03:11 . 2010-06-30 12:31 149504 c:\windows\$NtUninstallKB2541763$\schannel.dll
+ 2011-08-11 06:59 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2536276-v2$\spuninst\updspapi.dll
+ 2011-08-11 06:59 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe
+ 2011-08-11 06:59 . 2011-04-29 16:19 456320 c:\windows\$NtUninstallKB2536276-v2$\mrxsmb.sys
+ 2011-07-13 06:16 . 2010-06-18 17:45 293376 c:\windows\$NtUninstallKB2507938$\winsrv.dll
+ 2011-07-13 06:16 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2507938$\spuninst\updspapi.dll
+ 2011-07-13 06:16 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2507938$\spuninst\spuninst.exe
+ 2012-02-16 19:23 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2661637\update\updspapi.dll
+ 2012-02-16 19:23 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2661637\update\update.exe
+ 2012-02-16 19:23 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2661637\spuninst.exe
+ 2012-02-16 19:25 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2660465\update\updspapi.dll
+ 2012-02-16 19:25 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2660465\update\update.exe
+ 2012-02-16 19:25 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2660465\spuninst.exe
+ 2012-03-15 04:12 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2647518\update\updspapi.dll
+ 2012-03-15 04:12 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2647518\update\update.exe
+ 2012-03-15 04:12 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2647518\spuninst.exe
+ 2012-02-16 19:25 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2647516-IE8\update\updspapi.dll
+ 2012-02-16 19:25 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2647516-IE8\update\update.exe
+ 2012-02-16 19:25 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2647516-IE8\spuninst.exe
+ 2012-02-16 14:38 . 2011-12-17 19:45 919552 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 105984 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\url.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 206848 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\occache.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 611840 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\mstime.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 602112 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\msfeeds.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 247808 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\ieproxy.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 184320 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\iepeers.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 743424 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\iedvtool.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 387584 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\iedkcs32.dll
+ 2012-02-16 14:38 . 2011-12-16 12:33 174080 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\ie4uinit.exe
+ 2012-01-14 01:37 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2646524\update\updspapi.dll
+ 2012-01-14 01:37 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2646524\update\update.exe
+ 2012-01-14 01:37 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2646524\spuninst.exe
+ 2011-11-25 21:56 . 2011-11-25 21:56 293376 c:\windows\$hf_mig$\KB2646524\SP3QFE\winsrv.dll
+ 2011-11-12 22:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2641690\update\updspapi.dll
+ 2011-11-12 22:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2641690\update\update.exe
+ 2011-11-12 22:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2641690\spuninst.exe
+ 2011-09-28 07:05 . 2011-09-28 07:05 599552 c:\windows\$hf_mig$\KB2641690\SP3QFE\crypt32.dll
+ 2012-03-15 04:17 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2641653\update\updspapi.dll
+ 2012-03-15 04:17 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2641653\update\update.exe
+ 2012-03-15 04:17 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2641653\spuninst.exe
+ 2011-12-14 05:36 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2639417\update\updspapi.dll
+ 2011-12-14 05:36 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2639417\update\update.exe
+ 2011-12-14 05:36 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2639417\spuninst.exe
+ 2011-12-14 05:37 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2633171\update\updspapi.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2633171\update\update.exe
+ 2011-12-14 05:37 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2633171\spuninst.exe
+ 2012-01-14 01:36 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2631813\update\updspapi.dll
+ 2012-01-14 01:36 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2631813\update\update.exe
+ 2012-01-14 01:36 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2631813\spuninst.exe
+ 2011-11-03 15:27 . 2011-11-03 15:27 386048 c:\windows\$hf_mig$\KB2631813\SP3QFE\qdvd.dll
+ 2011-12-14 05:36 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2624667\update\updspapi.dll
+ 2011-12-14 05:36 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2624667\update\update.exe
+ 2011-12-14 05:36 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2624667\spuninst.exe
+ 2012-03-15 04:13 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2621440\update\updspapi.dll
+ 2012-03-15 04:13 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2621440\update\update.exe
+ 2012-03-15 04:13 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2621440\spuninst.exe
+ 2012-03-15 04:03 . 2012-01-09 16:19 139784 c:\windows\$hf_mig$\KB2621440\SP3QFE\rdpwd.sys
+ 2011-12-14 05:37 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2620712\update\updspapi.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2620712\update\update.exe
+ 2011-12-14 05:37 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2620712\spuninst.exe
+ 2011-12-14 05:37 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2619339\update\updspapi.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2619339\update\update.exe
+ 2011-12-14 05:37 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2619339\spuninst.exe
+ 2011-10-18 11:12 . 2011-10-18 11:12 186880 c:\windows\$hf_mig$\KB2619339\SP3QFE\encdec.dll
+ 2011-12-14 05:37 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2618451\update\updspapi.dll
+ 2011-12-14 05:37 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2618451\update\update.exe
+ 2011-12-14 05:37 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2618451\spuninst.exe
+ 2011-12-14 05:39 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2618444-IE8\update\updspapi.dll
+ 2011-12-14 05:39 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2618444-IE8\update\update.exe
+ 2011-12-14 05:39 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2618444-IE8\spuninst.exe
+ 2011-12-14 05:30 . 2011-11-04 19:19 919552 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 105984 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\url.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 206848 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\occache.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 611840 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mstime.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 602112 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\msfeeds.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 247808 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\ieproxy.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 184320 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iepeers.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 743424 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iedvtool.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 387584 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iedkcs32.dll
+ 2011-12-14 05:30 . 2011-10-25 12:01 174080 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\ie4uinit.exe
+ 2011-09-16 04:18 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2616676\update\updspapi.dll
+ 2011-09-16 04:18 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2616676\update\update.exe
+ 2011-09-16 04:18 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2616676\spuninst.exe
+ 2011-09-09 09:11 . 2011-09-09 09:11 599552 c:\windows\$hf_mig$\KB2616676\SP3QFE\crypt32.dll
+ 2011-09-06 23:25 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2607712\update\updspapi.dll
+ 2011-09-06 23:25 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2607712\update\update.exe
+ 2011-09-06 23:25 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2607712\spuninst.exe
+ 2011-09-03 10:16 . 2011-09-03 10:16 599552 c:\windows\$hf_mig$\KB2607712\SP3QFE\crypt32.dll
+ 2012-01-14 01:29 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2603381\update\updspapi.dll
+ 2012-01-14 01:29 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2603381\update\update.exe
+ 2012-01-14 01:29 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2603381\spuninst.exe
+ 2012-01-14 01:29 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2598479\update\updspapi.dll
+ 2012-01-14 01:29 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2598479\update\update.exe
+ 2012-01-14 01:29 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2598479\spuninst.exe
+ 2011-10-14 14:45 . 2011-10-14 14:45 176128 c:\windows\$hf_mig$\KB2598479\SP3QFE\winmm.dll
+ 2011-10-13 05:23 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2592799\update\updspapi.dll
+ 2011-10-13 05:23 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2592799\update\update.exe
+ 2011-10-13 05:23 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2592799\spuninst.exe
+ 2011-10-13 05:13 . 2011-08-17 13:41 138496 c:\windows\$hf_mig$\KB2592799\SP3QFE\afd.sys
+ 2011-10-13 05:22 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2586448-IE8\update\updspapi.dll
+ 2011-10-13 05:22 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2586448-IE8\update\update.exe
+ 2011-10-13 05:22 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2586448-IE8\spuninst.exe
+ 2011-10-13 05:13 . 2011-08-22 23:47 919552 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 105984 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\url.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 206848 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\occache.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 611840 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mstime.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 602112 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\msfeeds.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 247808 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ieproxy.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 184320 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iepeers.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 743424 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iedvtool.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 387584 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iedkcs32.dll
+ 2011-10-13 05:13 . 2011-08-22 11:52 174080 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ie4uinit.exe
+ 2012-01-22 23:18 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2585542\update\updspapi.dll
+ 2012-01-22 23:18 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2585542\update\update.exe
+ 2012-01-22 23:18 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2585542\spuninst.exe
+ 2011-11-16 14:20 . 2011-11-16 14:20 354816 c:\windows\$hf_mig$\KB2585542\SP3QFE\winhttp.dll
+ 2011-11-16 14:20 . 2011-11-16 14:20 152064 c:\windows\$hf_mig$\KB2585542\SP3QFE\schannel.dll
+ 2012-01-14 01:29 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2584146\update\updspapi.dll
+ 2012-01-14 01:29 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2584146\update\update.exe
+ 2012-01-14 01:29 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2584146\spuninst.exe
+ 2011-09-16 04:12 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2570947\update\updspapi.dll
+ 2011-09-16 04:12 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2570947\update\update.exe
+ 2011-09-16 04:12 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2570947\spuninst.exe
+ 2011-08-11 06:58 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2570222\update\updspapi.dll
+ 2011-08-11 06:58 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2570222\update\update.exe
+ 2011-08-11 06:58 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2570222\spuninst.exe
+ 2011-08-11 06:27 . 2011-06-24 14:09 139656 c:\windows\$hf_mig$\KB2570222\SP3QFE\rdpwd.sys
+ 2011-08-11 06:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2567680\update\updspapi.dll
+ 2011-08-11 06:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2567680\update\update.exe
+ 2011-08-11 06:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2567680\spuninst.exe
+ 2011-06-20 17:43 . 2011-06-20 17:43 293376 c:\windows\$hf_mig$\KB2567680\SP3QFE\winsrv.dll
+ 2011-10-13 05:23 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2567053\update\updspapi.dll
+ 2011-10-13 05:23 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2567053\update\update.exe
+ 2011-10-13 05:23 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2567053\spuninst.exe
+ 2011-08-11 06:55 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2566454\update\updspapi.dll
+ 2011-08-11 06:55 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2566454\update\update.exe
+ 2011-08-11 06:55 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2566454\spuninst.exe
+ 2011-08-11 06:55 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2562937\update\updspapi.dll
+ 2011-08-11 06:55 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2562937\update\update.exe
+ 2011-08-11 06:55 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2562937\spuninst.exe
+ 2011-08-12 18:45 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2559049-IE8\update\updspapi.dll
+ 2011-08-12 18:45 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2559049-IE8\update\update.exe
+ 2011-08-12 18:45 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2559049-IE8\spuninst.exe
+ 2011-08-12 17:50 . 2011-06-23 18:33 919552 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
+ 2011-08-12 17:50 . 2011-06-23 18:33 105984 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\url.dll
+ 2011-08-12 17:50 . 2011-06-23 18:33 206848 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\occache.dll
+ 2011-08-12 17:50 . 2011-06-23 18:33 611840 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mstime.dll
+ 2011-08-12 17:50 . 2011-06-23 18:33 602112 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\msfeeds.dll
+ 2011-08-12 17:50 . 2011-06-23 18:33 247808 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ieproxy.dll
+ 2011-08-12 17:50 . 2011-06-23 18:33 184320 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iepeers.dll
+ 2011-08-12 17:50 . 2011-06-23 18:33 743424 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iedvtool.dll
+ 2011-08-12 17:50 . 2011-06-23 18:33 387584 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iedkcs32.dll
+ 2011-08-12 17:50 . 2011-06-23 12:19 173568 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ie4uinit.exe
+ 2011-07-13 06:11 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2555917\update\updspapi.dll
+ 2011-07-13 06:11 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2555917\update\update.exe
+ 2011-07-13 06:11 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2555917\spuninst.exe
+ 2011-11-10 07:44 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2544893-v2\update\updspapi.dll
+ 2011-11-10 07:44 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2544893-v2\update\update.exe
+ 2011-11-10 07:44 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2544893-v2\spuninst.exe
+ 2011-10-10 14:21 . 2011-10-10 14:21 692736 c:\windows\$hf_mig$\KB2544893-v2\SP3QFE\inetcomm.dll
+ 2011-06-29 03:11 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2541763\update\updspapi.dll
+ 2011-06-29 03:11 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2541763\update\update.exe
+ 2011-06-29 03:11 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2541763\spuninst.exe
+ 2011-04-29 17:23 . 2011-04-29 17:23 151552 c:\windows\$hf_mig$\KB2541763\SP3QFE\schannel.dll
+ 2011-08-11 06:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2536276-v2\update\updspapi.dll
+ 2011-08-11 06:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2536276-v2\update\update.exe
+ 2011-08-11 06:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2536276-v2\spuninst.exe
+ 2011-08-11 06:27 . 2011-07-15 13:29 457856 c:\windows\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys
+ 2011-07-13 06:16 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2507938\update\updspapi.dll
+ 2011-07-13 06:16 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2507938\update\update.exe
+ 2011-07-13 06:16 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2507938\spuninst.exe
+ 2011-04-26 11:02 . 2011-04-26 11:02 293376 c:\windows\$hf_mig$\KB2507938\SP3QFE\winsrv.dll
+ 2002-08-29 12:00 . 2012-03-01 11:01 1212416 c:\windows\system32\urlmon.dll
+ 2002-08-29 12:00 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2002-08-29 12:00 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll
- 2002-08-29 12:00 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe
+ 2002-08-29 12:00 . 2011-10-25 13:37 2148864 c:\windows\system32\ntoskrnl.exe
+ 2002-08-29 01:04 . 2011-10-25 12:52 2027008 c:\windows\system32\ntkrnlpa.exe
- 2002-08-29 01:04 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2002-08-29 12:00 . 2012-03-01 11:01 5978624 c:\windows\system32\mshtml.dll
+ 2010-01-27 01:07 . 2012-02-21 05:56 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-14 01:34 . 2012-03-01 11:01 2000384 c:\windows\system32\iertutil.dll
+ 2012-03-30 02:13 . 2012-02-15 18:01 4547944 c:\windows\system32\DRVSTORE\usbaapl_87F84F5DA3368BC69CA5BE7F6A79CAA709E36E13\usbaaplrc.dll
+ 2011-10-14 03:29 . 2010-04-20 03:29 1461992 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\wdfcoinstaller01009.dll
Michael D
2012-04-23, 00:44
Part III
+ 2008-10-16 03:08 . 2012-02-03 09:22 1860096 c:\windows\system32\dllcache\win32k.sys
+ 2007-01-25 12:48 . 2012-03-01 11:01 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
- 2008-10-16 03:08 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 03:08 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-16 03:08 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 03:08 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 03:08 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-16 03:08 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-16 03:08 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 03:08 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-01-04 13:36 . 2012-03-01 11:01 5978624 c:\windows\system32\dllcache\mshtml.dll
+ 2008-06-06 03:30 . 2012-03-01 11:01 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-12-25 11:50 . 2011-12-25 11:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-10-26 11:39 . 2011-10-26 11:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-03-25 13:15 . 2011-03-25 13:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-03-25 13:15 . 2011-03-25 13:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-01-31 11:46 . 2012-01-31 11:46 6385664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp
+ 2011-12-25 19:07 . 2011-12-25 19:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 19:06 . 2011-12-25 19:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-09-23 22:55 . 2010-09-23 22:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 19:06 . 2011-12-25 19:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 06:54 . 2011-12-25 06:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 06:53 . 2011-12-25 06:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2011-12-25 19:06 . 2011-12-25 19:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2010-09-23 22:55 . 2010-09-23 22:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-10-14 03:28 . 2011-10-14 03:28 2002432 c:\windows\Installer\d2cf5f.msi
+ 2011-10-08 01:02 . 2011-10-08 01:02 1769984 c:\windows\Installer\b97ab8.msi
+ 2012-01-13 14:13 . 2012-01-13 14:13 3947520 c:\windows\Installer\a967e.msi
+ 2012-01-31 03:46 . 2012-01-31 03:46 7069184 c:\windows\Installer\a75cc.msp
+ 2012-03-22 20:09 . 2012-03-22 20:09 5521920 c:\windows\Installer\a75bd.msp
+ 2011-12-26 17:59 . 2011-12-26 17:59 4368896 c:\windows\Installer\802237.msp
+ 2011-09-20 22:36 . 2011-09-20 22:36 5521408 c:\windows\Installer\75633.msp
+ 2011-08-11 00:43 . 2011-08-11 00:43 3795968 c:\windows\Installer\3ddaae.msp
+ 2011-07-26 15:17 . 2011-07-26 15:17 6824960 c:\windows\Installer\3dda94.msp
+ 2011-08-16 19:35 . 2011-08-16 19:35 5519872 c:\windows\Installer\3dda82.msp
+ 2011-08-11 00:42 . 2011-08-11 00:42 7070208 c:\windows\Installer\3dda71.msp
+ 2011-07-21 19:34 . 2011-07-21 19:34 3456000 c:\windows\Installer\3dda6a.msp
+ 2011-07-27 14:39 . 2011-07-27 14:39 9892352 c:\windows\Installer\3dda5f.msp
+ 2011-11-01 21:34 . 2011-11-01 21:34 2531840 c:\windows\Installer\2c85b83.msp
+ 2011-11-01 21:34 . 2011-11-01 21:34 1552384 c:\windows\Installer\2c85b7b.msp
+ 2011-11-01 21:34 . 2011-11-01 21:34 2247168 c:\windows\Installer\2c85b73.msp
+ 2011-11-17 18:55 . 2011-11-17 18:55 5522944 c:\windows\Installer\2c85b58.msp
+ 2011-10-30 07:10 . 2011-10-30 07:10 6824960 c:\windows\Installer\2c85b47.msp
+ 2012-03-06 04:34 . 2012-03-06 04:34 5519872 c:\windows\Installer\2c71b84.msp
+ 2012-03-27 15:47 . 2012-03-27 15:47 4959232 c:\windows\Installer\26a7e.msp
+ 2012-03-30 02:22 . 2012-03-30 02:22 4288000 c:\windows\Installer\245f89f.msi
+ 2012-03-30 02:13 . 2012-03-30 02:13 1718784 c:\windows\Installer\245ed02.msi
+ 2012-03-30 02:11 . 2012-03-30 02:11 1530368 c:\windows\Installer\245ecb4.msi
+ 2011-11-03 21:31 . 2011-11-03 21:31 5525504 c:\windows\Installer\21c051.msp
+ 2011-05-02 07:06 . 2011-05-02 07:06 2705920 c:\windows\Installer\1de3b2.msp
+ 2011-07-26 20:50 . 2011-07-26 20:50 5522432 c:\windows\Installer\1de3ab.msp
+ 2011-11-11 02:44 . 2011-11-11 02:44 9474048 c:\windows\Installer\1c6cc74.msi
+ 2011-10-31 06:54 . 2011-10-31 06:54 2748416 c:\windows\Installer\1a1fc4.msp
+ 2012-01-25 22:55 . 2012-01-25 22:55 5520384 c:\windows\Installer\1a1fbd.msp
+ 2011-05-23 21:15 . 2011-05-23 21:15 3617792 c:\windows\Installer\17cd62.msp
+ 2011-11-18 02:44 . 2011-11-18 02:44 6976512 c:\windows\Installer\14fb2c.msi
+ 2011-12-06 23:22 . 2011-12-06 23:22 5519360 c:\windows\Installer\108241.msp
+ 2007-04-19 21:09 . 2007-04-19 21:09 1061720 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2012-01-03 16:18 . 2012-01-03 16:18 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\rt3d.dll
+ 2011-11-18 00:50 . 2011-11-18 00:50 6543872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\authplay.dll
+ 2011-01-14 14:10 . 2011-01-14 14:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 14:10 . 2011-01-14 14:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 14:10 . 2011-01-14 14:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2011-07-27 12:44 . 2011-07-27 12:44 1791824 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PPCNV.DLL
+ 2012-04-12 13:19 . 2011-12-17 19:46 1212416 c:\windows\ie8updates\KB2675157-IE8\urlmon.dll
+ 2012-04-12 13:19 . 2011-12-17 19:46 5979136 c:\windows\ie8updates\KB2675157-IE8\mshtml.dll
+ 2012-04-12 13:19 . 2011-12-17 19:46 2000384 c:\windows\ie8updates\KB2675157-IE8\iertutil.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 1212416 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 5978112 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 2000384 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
+ 2011-12-14 05:38 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2011-12-14 05:38 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2011-12-14 05:38 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2011-10-13 05:22 . 2011-06-23 18:36 1212416 c:\windows\ie8updates\KB2586448-IE8\urlmon.dll
+ 2011-10-13 05:22 . 2011-07-25 15:17 5969920 c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
+ 2011-10-13 05:22 . 2011-06-23 18:36 1991680 c:\windows\ie8updates\KB2586448-IE8\iertutil.dll
+ 2011-08-12 18:45 . 2011-04-25 16:11 1211904 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-08-12 18:45 . 2011-05-30 22:19 5964800 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-08-12 18:45 . 2011-04-25 16:11 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2008-10-16 03:08 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-16 03:08 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-16 03:08 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 03:08 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 03:08 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 03:08 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-16 03:08 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-16 03:08 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-01-08 22:14 . 2012-01-08 22:14 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_52435b0f\System.dll
+ 2012-01-08 22:15 . 2012-01-08 22:15 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2af6c01d\System.dll
+ 2012-01-08 22:15 . 2012-01-08 22:15 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_84e2b267\System.Xml.dll
+ 2012-01-08 22:15 . 2012-01-08 22:15 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_5da2f319\System.Xml.dll
+ 2012-04-12 13:18 . 2012-04-12 13:18 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f69a8ead\System.Windows.Forms.dll
+ 2012-01-08 22:15 . 2012-01-08 22:15 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b862fd00\System.Windows.Forms.dll
+ 2012-01-08 22:15 . 2012-01-08 22:15 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b75a6ae2\System.Windows.Forms.dll
+ 2012-04-12 13:18 . 2012-04-12 13:18 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_4a02ba12\System.Windows.Forms.dll
+ 2012-01-08 22:15 . 2012-01-08 22:15 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b69a90cf\System.Drawing.dll
+ 2012-04-12 13:19 . 2012-04-12 13:19 2248704 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_71e44dfe\System.Drawing.dll
+ 2012-04-12 13:18 . 2012-04-12 13:18 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7020e09c\System.Design.dll
+ 2012-01-08 22:15 . 2012-01-08 22:15 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_415218cc\System.Design.dll
+ 2012-04-12 13:18 . 2012-04-12 13:18 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2e616514\System.Design.dll
+ 2012-01-08 22:15 . 2012-01-08 22:15 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_1a0482e4\System.Design.dll
+ 2012-01-08 22:15 . 2012-01-08 22:15 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_aab813c6\mscorlib.dll
+ 2012-01-08 22:16 . 2012-01-08 22:16 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_02163ff6\mscorlib.dll
+ 2012-02-16 19:39 . 2012-02-16 19:39 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-02-16 19:41 . 2012-02-16 19:41 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
+ 2012-02-16 19:39 . 2012-02-16 19:39 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-02-16 19:41 . 2012-02-16 19:41 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-04-12 13:50 . 2012-04-12 13:50 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d31d2eb0a862d3c1d3561be5f1570c3e\System.WorkflowServices.ni.dll
+ 2012-02-16 20:52 . 2012-02-16 20:52 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-04-12 13:50 . 2012-04-12 13:50 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\53c2336db392bfa5484850780048e37a\System.Workflow.ComponentModel.ni.dll
+ 2012-04-12 13:50 . 2012-04-12 13:50 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\f243723cda77dd647b250dd9c42c35e2\System.Workflow.Activities.ni.dll
+ 2012-02-16 20:52 . 2012-02-16 20:52 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-04-12 13:49 . 2012-04-12 13:49 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d1dacd5cb445b242b70bf7d606464293\System.Web.Mobile.ni.dll
+ 2012-04-12 13:49 . 2012-04-12 13:49 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6acbb8bb1a43fab0fdcf55bedd1fbcc3\System.Web.Extensions.ni.dll
+ 2012-02-16 19:41 . 2012-02-16 19:41 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\9578cabac0539ece4ae00eea4c27b8b3\System.Speech.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-02-16 20:48 . 2012-02-16 20:48 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-04-12 13:20 . 2012-04-12 13:20 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\44d507a702c1623810e094adf751f687\System.Printing.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 4950016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\10fdfb918f01ebc41f38a391334146a9\System.Management.Automation.ni.dll
+ 2012-02-16 20:48 . 2012-02-16 20:48 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-04-12 13:20 . 2012-04-12 13:20 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-04-12 13:48 . 2012-04-12 13:48 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3d253a2235f7c03630003bc1fbaf34a3\System.Deployment.ni.dll
+ 2012-02-16 19:40 . 2012-02-16 19:40 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-02-16 20:50 . 2012-02-16 20:50 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-02-16 19:41 . 2012-02-16 19:41 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
+ 2012-02-16 20:50 . 2012-02-16 20:50 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll
+ 2012-02-16 19:40 . 2012-02-16 19:40 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-04-12 13:18 . 2012-04-12 13:18 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c73e109dbac6b099786cc68fe36e3d0b\ReachFramework.ni.dll
+ 2012-04-12 13:18 . 2012-04-12 13:18 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\20d72aeac1109863b77532d37d3f4fa2\PresentationUI.ni.dll
+ 2012-02-16 19:39 . 2012-02-16 19:39 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\59cd6ce5a254006179eee92952cd2272\PresentationBuildTasks.ni.dll
+ 2012-04-12 13:48 . 2012-04-12 13:48 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-16 20:51 . 2012-02-16 20:51 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-04-12 13:48 . 2012-04-12 13:48 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\876b7280cf4e81fd65b120f60d38a7d9\Microsoft.Build.Tasks.ni.dll
+ 2012-04-12 13:48 . 2012-04-12 13:48 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\64ba53308e90fa3837fe47977e2d37b6\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-16 20:49 . 2012-02-16 20:49 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-07 21:32 . 2010-10-07 21:32 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-08 22:15 . 2012-01-08 22:15 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-06-18 08:20 . 2011-06-18 08:20 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-04-12 13:12 . 2012-04-12 13:12 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-04-12 13:12 . 2012-04-12 13:12 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-18 08:21 . 2011-06-18 08:21 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-12 13:13 . 2012-04-12 13:13 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-08 22:14 . 2012-01-08 22:14 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-10-07 21:20 . 2010-10-07 21:20 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-01-08 22:14 . 2012-01-08 22:14 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-08 22:14 . 2012-01-08 22:14 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-16 19:25 . 2011-11-23 13:25 1859584 c:\windows\$NtUninstallKB2660465$\win32k.sys
+ 2012-03-15 04:17 . 2012-01-12 16:53 1859968 c:\windows\$NtUninstallKB2641653$\win32k.sys
+ 2011-12-14 05:36 . 2011-09-06 13:20 1858944 c:\windows\$NtUninstallKB2639417$\win32k.sys
+ 2011-12-14 05:37 . 2010-12-09 13:42 2148864 c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
+ 2011-12-14 05:37 . 2010-12-09 13:07 2027008 c:\windows\$NtUninstallKB2633171$\ntkrpamp.exe
+ 2011-12-14 05:37 . 2010-12-09 13:07 2027008 c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
+ 2011-12-14 05:37 . 2010-12-09 13:42 2148864 c:\windows\$NtUninstallKB2633171$\ntkrnlmp.exe
+ 2012-01-14 01:36 . 2010-02-05 18:27 1291776 c:\windows\$NtUninstallKB2631813$\quartz.dll
+ 2011-12-14 05:36 . 2010-07-16 12:05 1288192 c:\windows\$NtUninstallKB2624667$\ole32.dll
+ 2011-10-13 05:23 . 2011-06-02 14:02 1858944 c:\windows\$NtUninstallKB2567053$\win32k.sys
+ 2011-07-13 06:10 . 2011-03-03 13:21 1857920 c:\windows\$NtUninstallKB2555917$\win32k.sys
+ 2012-01-12 16:54 . 2012-01-12 16:54 1869056 c:\windows\$hf_mig$\KB2660465\SP3QFE\win32k.sys
+ 2012-02-16 14:38 . 2011-12-17 19:45 1214464 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\urlmon.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 5980160 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 2001408 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\iertutil.dll
+ 2012-03-15 04:04 . 2012-02-03 09:26 1869184 c:\windows\$hf_mig$\KB2641653\SP3QFE\win32k.sys
+ 2011-11-23 13:29 . 2011-11-23 13:29 1868544 c:\windows\$hf_mig$\KB2639417\SP3QFE\win32k.sys
+ 2011-10-25 13:34 . 2011-10-25 13:34 2192768 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
+ 2011-10-25 12:52 . 2011-10-25 12:52 2027008 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrpamp.exe
+ 2011-10-25 12:52 . 2011-10-25 12:52 2069376 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
+ 2011-10-25 13:38 . 2011-10-25 13:38 2148864 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlmp.exe
+ 2011-11-03 15:27 . 2011-11-03 15:27 1292288 c:\windows\$hf_mig$\KB2631813\SP3QFE\quartz.dll
+ 2011-11-01 16:05 . 2011-11-01 16:05 1289216 c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 1214464 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\urlmon.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 5978624 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
+ 2011-12-14 05:30 . 2011-11-04 19:19 2001408 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iertutil.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 1214464 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\urlmon.dll
+ 2011-10-13 05:13 . 2011-10-03 08:34 5972992 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 2001408 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iertutil.dll
+ 2011-09-06 13:25 . 2011-09-06 13:25 1867904 c:\windows\$hf_mig$\KB2567053\SP3QFE\win32k.sys
+ 2011-08-12 17:50 . 2011-06-23 18:33 1214464 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\urlmon.dll
+ 2011-08-12 17:50 . 2011-07-25 15:15 5971456 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
+ 2011-08-12 17:50 . 2011-06-23 18:33 1992192 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iertutil.dll
+ 2011-06-02 14:07 . 2011-06-02 14:07 1867904 c:\windows\$hf_mig$\KB2555917\SP3QFE\win32k.sys
+ 2008-06-06 03:28 . 2012-04-12 13:06 55154568 c:\windows\system32\MRT.exe
+ 2007-08-14 01:54 . 2012-03-02 13:01 11082752 c:\windows\system32\ieframe.dll
+ 2008-06-06 03:30 . 2012-03-02 13:01 11082752 c:\windows\system32\dllcache\ieframe.dll
+ 2011-12-27 01:02 . 2011-12-27 01:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
+ 2012-03-29 01:10 . 2012-03-29 01:10 12098048 c:\windows\Installer\a75ac.msp
+ 2011-12-26 17:02 . 2011-12-26 17:02 19677184 c:\windows\Installer\802250.msp
+ 2011-07-12 03:43 . 2011-07-12 03:43 11641344 c:\windows\Installer\7563d.msp
+ 2011-07-12 22:50 . 2011-07-12 22:50 17555968 c:\windows\Installer\75623.msp
+ 2011-07-26 23:33 . 2011-07-26 23:33 10984448 c:\windows\Installer\3ddaa6.msp
+ 2011-09-16 02:37 . 2011-09-16 02:37 37148160 c:\windows\Installer\2c85b35.msp
+ 2012-01-04 06:15 . 2012-01-04 06:15 20559288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.dll
+ 2012-04-12 13:19 . 2011-12-18 22:46 11082240 c:\windows\ie8updates\KB2675157-IE8\ieframe.dll
+ 2012-02-16 19:25 . 2011-11-04 19:20 11081728 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
+ 2011-12-14 05:38 . 2011-08-24 00:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
+ 2011-10-13 05:22 . 2011-06-23 18:36 11081728 c:\windows\ie8updates\KB2586448-IE8\ieframe.dll
+ 2011-08-12 18:45 . 2011-04-26 17:11 11081728 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
+ 2012-04-22 19:27 . 2012-04-22 19:27 33005568 c:\windows\ERDNT\AutoBackup\4-22-2012\Users\00000001\ntuser.dat
+ 2012-04-12 13:21 . 2012-04-12 13:21 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
+ 2012-04-12 13:49 . 2012-04-12 13:49 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
+ 2012-02-16 20:48 . 2012-02-16 20:48 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-04-12 13:19 . 2012-04-12 13:19 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\561138d8d199861578c197c4d24e3934\System.Design.ni.dll
+ 2012-04-12 13:17 . 2012-04-12 13:17 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\029d1d9e6495065aa4f38bcf2315ee8c\PresentationFramework.ni.dll
+ 2012-04-12 13:16 . 2012-04-12 13:16 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0a059ecfca6e421629a8298b03a7814c\PresentationCore.ni.dll
+ 2011-10-13 05:30 . 2011-10-13 05:30 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
+ 2012-02-16 14:38 . 2011-12-17 19:45 11085312 c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\ieframe.dll
+ 2011-11-05 22:19 . 2011-11-05 22:19 11083776 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\ieframe.dll
+ 2011-10-13 05:13 . 2011-08-22 23:47 11084288 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ieframe.dll
+ 2011-06-25 08:03 . 2011-06-25 08:03 11083776 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2010-9-23 49254]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:IDU Service UDP Port
"2804:TCP"= 2804:TCP:IDU Service TCP Port
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/3/2011 1:06 PM 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/14/2011 3:17 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/14/2011 3:17 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2011 3:17 PM 20696]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 1:06 PM 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 1:06 PM 15232]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [6/9/2008 1:55 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [6/9/2008 1:52 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [6/9/2008 1:55 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [6/9/2008 1:55 PM 10368]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.SYS --> c:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS --> c:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.SYS --> c:\windows\system32\drivers\CTEAPSFX.SYS [?]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS --> c:\windows\system32\drivers\CTEAPSFX.SYS [?]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.SYS --> c:\windows\system32\drivers\CTEDSPFX.SYS [?]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS --> c:\windows\system32\drivers\CTEDSPFX.SYS [?]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.SYS --> c:\windows\system32\drivers\CTEDSPIO.SYS [?]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS --> c:\windows\system32\drivers\CTEDSPIO.SYS [?]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.SYS --> c:\windows\system32\drivers\CTEDSPSY.SYS [?]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS --> c:\windows\system32\drivers\CTEDSPSY.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.SYS --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.SYS --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [6/5/2008 4:56 PM 17149]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [6/5/2008 4:57 PM 362944]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 20:06]
.
2012-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: microsoft.com\office
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-22 13:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,be,2d,e7,65,f7,aa,4c,b6,b2,5f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,be,2d,e7,65,f7,aa,4c,b6,b2,5f,\
.
Completion time: 2012-04-22 13:12:58
ComboFix-quarantined-files.txt 2012-04-22 20:12
ComboFix2.txt 2011-06-21 19:46
.
Pre-Run: 48,238,772,224 bytes free
Post-Run: 48,335,585,280 bytes free
.
- - End Of File - - 929748583AA68C793CAB8B7CB742596B
Michael D
2012-04-23, 01:00
FYI, I double checked the log entries to the original txt file and it is all there over the multiple posts. :bigthumb:
Hi,
I see that you have both AdWatch Antivirus and Avast running on your system. Having more than one antivirus is asking for problems such as conflicts, lack of protection and more. We need to remove one. Let me know which one you would like to remove and I will provide the tool to do so.
----------
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
ClearJavaCache::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"=-
"2804:TCP"=-
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
Michael D
2012-04-24, 01:10
Hi Jeff,
I thought Ad-Aware was a different program than Avast and that Avast was the antivirus. Told ya I don't a lot. I suppose I will keep Avast, unless you can disagree with conviction that I should keep the Ad-Aware because it doesn't matter to me I don't know if one is "better" than the other. I do like the Ad-Aware toolbar at the top of the page. I have only seen it turn red when I went to the "redirected page" and the first time I am sure I might not have noticed it.
Something happened this morning, I am not able to refresh and connect to the iTunes radio - it gives a pop up window with "opening URL" and the green meter runs, but it doesn't do anything after that. There has been for some time another window that opens which I took a picture of, it is attached – I have clicked OK and then I can open iTunes so it never bothered me-I can burn CD’s on a USB burner, the DVD drive has not work ever that I remember. :confused:
Anyway I know you are just dealing with the issue. I only mention this as it might be related. Thanks!
Log:
ComboFix 12-04-22.01 - Owner 04/23/2012 7:20.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.524 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\Forum help 4-21-12\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\Forum help 4-21-12\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-21 17:31 . 2012-04-21 17:31 -------- d-----w- c:\program files\ERUNT
2012-04-21 02:45 . 2012-04-21 02:45 -------- d-----w- c:\program files\PC Tools
2012-04-21 02:30 . 2012-04-21 03:23 -------- d-----w- c:\program files\Common Files\PC Tools
2012-04-21 02:30 . 2012-02-24 17:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-21 02:30 . 2012-04-21 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-21 02:30 . 2012-04-21 02:30 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp
2012-03-30 02:19 . 2012-03-30 02:19 -------- d-----w- c:\program files\iPod
2012-03-30 02:19 . 2012-03-30 02:20 -------- d-----w- c:\program files\iTunes
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2010-12-27 09:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2011-06-11 12:26 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-06-11 12:26 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-14 22:17 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-06-14 22:17 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-06-14 22:17 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-06-14 22:17 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-06-14 22:17 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2011-06-14 22:17 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2011-06-14 22:17 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2011-06-14 22:17 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2002-08-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-08-29 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-08-29 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-21 05:56 . 2011-05-14 00:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-13 05:51 . 2002-08-29 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-02-03 09:22 . 2002-08-29 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-03-18 20:06 . 2011-03-23 18:04 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-22_20.07.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-23 13:23 . 2012-04-23 13:23 16384 c:\windows\Temp\Perflib_Perfdata_8d4.dat
+ 2008-06-05 23:52 . 2012-04-23 13:26 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-05 23:52 . 2012-04-16 06:34 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-05 23:52 . 2012-04-23 13:26 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-05 23:52 . 2012-04-16 06:34 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-04-23 13:26 . 2012-04-23 13:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-06-23 22:00 . 2012-04-16 06:34 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-04-23 13:23 . 2012-04-23 13:23 311296 c:\windows\ERDNT\AutoBackup\4-23-2012\Users\00000002\UsrClass.dat
+ 2012-04-23 13:23 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\4-23-2012\ERDNT.EXE
+ 2012-04-23 13:23 . 2012-04-23 13:23 33021952 c:\windows\ERDNT\AutoBackup\4-23-2012\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2010-9-23 49254]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/3/2011 1:06 PM 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/14/2011 3:17 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/14/2011 3:17 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2011 3:17 PM 20696]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 1:06 PM 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 1:06 PM 15232]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [6/9/2008 1:55 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [6/9/2008 1:52 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [6/9/2008 1:55 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [6/9/2008 1:55 PM 10368]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.SYS --> c:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS --> c:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.SYS --> c:\windows\system32\drivers\CTEAPSFX.SYS [?]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS --> c:\windows\system32\drivers\CTEAPSFX.SYS [?]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.SYS --> c:\windows\system32\drivers\CTEDSPFX.SYS [?]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS --> c:\windows\system32\drivers\CTEDSPFX.SYS [?]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.SYS --> c:\windows\system32\drivers\CTEDSPIO.SYS [?]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS --> c:\windows\system32\drivers\CTEDSPIO.SYS [?]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.SYS --> c:\windows\system32\drivers\CTEDSPSY.SYS [?]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS --> c:\windows\system32\drivers\CTEDSPSY.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.SYS --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.SYS --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [6/5/2008 4:56 PM 17149]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [6/5/2008 4:57 PM 362944]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 20:06]
.
2012-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: microsoft.com\office
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-23 07:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2108)
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-23 07:37:58
ComboFix-quarantined-files.txt 2012-04-23 14:37
ComboFix2.txt 2012-04-22 20:12
ComboFix3.txt 2011-06-21 19:46
.
Pre-Run: 48,071,524,352 bytes free
Post-Run: 48,043,524,096 bytes free
.
- - End Of File - - 8C08749B0393E36D9B3A415B31A59BDB
Michael D
2012-04-24, 01:21
Jeff,
No way to edit the post and I forgot the screenshot and I don't know how to insert or attach a .bmp file --- it says:
The registry settings used by the iTunes drivers for importing and
burning CDs and DVDs are missing, This can happen as a result
of installing other CD burning software. Please reinstall iTunes.
Thank you,
Michael
Hi,
We can work on the iTunes problem once we get the malware problems resolved. :)
----------
Good choice on keeping Avast. That is the antivirus that I use myself. Go ahead and remove the Ad-Watch Live using Start >> Control Panel >> Add/Remove Programs.
----------
I see that you have Malwarebytes on your computer. Please open Malwarebytes, update it and then run a Quick Scan. There will be a log created that I will need in your next reply.
----------
ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.htmll).
Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
Please go here (http://www.eset.com/us/online-scanner/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
[quote]Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
----------
In your next reply please post the logs made by Malwarebytes and ESET online scanner.
Michael D
2012-04-24, 06:06
Hi Jeff,
Okay wow! That took some time. Just as a matter of mentioning, I have Windows firewall and there is a fire wall on the "community" router. Don't know if that is any good or not. Here are the logs you ask for, again thank you very much! :thanks:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.23.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: MICHAEL-9L4P8YF [administrator]
4/23/2012 5:40:36 PM
mbam-log-2012-04-23 (17-40-36).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235373
Time elapsed: 16 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=713eb54ce34de54aafdef6c252c9d5f4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-24 02:53:27
# local_time=2012-04-23 07:53:27 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 68874138 68874138 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=100573
# found=3
# cleaned=0
# scan_time=5457
C:\Documents and Settings\Owner\Desktop\csps42full.exe probably a variant of Win32/TrojanDropper.Agent.FZSLDBO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\My Documents\michael delwarte\Downloads\csps42full.exe probably a variant of Win32/TrojanDropper.Agent.FZSLDBO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Owner\My Documents\michael delwarte\Downloads\csps42full.exe.part probably a variant of Win32/TrojanDropper.Agent.FZSLDBO trojan (unable to clean) 00000000000000000000000000000000 I
Hi,
The firewall I don't believe is a problem. :)
----------
LOL!! Sometimes the online scans will take some time to finish. :D:
----------
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
C:\Documents and Settings\Owner\Desktop\csps42full.exe
C:\Documents and Settings\Owner\My Documents\michael delwarte\Downloads\csps42full.exe
C:\Documents and Settings\Owner\My Documents\michael delwarte\Downloads\csps42full.exe.part
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
In your next reply post the log made by ComboFix and let me know how your system is running now. :)
Michael D
2012-04-24, 20:00
Hi,
Ok that scan was a little quicker!!! :D:
Here is the log:
ComboFix 12-04-22.01 - Owner 04/24/2012 9:28.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.394 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\Forum help 4-21-12\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\Forum help 4-21-12\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Owner\Desktop\csps42full.exe"
"c:\documents and settings\Owner\My Documents\michael delwarte\Downloads\csps42full.exe"
"c:\documents and settings\Owner\My Documents\michael delwarte\Downloads\csps42full.exe.part"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-21 17:31 . 2012-04-21 17:31 -------- d-----w- c:\program files\ERUNT
2012-04-21 02:45 . 2012-04-21 02:45 -------- d-----w- c:\program files\PC Tools
2012-04-21 02:30 . 2012-04-21 03:23 -------- d-----w- c:\program files\Common Files\PC Tools
2012-04-21 02:30 . 2012-02-24 17:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-21 02:30 . 2012-04-21 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-21 02:30 . 2012-04-21 02:30 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp
2012-03-30 02:19 . 2012-03-30 02:19 -------- d-----w- c:\program files\iPod
2012-03-30 02:19 . 2012-03-30 02:20 -------- d-----w- c:\program files\iTunes
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2010-12-27 09:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2011-06-11 12:26 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-06-11 12:26 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-14 22:17 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-06-14 22:17 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-06-14 22:17 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-06-14 22:17 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-06-14 22:17 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2011-06-14 22:17 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2011-06-14 22:17 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2011-06-14 22:17 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2002-08-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-08-29 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-08-29 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-21 05:56 . 2011-05-14 00:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-13 05:51 . 2002-08-29 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-02-03 09:22 . 2002-08-29 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-03-18 20:06 . 2011-03-23 18:04 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-22_20.07.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-24 12:57 . 2012-04-24 12:57 16384 c:\windows\Temp\Perflib_Perfdata_460.dat
+ 2008-06-05 23:52 . 2012-04-23 13:26 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-05 23:52 . 2012-04-16 06:34 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-05 23:52 . 2012-04-23 13:26 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-05 23:52 . 2012-04-16 06:34 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-04-24 13:04 . 2012-04-24 13:04 311296 c:\windows\ERDNT\AutoBackup\4-24-2012\Users\00000002\UsrClass.dat
+ 2012-04-24 13:04 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\4-24-2012\ERDNT.EXE
+ 2012-04-23 13:23 . 2012-04-23 13:23 311296 c:\windows\ERDNT\AutoBackup\4-23-2012\Users\00000002\UsrClass.dat
+ 2012-04-23 13:23 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\4-23-2012\ERDNT.EXE
+ 2012-04-24 13:04 . 2012-04-24 13:04 33021952 c:\windows\ERDNT\AutoBackup\4-24-2012\Users\00000001\ntuser.dat
+ 2012-04-23 13:23 . 2012-04-23 13:23 33021952 c:\windows\ERDNT\AutoBackup\4-23-2012\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2010-9-23 49254]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/3/2011 1:06 PM 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/14/2011 3:17 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/14/2011 3:17 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2011 3:17 PM 20696]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [6/9/2008 1:55 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [6/9/2008 1:52 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [6/9/2008 1:55 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [6/9/2008 1:55 PM 10368]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.SYS --> c:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS --> c:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.SYS --> c:\windows\system32\drivers\CTEAPSFX.SYS [?]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS --> c:\windows\system32\drivers\CTEAPSFX.SYS [?]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.SYS --> c:\windows\system32\drivers\CTEDSPFX.SYS [?]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS --> c:\windows\system32\drivers\CTEDSPFX.SYS [?]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.SYS --> c:\windows\system32\drivers\CTEDSPIO.SYS [?]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS --> c:\windows\system32\drivers\CTEDSPIO.SYS [?]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.SYS --> c:\windows\system32\drivers\CTEDSPSY.SYS [?]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS --> c:\windows\system32\drivers\CTEDSPSY.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.SYS --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.SYS --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [6/5/2008 4:56 PM 17149]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [6/5/2008 4:57 PM 362944]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: microsoft.com\office
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-24 09:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(960)
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-24 09:45:55
ComboFix-quarantined-files.txt 2012-04-24 16:45
ComboFix2.txt 2012-04-23 14:37
ComboFix3.txt 2012-04-22 20:12
ComboFix4.txt 2011-06-21 19:46
.
Pre-Run: 48,264,740,864 bytes free
Post-Run: 48,236,412,928 bytes free
.
- - End Of File - - AD73269132D541192CAD91EE69D08FC7
So how is your system running? :)
Michael D
2012-04-24, 20:38
bingo! :bigthumb::thanks::eek:
Searches yeild the correct links with a click! I am back home. Thank you thank you thank you!!!
I still can not log onto iTunes radio -this morning I tried a few other means to get Internet radio and none of them work either - :scratch:
Any suggestions?
FWIW, I am really amazed how you do this stuff, it is just amazing!
Michael
Hi,
Glad your system is running better. :)
----------
Let's get some updates on your system...
You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html)
You may want to consider Foxit Reader (http://www.foxitsoftware.com/downloads/index.php) instead. It may be a bit lighter on resources.
Visit their support forum
Foxit Forum (http://www.foxitsoftware.com/bbs/forumdisplay.php?f=3)
In either case you should uninstall Adobe Reader 9.5.1 first. Be sure to move any PDF documents to another folder first though.
----------
Go to Start >> Control Panel >> Java >> Update tab >> click on Update Now.
Then go back to Control Panel >> Add/Remove Programs and remove
Java(TM) 6 Update 29
----------
I still can not log onto iTunes radio -this morning I tried a few other means to get Internet radio and none of them work either -
Any suggestions? That really isn't my best area but I can look around and see what I can find for you. :)
----------
Run a new scan with DDS and post both of the logs created to your next reply.
Michael D
2012-04-24, 21:03
Thank you Jeff!
All my PDF files are in other folders because I save them to there... where do I look to see if I have any PDF docs in the program file - sorry I am so dense!
Michael D
2012-04-24, 21:18
Hi,
This "In either case you should uninstall Adobe Reader 9.5.1 first. Be sure to move any PDF documents to another folder first though." is what is confusing me, I do not want to lose any PDF files and I don't know if by uninstalling the Adobe Reader 9.5.1 program I will. Thanks again.
Michael
Good question...just go ahead download the new Adobe Reader and once downloaded remove the old version. I have never had any problems updating nor losing any PDF files. If you want you could put any PDF files you have on a USB drive prior to doing the update if you would feel safer. :)
Michael D
2012-04-24, 22:42
Hi Jeff,
Ok, I installed the Foxit reader program and then uninstalled Adobe Reader 9.5.1; I also removed the Java 6 update 29 - but with your wizard eyes you can probably see this without me telling you! :)
Please notice the attachment and...
Here is the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.1
Run by Owner at 12:27:31 on 2012-04-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.442 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\office
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212714337317
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212769596000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{77B3BB3A-0FAB-42D1-AB17-77A11E5D8029} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B5927AE0-655D-4A43-96BF-CDD9CFAB6835} : DhcpNameServer = 192.168.0.1
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\119ckrol.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-3 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-14 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-14 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-14 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-11 44768]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2008-6-9 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2008-6-9 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2008-6-9 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2008-6-9 10368]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\ct20xut.sys --> c:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\ct20xut.sys --> c:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\cteapsfx.sys --> c:\windows\system32\drivers\CTEAPSFX.SYS [?]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\cteapsfx.sys --> c:\windows\system32\drivers\CTEAPSFX.SYS [?]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\ctedspfx.sys --> c:\windows\system32\drivers\CTEDSPFX.SYS [?]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\ctedspfx.sys --> c:\windows\system32\drivers\CTEDSPFX.SYS [?]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\ctedspio.sys --> c:\windows\system32\drivers\CTEDSPIO.SYS [?]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\ctedspio.sys --> c:\windows\system32\drivers\CTEDSPIO.SYS [?]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\ctedspsy.sys --> c:\windows\system32\drivers\CTEDSPSY.SYS [?]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\ctedspsy.sys --> c:\windows\system32\drivers\CTEDSPSY.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\ctexfifx.sys --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\ctexfifx.sys --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\cthwiut.sys --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\cthwiut.sys --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-6-5 17149]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2008-6-5 362944]
.
=============== Created Last 30 ================
.
2012-04-24 18:30:52 -------- d-----w- c:\program files\Foxit Software
2012-04-21 02:45:47 -------- d-----w- c:\program files\PC Tools
2012-04-21 02:30:54 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-21 02:30:54 -------- d-----w- c:\program files\common files\PC Tools
2012-04-21 02:30:10 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-04-21 02:30:09 -------- d-----w- c:\documents and settings\owner\application data\TestApp
2012-03-30 02:19:50 -------- d-----w- c:\program files\iPod
2012-03-30 02:19:35 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-21 05:56:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-13 05:51:22 26112 ----a-w- c:\windows\system32\userinit.exe
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-27 08:33:03 141312 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 12:30:55.46 ===============
Michael D
2012-04-24, 22:57
Hi Jeff,
oh oh... :sad:
I wanted to go to here:
► 2:24► 2:24
www.youtube.com/watch?v=H8xD8FiIjgw
I was redirected to here:
hXXp://www.happili.com/bc_rus/innerxy.php?q=vintage+vibrolux+reverb+amp&xy=10539
The page is marked unsafe and is the same site that was coming up before - its name is Happili* (or something like that)
I don't know what happened.
Michael
Michael D
2012-04-24, 22:58
WARNING I don't think I should have put that link up on this site :oops:
I changed the link so it is not clickable through here.
Did you antivirus program catch that?
Hi,
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Right-click and Run as Administrator SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
Happili
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Michael D
2012-04-24, 23:09
I changed the link so it is not clickable through here.
Did you antivirus program catch that?
:thanks: for changing the links - big mistake, sorry... I don't know how to check if the antivirus caught it or not, I did not uninstall the Ad-Aware tool bar even though I uninstalled the Ad-Aware program and this is what showed me it was "Unsafe" by turning red.
I will do the next steps - thank you I feel like a real pain to you right now :sad:
Michael
Not a pain at all. :bigthumb:
Michael D
2012-04-24, 23:15
Okay here are the results:
SystemLook 30.07.11 by jpshortstuff
Log created at 13:11 on 24/04/2012 by Owner
Administrator - Elevation successful
========== filefind ==========
Searching for "Happili"
No files found.
-= EOF =-
Hi,
Ok that is good. Looks to be that your security software was doing the job. :bigthumb: Was that the only time that had happened?
Michael D
2012-04-24, 23:33
Well I didn't try it again, but this was the original problem I was having. I would search something and then click on the link to go there but would end up a this Happili* advert page instead.
But if I copied the link and pasted it to the browser it would go to the right place. It was only when I clicked on the link that I was re-directed. I'm going to try it again several times.
Well it is still happening every time on different links for the same search. I searched Frank Zappa quotes and every link got the Happili* advert page, but when I search Dizzy Gillespie all the links are fine. WHA???
I think I was wrong about the Ad-Aware tool bar, it is Mozilla Firefox that has the red bars the Ad-Aware tool bar shows it as a safe page.
Maybe I should just remove the Ad-Aware tool bar, I don't think it is serving any purpose.
Very confused,
Michael
Michael D
2012-04-24, 23:35
The above post ^^^^^ I switched horses mid stream, sorry about that. It probably is confusing the way I worded it.
Hi,
Do you use a wireless router by chance?
Michael D
2012-04-25, 02:24
Hi,
I am hard wired into a wireless router.
Michael
Hi,
Ok...
Reset the Router
Let’s try to reset the router to its default configuration.
this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
if you don’t know the router's default password, you can look it up. here (http://www.routerpasswords.com/)
you also need to reconfigure any security settings you had in place prior to the reset.
you may also need to consult with your Internet service provider to find out which DNS servers your network should be using.
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.
----------
Michael D
2012-04-25, 08:41
Hi Jeff,
Thank you for the response.
I don't have access to the router right now but I will in the morning. it is in another part of the house (I am renting) --- :snorkle:
I have been inside the router before so I know the passcodes.
A few questions:
---Will this reset screw up the other devices on the router (all of them are wireless btw, except one other computer that is almost never used). I am very sure they (the other users) just use the wireless key provided and that is it.
---And, I don't know about any security settings or what they should be, would you be able to help me with this or am I able to copy them to put them back? If the security settings are not right to begin with I would rather make them safer and work correctly. Or is this the wireless key that you are talking about? I would be able to convince the other users most likely to change the key if it will help... anyway this stuff I know very little about.
I don't think the router was ever properly set up to begin with. Because of the trouble I recently set the firewall to the highest setting just to be safer.
---What are the chances of me having to call the provider (DSL) for the DNS server number(s) just as a matter of curiosity because I could get that out of the way early if there is a good chance I need them.
I recently did a test as a result of the FBI investigation a good friend told me about and I called him to confirm the validity. Here is what he sent me --- I came back green
Subject: Internet may drop for hundreds of thousands in July due to hacker malware
Use this link to check your DNS server. Green is good, Red is bad.
http://www.dcwg.org/detect/
WASHINGTON (KABC) -- A few mouse clicks could mean the difference between staying online and losing your Internet connection this summer.
Unknown to most computer users, the problem began with international hackers running an online advertising scam to take control of infected computers worldwide. In response, the FBI set up a safety net months ago to prevent Internet disruptions for those infected users. But here's where the problem kicks in - that system is to be shut down.
So, the FBI is encouraging computer users to visit www.dcwg.org, a website run by its security partner. The website contains information to see if your computer is infected and explains how to fix the problem.
After July 9, infected users will not be able to connect to the Internet.
Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.
Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers. However, officials said if they just threw everyone involved in jail, the victims of the virus would be without Internet service.
"The average user would open up Internet Explorer and get 'page not found' and think the Internet is broken," explained Tom Grasso, an FBI supervisory special agent.
On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone the opportunity to clean their computers. But it wasn't enough time. A federal judge in New York extended the deadline until July.
Now, said Grasso, "the full court press is on to get people to address this problem." And it's up to computer users to check their PCs.
Here's what the hackers did: They infected a network of probably more than 570,000 computers worldwide. The malware turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet's domain name system.
The DNS system is a network of servers that translates a Web address into the numerical addresses that computers use. Victims' computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.
The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.
When the FBI and others made the arrests in November, the agency replaced the rogue servers with clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.
The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.
So that is it in a nutshell, nothing more I can do tonight but can do in the morning. Thank you for seeing this through, truly awesome! :rockon:
With Respect,
Michael
Hi,
So you don't need to renew all your devices on the wireless router let's do this...
In the run box type the following
diskmgmt.msc
When disc management opens expand it so that all drives are visible
Take a screenshot and post it here
Are you able to burn a CD on another computer ?
-------------
Michael D
2012-04-25, 18:58
Hi Good Morning,
I am unable to post a screen shot as I do not know how to do this. I have the screen shot saved as a Paint file... a .bmp file. This type of file is not on the upload list and it will not paste here. I am just not the smartest kid in school on this stuff, like I said before :confused:.
I have never tried to do anything with the other computers here with any type of sharing. At the old place I had it set up that the computers could print but that is not here and I am sure I disabled printer and file share.. but over the months I have seen some iTunes playlists from one of the kids living here, but the system switches have changed quite a bit over this time too. There has been problems in the past involving sharing sites etc...
I have not seen this recently.
Sorry I am being so vague - to put it in to perspective, I am a computer wiz compared to the other fine folks who live here - very nice people but not too keen with the technology.
To the screen shot, it shows only my two drives, the DVD that never really worked properly and my C drive... everything shows healthy with one partition - file system, etc...
I have a USB floppy and a CD that I power up when I need them.
Hope this helps, I can post the screen shot if I learn how to do it.
Michael
Hi,
No problem...
Ok...after you open up disk management and get it expanded to show the partition sizes >> press Print Screen button (PrtScn) >> Go to Start > Accessories > Paint.
When Paint opens click Edit > Paste and then it should show the screen you are trying to show me.
Now Press File >> Save as >> name your file and save it as a .jpeg to your Desktop where you can find it easily.
Now attach it here. :)
Michael D
2012-04-26, 00:59
Hi.
That was easy... save as JPEG - got it. here is is :bigthumb:
Michael
Hi,
That looks good.
By the way...the question you asked me about the infection DNS Changer on July 9th is accurate. Just use the link you provided to check you computer. Like you said Green is good Red is bad. :)
Are you still being redirected? What browsers are you experiencing it with?
Michael D
2012-04-26, 16:54
On Firefox I searched a random search and all the sites all linked up correctly, but one sent me to Happili site every time; when I clicked on the same link again, it fix and it was correct (but please see how in next description). It appears to be random but I sorta found a pattern. I did this several times and it was the same each time. The sites that sent me to Happili were marked at a low rating (one or two bars) green. After I clicked on a full bar green those sites sent me correctly, and then I went back to the low rated link it was fix... the same link low bar site, AFTER clicking on a full bar site, was fixed. I hope that was not too confusing. Not sure if it matters. but that is what happened
On IE I never was directed to Happili.
I do not have any other browsers installed, but iTunes might be a browser and that is still not connecting to the Internet to bring up the radio.
Just to mention it, most of the time it WAS happili.com that I arrived at when redirected, but there was at least one other site, that I have not seen since your fix thus far. Since the fixes I have only seen Happili.
As I mentioned, I still can not get to the internet for iTunes radio it shows it is searching and then just nothing. Not sure what else to say... except :thanks:
Hi,
Ok that sounds like there is a problem with the website itself and not anything on your system. :)
As for iTunes I have read that there is a widespread problem with iTunes radio right now for everyone. Apple is aware of it and is working on a fix. You can read about it here (https://discussions.apple.com/thread/3759877?start=0&tstart=0).
Michael D
2012-04-26, 19:04
So it is probably the web site? If I get linked to this web site will I get re-infected? This whole thing is very disappointing. :sad:
I just now got spammed and a huge amount of E-mails are going all over the place, I am getting all sorts of responses - I am really at a loss. I changed my password to the E-mail account (AOL free) but didn't do anything else. Are my other passwords at risk and my organizer, address book, bank stuff? All the stuff that is in my computer could they get to that?
Michael
Michael D
2012-04-26, 19:24
There seems to be a link at the bottom of all the E-mails relating to a "customer service" notification link I filled out yesterday. I can share the details if it makes a difference. How were these jokers able to E-mail my contacts?
I said it before... very disappointing - I am worried about the rest of my computer and if they might have access to personal information.
Well to be on the safe side I would change all passwords from a clean computer until we finish. :)
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Attach the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
----------
Michael D
2012-04-26, 21:09
Hi Jeff,
I think I know what happened - really dumb of me -- I am a single dad and I try to do things in the morning while also getting my child going for school. I attached a screen shot of the page I went to.
I think I got scammed and then spammed --- not smart of me :sick:
I will not post the link here for obvious reasons - I can not do things on the Internet that are not "foolproof" before 9am, or anytime apparently :clown:.
Thanks for listening to my rant, but things are not the best now - btw I have got one more Happili and another really slick looking one called Style or something like that very nice looking but had nothing to do with the search.
I just feel messed up right now,
Michael
Michael D
2012-04-26, 21:26
Hi,
FWIW,
Avast found one threat and Malwarebytes found zero...
I will run the scan you requested...
I can't find the log for tdsskiller -- I did not do anything with avast, and here is the malwarebytes. I know I am not following direction very well sorry...
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.23.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: MICHAEL-9L4P8YF [administrator]
4/26/2012 9:12:25 AM
mbam-log-2012-04-26 (09-12-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234637
Time elapsed: 49 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
Michael D
2012-04-26, 21:30
Oh.... no malicious items where found on the tdsskiller scan. is the log in the program files or ??? :confused:
Hi,
I try to do things in the morning while also getting my child going for school.LOL!! So do I! :laugh:
----------
Thanks for listening to my rant, but things are not the best now Don't worry about it. :) Having an infected computer can be frustrating I know...that is how I got into doing this myself.
----------
Look in C:\ for the TDSSKiller log....if there post that please.
Also what did Avast find? :)
Please download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
Michael D
2012-04-26, 23:34
Hi Jeff,
I can't find a log for the tsskiller I did a search of the C drive. Both an auto search and I click through the folders - it is not there as far as I can see.
Avast found a virus and is requesting a boot time scan, the virus was moved to the chest. I don't know how to get a log to show you what Avast found.
Michael
Michael D
2012-04-26, 23:40
Ok, here is that one...
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 119):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7AAE000 \WINDOWS\system32\KDCOM.DLL
0xF79BE000 \WINDOWS\system32\BOOTVID.dll
0xF747F000 ACPI.sys
0xF7AB0000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF746E000 pci.sys
0xF75AE000 isapnp.sys
0xF75BE000 ohci1394.sys
0xF75CE000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF7B76000 pciide.sys
0xF782E000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF75DE000 MountMgr.sys
0xF744F000 ftdisk.sys
0xF7836000 PartMgr.sys
0xF75EE000 VolSnap.sys
0xF7437000 atapi.sys
0xF75FE000 disk.sys
0xF760E000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7417000 fltmgr.sys
0xF7405000 sr.sys
0xF761E000 Lbd.sys
0xF73EE000 KSecDD.sys
0xF73DB000 WudfPf.sys
0xF734E000 Ntfs.sys
0xF7321000 NDIS.sys
0xF7307000 Mup.sys
0xF66FD000 \SystemRoot\system32\DRIVERS\SMBios.sys
0xF66DD000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF6664000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7936000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF6640000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF793E000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF6619000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF6605000 \SystemRoot\System32\DRIVERS\parport.sys
0xF66CD000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7946000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF794E000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF66BD000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7A6E000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF66AD000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF669D000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF768E000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF65E2000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7CD6000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF769E000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7A76000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF65CB000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF76AE000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF76BE000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7956000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF65BA000 \SystemRoot\System32\DRIVERS\psched.sys
0xF76CE000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF795E000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7966000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF76DE000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7ACE000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF655C000 \SystemRoot\System32\DRIVERS\update.sys
0xF7A82000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF76EE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF63C8000 \SystemRoot\system32\drivers\sthda.sys
0xF63A4000 \SystemRoot\system32\drivers\portcls.sys
0xF76FE000 \SystemRoot\system32\drivers\drmk.sys
0xF772E000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7AD6000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7ADE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BD1000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AE0000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79A6000 \SystemRoot\System32\drivers\vga.sys
0xF622C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF7AE2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AE4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79AE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79B6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF72C6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF61F9000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF61A0000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF773E000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF617A000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF6152000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF774E000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF7846000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF7A4A000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF6130000 \SystemRoot\System32\drivers\afd.sys
0xF775E000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF60DD000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF606D000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF777E000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7A5A000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF601C000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF5EE1000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF765E000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF776E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF537C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B74000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF5722000 \SystemRoot\System32\drivers\Dxapi.sys
0xF5D59000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C0D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xF5ED9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF5DBD000 \SystemRoot\System32\DRIVERS\AegisP.sys
0xF5DB1000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF4C13000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF4966000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7B52000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF4799000 \SystemRoot\system32\drivers\wdmaud.sys
0xF4B0B000 \SystemRoot\system32\drivers\sysaudio.sys
0xF4557000 \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
0xF43FB000 \SystemRoot\System32\DRIVERS\srv.sys
0xF7916000 \??\C:\WINDOWS\system32\drivers\osaio.sys
0xF43E4000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys
0xF7B62000 \??\C:\WINDOWS\system32\drivers\SIODRV.SYS
0xF43D4000 \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
0xF400B000 \SystemRoot\System32\Drivers\HTTP.sys
0xF3FBF000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 37):
0 System Idle Process
4 System
608 C:\WINDOWS\system32\smss.exe
656 csrss.exe
680 C:\WINDOWS\system32\winlogon.exe
724 C:\WINDOWS\system32\services.exe
736 C:\WINDOWS\system32\lsass.exe
908 C:\WINDOWS\system32\svchost.exe
976 svchost.exe
1072 C:\WINDOWS\system32\svchost.exe
1112 C:\WINDOWS\system32\svchost.exe
1188 svchost.exe
1284 svchost.exe
1432 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1564 C:\WINDOWS\system32\spoolsv.exe
900 svchost.exe
1216 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1300 C:\Program Files\Bonjour\mDNSResponder.exe
308 C:\WINDOWS\explorer.exe
248 C:\Program Files\IDT\WDM\sttray.exe
560 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1308 C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
1460 C:\Program Files\iTunes\iTunesHelper.exe
1644 C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
1692 C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
2088 C:\Program Files\Java\jre7\bin\jqs.exe
2628 C:\WINDOWS\system32\svchost.exe
2760 C:\Program Files\UPHClean\uphclean.exe
3016 C:\Program Files\iPod\bin\iPodService.exe
3552 alg.exe
2472 C:\Program Files\Mozilla Firefox\firefox.exe
3944 C:\Program Files\Mozilla Firefox\plugin-container.exe
296 C:\WINDOWS\notepad.exe
2436 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
412 C:\WINDOWS\system32\wscntfy.exe
3084 C:\WINDOWS\system32\rundll32.exe
3736 C:\Documents and Settings\Owner\Desktop\Forum help 4-21-12\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: WDCWD1600JS-19MHB0, Rev: 02.01C03
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
Hi,
MBRCheck looked good as well.
Let's do this...it may be something in Firefox itself.
Please do the following:
Hold down the Windows key and press R to open a run box
type the following text into the run box
appwiz.cpl
This will open your Programs And Features. A list of installed programs will populate
Remove the following programs if still there:
Mozzila Firefox
----------
Run TDSSKiller again using the same instructions I provided earlier and post that log that is created.
----------
Next download a new copy of Firefox from here (http://www.mozilla.org/en-US/firefox/new/) and install it. Once installed have a good run around with it and see if the redirects are there.
Michael D
2012-04-27, 03:40
Hi Jeff,
Okay I will do that. Just so you know, I finished out the quick scan of avast and then did a full scan after fully updating it and checking the version too. I put the stuff in the chest and at the recommendation of the avast program I ran a boot scan and choose to put all the infected files into the chest as well.
If you could direct me I would be happy to post the avast log, but I do not know how to do this.
I will follow your instructions now to do a clean install of firefox.
Do you still think this could be a router issue?
Michael
Michael D
2012-04-27, 03:51
Hi,
I don't know if this is the log or not... is is marked "report" when the scan finishes... there were zero threats.
Here is a copy:
17:47:12.0546 3236 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
17:47:13.0078 3236 ============================================================
17:47:13.0078 3236 Current date / time: 2012/04/26 17:47:13.0078
17:47:13.0078 3236 SystemInfo:
17:47:13.0078 3236
17:47:13.0078 3236 OS Version: 5.1.2600 ServicePack: 3.0
17:47:13.0078 3236 Product type: Workstation
17:47:13.0078 3236 ComputerName: MICHAEL-9L4P8YF
17:47:13.0093 3236 UserName: Owner
17:47:13.0093 3236 Windows directory: C:\WINDOWS
17:47:13.0093 3236 System windows directory: C:\WINDOWS
17:47:13.0093 3236 Processor architecture: Intel x86
17:47:13.0093 3236 Number of processors: 2
17:47:13.0093 3236 Page size: 0x1000
17:47:13.0093 3236 Boot type: Normal boot
17:47:13.0093 3236 ============================================================
17:47:16.0703 3236 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:47:16.0703 3236 ============================================================
17:47:16.0703 3236 \Device\Harddisk0\DR0:
17:47:16.0703 3236 MBR partitions:
17:47:16.0703 3236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
17:47:16.0703 3236 ============================================================
17:47:16.0750 3236 C: <-> \Device\Harddisk0\DR0\Partition0
17:47:16.0750 3236 ============================================================
17:47:16.0750 3236 Initialize success
17:47:16.0750 3236 ============================================================
17:47:56.0296 3396 ============================================================
17:47:56.0296 3396 Scan started
17:47:56.0296 3396 Mode: Manual; TDLFS;
17:47:56.0296 3396 ============================================================
17:47:56.0687 3396 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
17:47:56.0687 3396 61883 - ok
17:47:56.0765 3396 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:47:56.0765 3396 Aavmker4 - ok
17:47:56.0765 3396 Abiosdsk - ok
17:47:56.0796 3396 abp480n5 - ok
17:47:56.0875 3396 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:47:56.0890 3396 ACPI - ok
17:47:56.0953 3396 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:47:56.0953 3396 ACPIEC - ok
17:47:56.0968 3396 adpu160m - ok
17:47:57.0046 3396 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:47:57.0046 3396 aec - ok
17:47:57.0093 3396 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:47:57.0109 3396 AegisP - ok
17:47:57.0140 3396 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:47:57.0140 3396 AFD - ok
17:47:57.0156 3396 Aha154x - ok
17:47:57.0187 3396 aic78u2 - ok
17:47:57.0203 3396 aic78xx - ok
17:47:57.0328 3396 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:47:57.0328 3396 Alerter - ok
17:47:57.0359 3396 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:47:57.0359 3396 ALG - ok
17:47:57.0375 3396 AliIde - ok
17:47:57.0390 3396 amsint - ok
17:47:57.0593 3396 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:47:57.0593 3396 Apple Mobile Device - ok
17:47:57.0609 3396 AppMgmt - ok
17:47:57.0671 3396 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:47:57.0671 3396 Arp1394 - ok
17:47:57.0687 3396 asc - ok
17:47:57.0703 3396 asc3350p - ok
17:47:57.0734 3396 asc3550 - ok
17:47:57.0906 3396 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:47:57.0921 3396 aspnet_state - ok
17:47:57.0953 3396 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:47:57.0953 3396 aswFsBlk - ok
17:47:58.0015 3396 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
17:47:58.0015 3396 aswMon2 - ok
17:47:58.0062 3396 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
17:47:58.0062 3396 aswRdr - ok
17:47:58.0125 3396 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
17:47:58.0171 3396 aswSnx - ok
17:47:58.0234 3396 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
17:47:58.0250 3396 aswSP - ok
17:47:58.0296 3396 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
17:47:58.0296 3396 aswTdi - ok
17:47:58.0328 3396 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:47:58.0328 3396 AsyncMac - ok
17:47:58.0375 3396 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:47:58.0375 3396 atapi - ok
17:47:58.0390 3396 Atdisk - ok
17:47:58.0437 3396 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:47:58.0437 3396 Atmarpc - ok
17:47:58.0515 3396 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:47:58.0515 3396 AudioSrv - ok
17:47:58.0562 3396 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:47:58.0578 3396 audstub - ok
17:47:58.0640 3396 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:47:58.0640 3396 avast! Antivirus - ok
17:47:58.0703 3396 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
17:47:58.0703 3396 Avc - ok
17:47:58.0765 3396 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:47:58.0765 3396 Beep - ok
17:47:58.0843 3396 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:47:58.0906 3396 BITS - ok
17:47:58.0984 3396 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:47:59.0031 3396 Bonjour Service - ok
17:47:59.0078 3396 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
17:47:59.0078 3396 brfilt - ok
17:47:59.0093 3396 Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\system32\brsvc01a.exe
17:47:59.0093 3396 Brother XP spl Service - ok
17:47:59.0140 3396 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:47:59.0156 3396 Browser - ok
17:47:59.0171 3396 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
17:47:59.0171 3396 BrSerWDM - ok
17:47:59.0203 3396 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
17:47:59.0203 3396 BrUsbMdm - ok
17:47:59.0265 3396 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
17:47:59.0265 3396 BrUsbScn - ok
17:47:59.0421 3396 catchme - ok
17:47:59.0468 3396 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:47:59.0468 3396 cbidf2k - ok
17:47:59.0484 3396 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:47:59.0500 3396 CCDECODE - ok
17:47:59.0500 3396 cd20xrnt - ok
17:47:59.0562 3396 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:47:59.0562 3396 Cdaudio - ok
17:47:59.0625 3396 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:47:59.0625 3396 Cdfs - ok
17:47:59.0656 3396 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:47:59.0656 3396 Cdrom - ok
17:47:59.0671 3396 Changer - ok
17:47:59.0718 3396 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:47:59.0734 3396 CiSvc - ok
17:47:59.0750 3396 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:47:59.0750 3396 ClipSrv - ok
17:47:59.0890 3396 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:47:59.0984 3396 clr_optimization_v2.0.50727_32 - ok
17:48:00.0000 3396 CmdIde - ok
17:48:00.0015 3396 COMMONFX - ok
17:48:00.0031 3396 COMMONFX.SYS - ok
17:48:00.0062 3396 COMSysApp - ok
17:48:00.0109 3396 Cpqarray - ok
17:48:00.0156 3396 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:48:00.0171 3396 CryptSvc - ok
17:48:00.0171 3396 CT20XUT - ok
17:48:00.0203 3396 CT20XUT.SYS - ok
17:48:00.0218 3396 ctac32k - ok
17:48:00.0250 3396 ctaud2k - ok
17:48:00.0265 3396 CTAUDFX - ok
17:48:00.0296 3396 CTAUDFX.SYS - ok
17:48:00.0312 3396 CTEAPSFX - ok
17:48:00.0343 3396 CTEAPSFX.SYS - ok
17:48:00.0359 3396 CTEDSPFX - ok
17:48:00.0375 3396 CTEDSPFX.SYS - ok
17:48:00.0406 3396 CTEDSPIO - ok
17:48:00.0453 3396 CTEDSPIO.SYS - ok
17:48:00.0468 3396 CTEDSPSY - ok
17:48:00.0484 3396 CTEDSPSY.SYS - ok
17:48:00.0515 3396 CTERFXFX - ok
17:48:00.0531 3396 CTERFXFX.SYS - ok
17:48:00.0562 3396 CTEXFIFX - ok
17:48:00.0578 3396 CTEXFIFX.SYS - ok
17:48:00.0593 3396 CTHWIUT - ok
17:48:00.0625 3396 CTHWIUT.SYS - ok
17:48:00.0640 3396 ctprxy2k - ok
17:48:00.0671 3396 CTSBLFX - ok
17:48:00.0703 3396 CTSBLFX.SYS - ok
17:48:00.0765 3396 ctsfm2k (8cc0d8a826974a2fde2d24b2739ad177) C:\WINDOWS\system32\drivers\ctsfm2k.sys
17:48:00.0765 3396 ctsfm2k - ok
17:48:00.0781 3396 dac2w2k - ok
17:48:00.0796 3396 dac960nt - ok
17:48:00.0890 3396 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:48:00.0937 3396 DcomLaunch - ok
17:48:01.0015 3396 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:48:01.0015 3396 Dhcp - ok
17:48:01.0046 3396 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:48:01.0046 3396 Disk - ok
17:48:01.0078 3396 dmadmin - ok
17:48:01.0156 3396 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:48:01.0234 3396 dmboot - ok
17:48:01.0312 3396 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:48:01.0312 3396 dmio - ok
17:48:01.0375 3396 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:48:01.0390 3396 dmload - ok
17:48:01.0453 3396 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:48:01.0453 3396 dmserver - ok
17:48:01.0531 3396 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:48:01.0531 3396 DMusic - ok
17:48:01.0578 3396 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\System32\DNINDIS5.SYS
17:48:01.0578 3396 DNINDIS5 - ok
17:48:01.0625 3396 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:48:01.0625 3396 Dnscache - ok
17:48:01.0656 3396 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:48:01.0671 3396 Dot3svc - ok
17:48:01.0687 3396 dpti2o - ok
17:48:01.0734 3396 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:48:01.0734 3396 drmkaud - ok
17:48:01.0781 3396 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:48:01.0812 3396 E100B - ok
17:48:01.0859 3396 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:48:01.0875 3396 EapHost - ok
17:48:01.0875 3396 emupia - ok
17:48:01.0937 3396 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:48:01.0937 3396 ERSvc - ok
17:48:02.0000 3396 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:48:02.0015 3396 Eventlog - ok
17:48:02.0062 3396 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
17:48:02.0078 3396 EventSystem - ok
17:48:02.0125 3396 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:48:02.0125 3396 Fastfat - ok
17:48:02.0171 3396 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:48:02.0218 3396 FastUserSwitchingCompatibility - ok
17:48:02.0250 3396 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:48:02.0265 3396 Fdc - ok
17:48:02.0281 3396 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:48:02.0281 3396 Fips - ok
17:48:02.0296 3396 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:48:02.0296 3396 Flpydisk - ok
17:48:02.0343 3396 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:48:02.0343 3396 FltMgr - ok
17:48:02.0500 3396 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:48:02.0500 3396 FontCache3.0.0.0 - ok
17:48:02.0562 3396 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:48:02.0562 3396 Fs_Rec - ok
17:48:02.0593 3396 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:48:02.0609 3396 Ftdisk - ok
17:48:02.0640 3396 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:48:02.0640 3396 GEARAspiWDM - ok
17:48:02.0687 3396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:48:02.0687 3396 Gpc - ok
17:48:02.0703 3396 ha10kx2k - ok
17:48:02.0734 3396 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:48:02.0734 3396 HDAudBus - ok
17:48:02.0843 3396 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:48:02.0859 3396 helpsvc - ok
17:48:02.0859 3396 HidServ - ok
17:48:02.0921 3396 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:48:02.0937 3396 hkmsvc - ok
17:48:02.0953 3396 hpn - ok
17:48:03.0015 3396 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:48:03.0015 3396 HTTP - ok
17:48:03.0062 3396 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:48:03.0078 3396 HTTPFilter - ok
17:48:03.0093 3396 i2omgmt - ok
17:48:03.0109 3396 i2omp - ok
17:48:03.0140 3396 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:48:03.0140 3396 i8042prt - ok
17:48:03.0265 3396 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:48:03.0296 3396 idsvc - ok
17:48:03.0312 3396 igfx - ok
17:48:03.0515 3396 iHCService (867c4b13649809f7a9f241e12f8c747a) C:\Program Files\Intel\IDU\IDUServ.exe
17:48:03.0578 3396 iHCService - ok
17:48:03.0671 3396 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:48:03.0671 3396 Imapi - ok
17:48:03.0734 3396 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:48:03.0734 3396 ImapiService - ok
17:48:03.0765 3396 ini910u - ok
17:48:03.0796 3396 IntelIde - ok
17:48:03.0859 3396 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:48:03.0859 3396 intelppm - ok
17:48:03.0921 3396 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:48:03.0921 3396 ip6fw - ok
17:48:03.0953 3396 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:48:03.0953 3396 IpFilterDriver - ok
17:48:03.0984 3396 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:48:03.0984 3396 IpInIp - ok
17:48:04.0031 3396 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:48:04.0046 3396 IpNat - ok
17:48:04.0140 3396 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
17:48:04.0187 3396 iPod Service - ok
17:48:04.0234 3396 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:48:04.0234 3396 IPSec - ok
17:48:04.0250 3396 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:48:04.0250 3396 IRENUM - ok
17:48:04.0343 3396 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:48:04.0343 3396 isapnp - ok
17:48:04.0515 3396 JavaQuickStarterService (973db7ac74c554c546f8b0b7b98fb855) C:\Program Files\Java\jre7\bin\jqs.exe
17:48:04.0531 3396 JavaQuickStarterService - ok
17:48:04.0593 3396 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:48:04.0593 3396 Kbdclass - ok
17:48:04.0656 3396 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:48:04.0671 3396 kmixer - ok
17:48:04.0703 3396 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:48:04.0703 3396 KSecDD - ok
17:48:04.0750 3396 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:48:04.0765 3396 lanmanserver - ok
17:48:04.0828 3396 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:48:04.0859 3396 lanmanworkstation - ok
17:48:04.0890 3396 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:48:04.0906 3396 Lbd - ok
17:48:04.0921 3396 lbrtfdc - ok
17:48:04.0984 3396 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:48:04.0984 3396 LmHosts - ok
17:48:05.0031 3396 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:48:05.0031 3396 Messenger - ok
17:48:05.0062 3396 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
17:48:05.0062 3396 mf - ok
17:48:05.0125 3396 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:48:05.0125 3396 mnmdd - ok
17:48:05.0171 3396 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
17:48:05.0187 3396 mnmsrvc - ok
17:48:05.0234 3396 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:48:05.0234 3396 Modem - ok
17:48:05.0296 3396 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:48:05.0296 3396 Mouclass - ok
17:48:05.0328 3396 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:48:05.0343 3396 MountMgr - ok
17:48:05.0343 3396 mraid35x - ok
17:48:05.0375 3396 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:48:05.0375 3396 MRxDAV - ok
17:48:05.0453 3396 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:48:05.0468 3396 MRxSmb - ok
17:48:05.0515 3396 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
17:48:05.0515 3396 MSDTC - ok
17:48:05.0578 3396 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
17:48:05.0578 3396 MSDV - ok
17:48:05.0593 3396 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:48:05.0593 3396 Msfs - ok
17:48:05.0609 3396 MSIServer - ok
17:48:05.0671 3396 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:48:05.0671 3396 MSKSSRV - ok
17:48:05.0703 3396 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:48:05.0718 3396 MSPCLOCK - ok
17:48:05.0734 3396 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:48:05.0734 3396 MSPQM - ok
17:48:05.0781 3396 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:48:05.0781 3396 mssmbios - ok
17:48:05.0812 3396 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:48:05.0812 3396 MSTEE - ok
17:48:05.0843 3396 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:48:05.0859 3396 Mup - ok
17:48:05.0890 3396 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:48:05.0890 3396 NABTSFEC - ok
17:48:05.0953 3396 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:48:05.0984 3396 napagent - ok
17:48:06.0015 3396 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:48:06.0015 3396 NDIS - ok
17:48:06.0062 3396 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:48:06.0062 3396 NdisIP - ok
17:48:06.0109 3396 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:48:06.0125 3396 NdisTapi - ok
17:48:06.0140 3396 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:48:06.0140 3396 Ndisuio - ok
17:48:06.0171 3396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:48:06.0171 3396 NdisWan - ok
17:48:06.0218 3396 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:48:06.0218 3396 NDProxy - ok
17:48:06.0250 3396 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:48:06.0250 3396 NetBIOS - ok
17:48:06.0296 3396 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:48:06.0312 3396 NetBT - ok
17:48:06.0359 3396 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:48:06.0359 3396 NetDDE - ok
17:48:06.0375 3396 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:48:06.0390 3396 NetDDEdsdm - ok
17:48:06.0421 3396 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:48:06.0437 3396 Netlogon - ok
17:48:06.0484 3396 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:48:06.0515 3396 Netman - ok
17:48:06.0656 3396 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:48:06.0687 3396 NetTcpPortSharing - ok
17:48:06.0734 3396 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:48:06.0734 3396 NIC1394 - ok
17:48:06.0796 3396 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:48:06.0843 3396 Nla - ok
17:48:06.0843 3396 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:48:06.0859 3396 Npfs - ok
17:48:06.0906 3396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:48:06.0921 3396 Ntfs - ok
17:48:06.0937 3396 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
17:48:06.0937 3396 NtLmSsp - ok
17:48:07.0015 3396 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:48:07.0031 3396 NtmsSvc - ok
17:48:07.0078 3396 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:48:07.0078 3396 Null - ok
17:48:07.0125 3396 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:48:07.0125 3396 NwlnkFlt - ok
17:48:07.0140 3396 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:48:07.0156 3396 NwlnkFwd - ok
17:48:07.0171 3396 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:48:07.0171 3396 ohci1394 - ok
17:48:07.0234 3396 OsaFsLoc (1933b17550d3e64c5d189df39f2e38e6) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
17:48:07.0234 3396 OsaFsLoc - ok
17:48:07.0296 3396 osaio (b270a30ae97524e7edb5eca7b2afb846) C:\WINDOWS\system32\drivers\osaio.sys
17:48:07.0312 3396 osaio - ok
17:48:07.0437 3396 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:48:07.0437 3396 ose - ok
17:48:07.0500 3396 ossrv (f8f7fe5d67c47c2f1016f7a139e0f664) C:\WINDOWS\system32\drivers\ctoss2k.sys
17:48:07.0500 3396 ossrv - ok
17:48:07.0546 3396 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:48:07.0562 3396 Parport - ok
17:48:07.0562 3396 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:48:07.0578 3396 PartMgr - ok
17:48:07.0640 3396 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:48:07.0640 3396 ParVdm - ok
17:48:07.0671 3396 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:48:07.0671 3396 PCI - ok
17:48:07.0687 3396 PCIDump - ok
17:48:07.0718 3396 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:48:07.0718 3396 PCIIde - ok
17:48:07.0765 3396 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:48:07.0781 3396 Pcmcia - ok
17:48:07.0781 3396 PDCOMP - ok
17:48:07.0812 3396 PDFRAME - ok
17:48:07.0828 3396 PDRELI - ok
17:48:07.0843 3396 PDRFRAME - ok
17:48:07.0875 3396 perc2 - ok
17:48:07.0890 3396 perc2hib - ok
17:48:07.0968 3396 PfModNT (28157deb9473631ba94fe9965b5e0050) C:\WINDOWS\system32\drivers\PfModNT.sys
17:48:07.0968 3396 PfModNT - ok
17:48:08.0031 3396 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:48:08.0046 3396 PlugPlay - ok
17:48:08.0062 3396 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:48:08.0078 3396 PolicyAgent - ok
17:48:08.0109 3396 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:48:08.0125 3396 PptpMiniport - ok
17:48:08.0171 3396 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:48:08.0171 3396 Processor - ok
17:48:08.0187 3396 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:48:08.0187 3396 ProtectedStorage - ok
17:48:08.0218 3396 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:48:08.0218 3396 PSched - ok
17:48:08.0234 3396 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:48:08.0234 3396 Ptilink - ok
17:48:08.0296 3396 QBCFMonitorService (f6ea2dce39f1accb2c6c38d61fc79075) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
17:48:08.0296 3396 QBCFMonitorService - ok
17:48:08.0343 3396 QBFCService (bab30d2799754f6ea22f0b9076311793) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
17:48:08.0359 3396 QBFCService - ok
17:48:08.0359 3396 ql1080 - ok
17:48:08.0390 3396 Ql10wnt - ok
17:48:08.0406 3396 ql12160 - ok
17:48:08.0437 3396 ql1240 - ok
17:48:08.0453 3396 ql1280 - ok
17:48:08.0500 3396 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:48:08.0500 3396 RasAcd - ok
17:48:08.0546 3396 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:48:08.0562 3396 RasAuto - ok
17:48:08.0609 3396 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:48:08.0609 3396 Rasl2tp - ok
17:48:08.0656 3396 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:48:08.0703 3396 RasMan - ok
17:48:08.0718 3396 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:48:08.0734 3396 RasPppoe - ok
17:48:08.0750 3396 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:48:08.0765 3396 Raspti - ok
17:48:08.0796 3396 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:48:08.0812 3396 Rdbss - ok
17:48:08.0859 3396 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:48:08.0859 3396 RDPCDD - ok
17:48:08.0937 3396 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:48:08.0937 3396 RDPWD - ok
17:48:09.0000 3396 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:48:09.0031 3396 RDSessMgr - ok
17:48:09.0078 3396 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:48:09.0078 3396 redbook - ok
17:48:09.0109 3396 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:48:09.0125 3396 RemoteAccess - ok
17:48:09.0140 3396 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
17:48:09.0156 3396 RpcLocator - ok
17:48:09.0218 3396 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:48:09.0234 3396 RpcSs - ok
17:48:09.0281 3396 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
17:48:09.0296 3396 RSVP - ok
17:48:09.0312 3396 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:48:09.0328 3396 SamSs - ok
17:48:09.0359 3396 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:48:09.0375 3396 SCardSvr - ok
17:48:09.0437 3396 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:48:09.0453 3396 Schedule - ok
17:48:09.0500 3396 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:48:09.0500 3396 Secdrv - ok
17:48:09.0531 3396 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:48:09.0546 3396 seclogon - ok
17:48:09.0562 3396 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:48:09.0562 3396 SENS - ok
17:48:09.0593 3396 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:48:09.0593 3396 serenum - ok
17:48:09.0625 3396 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:48:09.0625 3396 Serial - ok
17:48:09.0687 3396 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
17:48:09.0687 3396 Sfloppy - ok
17:48:09.0765 3396 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:48:09.0812 3396 SharedAccess - ok
17:48:09.0875 3396 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:48:09.0890 3396 ShellHWDetection - ok
17:48:09.0906 3396 Simbad - ok
17:48:09.0953 3396 SIODRV (6fbba21e5ad173ecad3144ddff3a89bf) C:\WINDOWS\system32\drivers\SIODRV.SYS
17:48:09.0953 3396 SIODRV - ok
17:48:10.0000 3396 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:48:10.0000 3396 SLIP - ok
17:48:10.0046 3396 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
17:48:10.0046 3396 SMBios - ok
17:48:10.0078 3396 smbusp (8c1a8ad2dfe2cfe9f7ae1cee14773b18) C:\WINDOWS\system32\DRIVERS\intelsmb.sys
17:48:10.0093 3396 smbusp - ok
17:48:10.0109 3396 Sparrow - ok
17:48:10.0171 3396 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:48:10.0187 3396 splitter - ok
17:48:10.0250 3396 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:48:10.0265 3396 Spooler - ok
17:48:10.0312 3396 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:48:10.0312 3396 sr - ok
17:48:10.0390 3396 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:48:10.0437 3396 srservice - ok
17:48:10.0562 3396 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:48:10.0562 3396 Srv - ok
17:48:10.0625 3396 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:48:10.0640 3396 SSDPSRV - ok
17:48:10.0765 3396 STHDA (228519217a88c2f6b0cf8c022e6d669c) C:\WINDOWS\system32\drivers\sthda.sys
17:48:10.0843 3396 STHDA - ok
17:48:10.0968 3396 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:48:11.0000 3396 stisvc - ok
17:48:11.0031 3396 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:48:11.0031 3396 streamip - ok
17:48:11.0093 3396 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:48:11.0093 3396 swenum - ok
17:48:11.0109 3396 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:48:11.0125 3396 swmidi - ok
17:48:11.0140 3396 SwPrv - ok
17:48:11.0171 3396 symc810 - ok
17:48:11.0203 3396 symc8xx - ok
17:48:11.0218 3396 SymIM - ok
17:48:11.0250 3396 SymIMMP - ok
17:48:11.0265 3396 sym_hi - ok
17:48:11.0296 3396 sym_u3 - ok
17:48:11.0343 3396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:48:11.0343 3396 sysaudio - ok
17:48:11.0406 3396 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:48:11.0421 3396 SysmonLog - ok
17:48:11.0500 3396 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:48:11.0515 3396 TapiSrv - ok
17:48:11.0578 3396 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:48:11.0640 3396 Tcpip - ok
17:48:11.0703 3396 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:48:11.0703 3396 TDPIPE - ok
17:48:11.0718 3396 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:48:11.0718 3396 TDTCP - ok
17:48:11.0781 3396 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:48:11.0781 3396 TermDD - ok
17:48:11.0828 3396 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:48:11.0890 3396 TermService - ok
17:48:11.0968 3396 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:48:11.0968 3396 Themes - ok
17:48:12.0000 3396 TosIde - ok
17:48:12.0046 3396 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:48:12.0078 3396 TrkWks - ok
17:48:12.0125 3396 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
17:48:12.0125 3396 UBHelper - ok
17:48:12.0203 3396 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:48:12.0203 3396 Udfs - ok
17:48:12.0218 3396 ultra - ok
17:48:12.0296 3396 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:48:12.0343 3396 Update - ok
17:48:12.0484 3396 UPHClean (325fb38c323c63c7f57885b4dfb1b91e) C:\Program Files\UPHClean\uphclean.exe
17:48:12.0515 3396 UPHClean - ok
17:48:12.0546 3396 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:48:12.0593 3396 upnphost - ok
17:48:12.0625 3396 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:48:12.0640 3396 UPS - ok
17:48:12.0687 3396 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:48:12.0687 3396 USBAAPL - ok
17:48:12.0750 3396 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:48:12.0765 3396 usbccgp - ok
17:48:12.0812 3396 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:48:12.0828 3396 usbehci - ok
17:48:12.0843 3396 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:48:12.0843 3396 usbhub - ok
17:48:12.0906 3396 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:48:12.0906 3396 usbprint - ok
17:48:12.0953 3396 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:48:12.0953 3396 usbscan - ok
17:48:13.0015 3396 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:48:13.0015 3396 usbstor - ok
17:48:13.0078 3396 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:48:13.0078 3396 usbuhci - ok
17:48:13.0093 3396 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:48:13.0093 3396 VgaSave - ok
17:48:13.0109 3396 ViaIde - ok
17:48:13.0171 3396 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:48:13.0187 3396 VolSnap - ok
17:48:13.0250 3396 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:48:13.0281 3396 VSS - ok
17:48:13.0343 3396 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:48:13.0390 3396 W32Time - ok
17:48:13.0421 3396 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:48:13.0421 3396 Wanarp - ok
17:48:13.0437 3396 wanatw - ok
17:48:13.0453 3396 WDICA - ok
17:48:13.0515 3396 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:48:13.0531 3396 wdmaud - ok
17:48:13.0578 3396 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:48:13.0609 3396 WebClient - ok
17:48:13.0734 3396 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:48:13.0750 3396 winmgmt - ok
17:48:13.0843 3396 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:48:13.0859 3396 WmdmPmSN - ok
17:48:13.0906 3396 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:48:13.0906 3396 WmiApSrv - ok
17:48:14.0093 3396 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:48:14.0156 3396 WMPNetworkSvc - ok
17:48:14.0203 3396 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:48:14.0218 3396 WpdUsb - ok
17:48:14.0312 3396 WPN111 (75a833b635e093c728f5027b01f8cbb7) C:\WINDOWS\system32\DRIVERS\WPN111.sys
17:48:14.0359 3396 WPN111 - ok
17:48:14.0421 3396 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:48:14.0421 3396 WS2IFSL - ok
17:48:14.0484 3396 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:48:14.0515 3396 wscsvc - ok
17:48:14.0531 3396 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:48:14.0531 3396 WSTCODEC - ok
17:48:14.0593 3396 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:48:14.0609 3396 wuauserv - ok
17:48:14.0671 3396 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:48:14.0671 3396 WudfPf - ok
17:48:14.0718 3396 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:48:14.0718 3396 WudfRd - ok
17:48:14.0781 3396 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:48:14.0796 3396 WudfSvc - ok
17:48:14.0875 3396 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:48:14.0906 3396 WZCSVC - ok
17:48:14.0937 3396 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:48:14.0968 3396 xmlprov - ok
17:48:15.0031 3396 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:48:15.0312 3396 \Device\Harddisk0\DR0 - ok
17:48:15.0328 3396 Boot (0x1200) (7b49db4006973cddef9a9406f0424eac) \Device\Harddisk0\DR0\Partition0
17:48:15.0328 3396 \Device\Harddisk0\DR0\Partition0 - ok
17:48:15.0343 3396 ============================================================
17:48:15.0343 3396 Scan finished
17:48:15.0343 3396 ============================================================
17:48:15.0375 3364 Detected object count: 0
17:48:15.0375 3364 Actual detected object count: 0
Michael D
2012-04-27, 04:04
Hi Jeff,
Okay, firefox is reinstalled and I will go for a few test drives. Where is my horse? :cowboy:
Did I say :thanks: lately?
Well... :thanks: AND...
:rockon:
Michael
Hi Michael,
To retrieve an Avast log do the following:
Right-click on the Avast icon in the system tray.
Select Open Avast Interface
Click on Scan Computer
Select Scan Logs
Open the most recent logs that showed the virus and open them.
Copy/Paste the log into your reply. :)
Michael D
2012-04-27, 18:33
Good Morning Jeff,
I could not figure out how to copy and paste the information. Attached is the scan log main page showing the three recent scans. First the quick scan, then the full scan, then the boot-time scan.
I will attach the others - I got hacked so it might be related to that and not the redirect. I don't want to convolute the thread so let me know ok?
Michael
Michael D
2012-04-27, 18:35
Quick scan
Michael D
2012-04-27, 18:35
Full System Scan
Michael D
2012-04-27, 18:36
Boot-Time Scan
Michael D
2012-04-27, 18:42
I feel like a real pain, and you have said don't worry about it but anyway :confused:
So, these infected files are in the chest, should I leave them there or hit the apply button for another action, or even can I? I don't know what is best, I thought (very dangerous I know!) that them being in the chest was good, but I don't know very much.
Michael
Hi,
Nope...don't worry. You are not a pain. :)
Some of those are just in restore points and when we remove our tools they will be removed. As long as Avast is picking up the infections and you are able to remove them you are fine. As a matter of fact, Avast just picked up one for me too just today. :)
Michael D
2012-04-27, 19:50
Ok, I am baffled about all this...
I did some searches and I am randomly getting thrown around to these rouge sites still.
I have a MSword copy (without the links) of the searches, and a screen shot of another site called Glam - at first glance it looks pretty good but if you look twice it is very poorly put together, not like the one I saw, I think it was Style or something? but that one did look sharp. Anyway this seems a tough nut to crack.
Let me know if this would help you and I can copy/paste or attach whatever.
Bottom line is that I am still getting redirected.
Hi,
I sure appreciate your patience...
RKill
Print out these instructions as we may need to close every window that is open later in the fix.
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
Do not reboot your computer after running rkill as the malware programs will start again.
Please download the following tool. Boot to Safe Mode with Networking and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
Do not reboot your computer after running rkill as the malware programs will start again.
----------
Now...from Safe Mode with Networking open Malwarebytes, update it and run a Full Scan. Save the log.
----------
Run a new scan with ESET online scanner. Save that log as well.
In your next reply please post the new logs made by Malwarebytes and ESET online scanner.
Michael D
2012-04-27, 22:19
I sure appreciate your patience...
I appreciate yours! Thank you!
I don't have a printer so I will have to go old school. :cool:
...and on the hunt for a computer close by - oh yea, my studio computer, that'll work. :bigthumb:
Okay I will get this done and post the results! :thanks:
Michael
Michael D
2012-04-28, 04:01
Well after all that I seem to have lost the online scanner log. :slap:
Here is the rkill log even though you didn't ask for it. I ran this after everything,out of curiosity, but it looked the same as this save the date and time.
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 04/27/2012 at 17:51:28.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
Rkill completed on 04/27/2012 at 17:51:31.
and here is malwarebytes:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.27.10
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Owner :: MICHAEL-9L4P8YF [administrator]
4/27/2012 2:56:30 PM
mbam-log-2012-04-27 (14-56-30).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 329841
Time elapsed: 42 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
I can run another online scan if you need me too. Maybe because I was in safe mode I couldn't access it... but I don't know - the last time I know it was a little tricky to get it first before shutting down the program. Anyway, that is a disappointment. Please let me know, it does take quite some time to do.
Michael
Hi Michael,
Yes it would be good to see....so if you need to run it again please do so. :thanks:
Michael D
2012-04-28, 06:04
Jeff,
Okay I see what happened - I can't click on the scan results in safe mode. I need to get out of safe mode or hope the logfile stays put. I will not uninstall this is sure to help the cause.
Michael
Michael D
2012-04-28, 06:18
Hi again Jeff,
I guess I will not turn the computer off. I can't get the results anyway I know how.
The scan takes about an hour and a half and I don't want to lose it if it is salvageable.
I am in safe mode with networking and the scan has finished - attached is a screen shot if that means anything (probably not). I just can not get to the scan results... The first time we did this, I noticed it at the top left at the last minute before I shut down the program.
Michael
Hi,
Both of those look good. How is your system behaving? Any redirects?
Michael D
2012-04-28, 20:25
The system seems a little slower on the refresh, and things load slower, but this might be my perception. It seems a little sluggish.
I don't know if you changed many settings but this machine was set up as a audio computer originally, I changed the settings so the audio would run better. I have switched machines and have another computer for the studio -
I am not a big computer audio guy either and most of my recording is done old school, but the computer is necessary today.
Sorry for all that unnecessary garble.
...and yes I am still getting redirected --- :sad:
Michael D
2012-04-28, 22:45
Hey Jeff,
Still with me? I know you are doing your best... I wanted to let you know something I have noticed.
I am getting directed as you know. When I click on a link on a search page it goes directly to Happili or similar and if I hit the "go back one page button" and click the link again it goes to the link correctly - I hope this helps.
Michael
Hi Michael,
Yes I am still with you. :) I am getting with a colleague about your system and should hopefully return quickly.
Michael D
2012-04-29, 03:43
Okay thank you, I really appreciate it.
What I do now is I hit the back button and resend it - working so far, but it is not cool to have little bugs about the system - I would love to squash the little buggers.
Michael
Hi,
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please attach the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Michael D
2012-05-01, 00:39
Hi Jeff.
Welcome back. OTL will not run. Please see attached file for error message.
Michael
Michael D
2012-05-01, 01:03
Ok, I am in safe w/networking --- OTL would NOT run right click run as admin - user RTW has admin privileges so I double clicked OTL.exe and it opened. I changed the settings you asked for and the scan started... here is first the...
OTL logfile created on: 4/30/2012 2:48:41 PM - Run 3
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Administrator.MICHAEL-9L4P8YF\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.99 Mb Total Physical Memory | 734.30 Mb Available Physical Memory | 72.42% Memory free
2.39 Gb Paging File | 2.25 Gb Available in Paging File | 94.15% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 43.54 Gb Free Space | 29.21% Space Free | Partition Type: NTFS
Computer Name: MICHAEL-9L4P8YF | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Administrator.MICHAEL-9L4P8YF\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Windows (R) Codename Longhorn DDK provider)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (STacSV) -- C:\WINDOWS\System32\stacsv.exe (IDT, Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (iHCService) Intel(R) -- C:\Program Files\Intel\IDU\IDUServ.exe (OSA Technologies, Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (igfx) -- system32\DRIVERS\igdkmd32.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (ha10kx2k) -- system32\drivers\ha10kx2k.sys File not found
DRV - (emupia) -- system32\drivers\emupia2k.sys File not found
DRV - (CTSBLFX.SYS) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS File not found
DRV - (CTSBLFX) -- system32\drivers\CTSBLFX.SYS File not found
DRV - (ctprxy2k) -- system32\drivers\ctprxy2k.sys File not found
DRV - (CTHWIUT.SYS) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS File not found
DRV - (CTHWIUT) -- system32\drivers\CTHWIUT.SYS File not found
DRV - (CTEXFIFX.SYS) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS File not found
DRV - (CTEXFIFX) -- system32\drivers\CTEXFIFX.SYS File not found
DRV - (CTERFXFX.SYS) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS File not found
DRV - (CTERFXFX) -- system32\drivers\CTERFXFX.SYS File not found
DRV - (CTEDSPSY.SYS) -- C:\WINDOWS\System32\drivers\CTEDSPSY.SYS File not found
DRV - (CTEDSPSY) -- system32\drivers\CTEDSPSY.SYS File not found
DRV - (CTEDSPIO.SYS) -- C:\WINDOWS\System32\drivers\CTEDSPIO.SYS File not found
DRV - (CTEDSPIO) -- system32\drivers\CTEDSPIO.SYS File not found
DRV - (CTEDSPFX.SYS) -- C:\WINDOWS\System32\drivers\CTEDSPFX.SYS File not found
DRV - (CTEDSPFX) -- system32\drivers\CTEDSPFX.SYS File not found
DRV - (CTEAPSFX.SYS) -- C:\WINDOWS\System32\drivers\CTEAPSFX.SYS File not found
DRV - (CTEAPSFX) -- system32\drivers\CTEAPSFX.SYS File not found
DRV - (CTAUDFX.SYS) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS File not found
DRV - (CTAUDFX) -- system32\drivers\CTAUDFX.SYS File not found
DRV - (ctaud2k) Creative Audio Driver (WDM) -- system32\drivers\ctaud2k.sys File not found
DRV - (ctac32k) -- system32\drivers\ctac32k.sys File not found
DRV - (CT20XUT.SYS) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS File not found
DRV - (CT20XUT) -- system32\drivers\CT20XUT.SYS File not found
DRV - (COMMONFX.SYS) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS File not found
DRV - (COMMONFX) -- system32\drivers\COMMONFX.SYS File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (SIODRV) -- C:\WINDOWS\system32\drivers\SIODRV.SYS (Intel Corporation)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.sys (NETGEAR, Inc.)
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (smbusp) Intel(R) -- C:\WINDOWS\system32\drivers\intelsmb.sys (Intel Corporation)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (Avocent/OSA Technologies Inc.)
DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (BrUsbScn) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.)
DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{112404A2-7872-4495-931A-5F5D4CF0DD79}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/15 17:41:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/26 17:56:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/24 11:39:29 | 000,000,000 | ---D | M]
[2012/04/30 14:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.MICHAEL-9L4P8YF\Application Data\Mozilla\Extensions
[2012/04/26 17:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 18:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/17 11:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/04/22 13:07:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212714337317 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212769596000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77B3BB3A-0FAB-42D1-AB17-77A11E5D8029}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5927AE0-655D-4A43-96BF-CDD9CFAB6835}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/05 16:51:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/04/30 14:45:52 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MICHAEL-9L4P8YF\Desktop\OTL.exe
[2012/04/30 14:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MICHAEL-9L4P8YF\My Documents\Downloads
[2012/04/30 14:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MICHAEL-9L4P8YF\Local Settings\Application Data\Mozilla
[2012/04/30 14:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MICHAEL-9L4P8YF\Application Data\Mozilla
[2012/04/27 15:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/26 17:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/26 17:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/24 11:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.1
[2012/04/24 11:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012/04/21 10:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/04/21 10:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/21 10:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2012/04/20 19:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/04/20 19:30:54 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/04/20 19:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/04/20 19:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[8 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/04/30 14:46:04 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MICHAEL-9L4P8YF\Desktop\OTL.exe
[2012/04/30 14:43:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 13:53:10 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/30 06:45:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/26 18:39:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/26 17:56:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/04/26 16:47:46 | 000,000,321 | RHS- | M] () -- C:\boot.ini
[2012/04/26 13:42:14 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/25 13:17:19 | 000,000,054 | ---- | M] () -- C:\WINDOWS\dtodebug.ini
[2012/04/25 13:17:18 | 000,012,852 | ---- | M] () -- C:\WINDOWS\daytimer.ini
[2012/04/25 12:45:06 | 000,000,274 | ---- | M] () -- C:\WINDOWS\DTO2KXSV.INI
[2012/04/25 12:45:03 | 000,000,848 | ---- | M] () -- C:\WINDOWS\DtSync.ini
[2012/04/23 16:42:55 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/04/23 16:42:55 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/04/22 13:07:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/15 04:09:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 15:44:58 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/12 06:14:19 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 06:14:19 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 06:06:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[8 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/04/26 17:56:51 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/26 17:56:51 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/16 07:37:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/18 17:03:25 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011/06/21 12:20:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/21 12:20:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/21 12:20:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/21 12:20:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/21 12:20:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/26 13:33:27 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/26 13:33:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/09/23 17:06:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
========== LOP Check ==========
[2010/02/23 17:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2012/03/26 08:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2010/02/15 14:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/06/11 05:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/06/06 22:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\canonbj
[2008/06/06 22:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\common files
[2012/02/01 20:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2010/03/16 12:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/12/27 10:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fGaPo06300
[2008/06/07 17:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/09/16 10:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2009/12/13 12:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/06/06 22:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\olympus
[2009/10/21 15:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/07/07 20:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/06/06 12:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/22 10:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/19 20:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/02 12:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 15:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 12:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/12 15:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
========== Purity Check ==========
< End of report >
Michael D
2012-05-01, 01:14
The Extras.Txt file doesn't exist as far as my search shows. :sad:
Hi,
Please download and run ERUNT (http://www.snapfiles.com/get/erunt.html) (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{112404A2-7872-4495-931A-5F5D4CF0DD79}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
[8 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2008/06/06 12:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Michael D
2012-05-01, 16:31
Good Morning Jeff,
Just to be sure I am asking this question.
I have minimal output checked and the LOP and Purity boxes should be checked with the copy and paste custom scan?
The second scan (new scan) I have the LOP Check and Purity Check boxes not checked right?
Michael
Hi,
Nope...don't worry about LOP and Purity now. If I need it checked I will let you know beforehand. :)
Michael D
2012-05-01, 19:46
Hi Jeff,
Thank you for the information. Here is the custom scan. New scan to follow in the next post. :bigthumb:
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{112404A2-7872-4495-931A-5F5D4CF0DD79}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{112404A2-7872-4495-931A-5F5D4CF0DD79}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll moved successfully.
C:\Erase307.tmp folder deleted successfully.
C:\Erase5AA.tmp folder deleted successfully.
C:\EraseAA2.tmp folder deleted successfully.
C:\EraseBF5.tmp folder deleted successfully.
C:\EraseD39.tmp folder deleted successfully.
C:\EraseE35.tmp folder deleted successfully.
C:\EraseE74.tmp folder deleted successfully.
C:\EraseFDE.tmp folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\Forum help 4-21-12\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\Forum help 4-21-12\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.MICHAEL-9L4P8YF
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 14085581 bytes
->Flash cache emptied: 41620 bytes
User: All Users
->Flash cache emptied: 35 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: michael delwarte
->Java cache emptied: 146255 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 619057 bytes
User: Owner
->Temp folder emptied: 325136 bytes
->Temporary Internet Files folder emptied: 4024081 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27336756 bytes
->Flash cache emptied: 42949 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19304 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1220291 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 46.00 mb
OTL by OldTimer - Version 3.2.42.2 log created on 05012012_071201
Files\Folders moved on Reboot...
C:\WINDOWS\temp\_avast_\unp210291361.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Michael D
2012-05-01, 20:57
New Scan...
OTL logfile created on: 5/1/2012 9:47:32 AM - Run 4
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.99 Mb Total Physical Memory | 465.59 Mb Available Physical Memory | 45.92% Memory free
2.38 Gb Paging File | 2.02 Gb Available in Paging File | 84.81% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 43.33 Gb Free Space | 29.07% Space Free | Partition Type: NTFS
Computer Name: MICHAEL-9L4P8YF | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files\UPHClean\uphclean.exe (Windows (R) Codename Longhorn DDK provider)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\defs\12050100\algo.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Windows (R) Codename Longhorn DDK provider)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (STacSV) -- C:\WINDOWS\System32\stacsv.exe (IDT, Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (iHCService) Intel(R) -- C:\Program Files\Intel\IDU\IDUServ.exe (OSA Technologies, Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (igfx) -- system32\DRIVERS\igdkmd32.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (ha10kx2k) -- system32\drivers\ha10kx2k.sys File not found
DRV - (emupia) -- system32\drivers\emupia2k.sys File not found
DRV - (CTSBLFX.SYS) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS File not found
DRV - (CTSBLFX) -- system32\drivers\CTSBLFX.SYS File not found
DRV - (ctprxy2k) -- system32\drivers\ctprxy2k.sys File not found
DRV - (CTHWIUT.SYS) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS File not found
DRV - (CTHWIUT) -- system32\drivers\CTHWIUT.SYS File not found
DRV - (CTEXFIFX.SYS) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS File not found
DRV - (CTEXFIFX) -- system32\drivers\CTEXFIFX.SYS File not found
DRV - (CTERFXFX.SYS) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS File not found
DRV - (CTERFXFX) -- system32\drivers\CTERFXFX.SYS File not found
DRV - (CTEDSPSY.SYS) -- C:\WINDOWS\System32\drivers\CTEDSPSY.SYS File not found
DRV - (CTEDSPSY) -- system32\drivers\CTEDSPSY.SYS File not found
DRV - (CTEDSPIO.SYS) -- C:\WINDOWS\System32\drivers\CTEDSPIO.SYS File not found
DRV - (CTEDSPIO) -- system32\drivers\CTEDSPIO.SYS File not found
DRV - (CTEDSPFX.SYS) -- C:\WINDOWS\System32\drivers\CTEDSPFX.SYS File not found
DRV - (CTEDSPFX) -- system32\drivers\CTEDSPFX.SYS File not found
DRV - (CTEAPSFX.SYS) -- C:\WINDOWS\System32\drivers\CTEAPSFX.SYS File not found
DRV - (CTEAPSFX) -- system32\drivers\CTEAPSFX.SYS File not found
DRV - (CTAUDFX.SYS) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS File not found
DRV - (CTAUDFX) -- system32\drivers\CTAUDFX.SYS File not found
DRV - (ctaud2k) Creative Audio Driver (WDM) -- system32\drivers\ctaud2k.sys File not found
DRV - (ctac32k) -- system32\drivers\ctac32k.sys File not found
DRV - (CT20XUT.SYS) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS File not found
DRV - (CT20XUT) -- system32\drivers\CT20XUT.SYS File not found
DRV - (COMMONFX.SYS) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS File not found
DRV - (COMMONFX) -- system32\drivers\COMMONFX.SYS File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (SIODRV) -- C:\WINDOWS\system32\drivers\SIODRV.SYS (Intel Corporation)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.sys (NETGEAR, Inc.)
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (smbusp) Intel(R) -- C:\WINDOWS\system32\drivers\intelsmb.sys (Intel Corporation)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (Avocent/OSA Technologies Inc.)
DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (BrUsbScn) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.)
DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&oe=utf-8&mssrc=ms_chr&mstb=adawaretb&q={searchTerms}
IE - HKCU\..\SearchScopes\{43BA46F2-627A-4BED-8364-37ADC1A00FAE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{7D30BC5A-D1FA-43D4-8EC4-535813D28409}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\..\SearchScopes\{9F89937E-611A-4897-B6F5-89E1CCCD03EC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {fa1cfe8c-66b4-4469-b360-b60c79d70c28}:5.22.35.6030
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/15 17:41:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/26 17:56:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/24 11:39:29 | 000,000,000 | ---D | M]
[2009/01/26 13:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/04/25 22:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\extensions
[2010/04/27 17:59:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/17 19:44:45 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2009/03/15 13:44:17 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\searchplugins\aol-search.xml
[2012/04/26 17:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\119CKROL.DEFAULT\EXTENSIONS\MQXABXKPOG@MQXABXKPOG.ORG.XPI
[2012/04/15 17:41:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/04/20 18:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/17 11:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/05/01 07:12:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212714337317 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212769596000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77B3BB3A-0FAB-42D1-AB17-77A11E5D8029}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5927AE0-655D-4A43-96BF-CDD9CFAB6835}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/05 16:51:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/01 07:12:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/27 15:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/26 17:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/26 17:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/26 17:53:54 | 016,339,280 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 12.0.exe
[2012/04/24 11:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.1
[2012/04/24 11:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012/04/21 10:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Forum help 4-21-12
[2012/04/21 10:40:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/04/21 10:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/04/21 10:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/21 10:27:18 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2012/04/21 10:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2012/04/20 19:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/04/20 19:30:54 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/04/20 19:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/04/20 19:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/04/20 19:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TestApp
========== Files - Modified Within 30 Days ==========
[2012/05/01 09:34:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/01 07:12:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/05/01 06:40:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/01 06:07:54 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/30 19:04:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\dtodebug.ini
[2012/04/30 19:04:21 | 000,012,852 | ---- | M] () -- C:\WINDOWS\daytimer.ini
[2012/04/30 17:48:43 | 000,000,274 | ---- | M] () -- C:\WINDOWS\DTO2KXSV.INI
[2012/04/30 17:48:42 | 000,000,848 | ---- | M] () -- C:\WINDOWS\DtSync.ini
[2012/04/30 14:24:37 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/04/26 18:39:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/26 17:56:51 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/26 17:56:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/04/26 17:53:54 | 016,339,280 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 12.0.exe
[2012/04/26 16:47:46 | 000,000,321 | RHS- | M] () -- C:\boot.ini
[2012/04/26 13:42:14 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/24 12:03:05 | 004,163,282 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FoxitReader51_Manual.pdf
[2012/04/24 11:30:57 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk
[2012/04/23 16:42:55 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/04/23 16:42:55 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/04/21 23:32:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/04/21 23:23:48 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/04/21 10:54:59 | 000,004,712 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2012/04/21 10:40:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/04/21 10:31:37 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/04/21 10:26:44 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2012/04/20 19:30:10 | 000,001,427 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sdsetup.exe.lnk
[2012/04/15 04:09:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 15:44:58 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/12 15:44:55 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/12 06:14:19 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 06:14:19 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 06:06:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/02 23:59:34 | 007,576,952 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\12 - Do What You Gotta Do.mp3
========== Files Created - No Company Name ==========
[2012/04/26 17:56:51 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/26 17:56:51 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/26 17:56:51 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/04/24 12:02:51 | 004,163,282 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FoxitReader51_Manual.pdf
[2012/04/24 11:30:57 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk
[2012/04/21 10:54:59 | 000,004,712 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2012/04/21 10:31:37 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/04/20 19:30:10 | 000,001,427 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sdsetup.exe.lnk
[2012/04/02 23:59:38 | 007,576,952 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\12 - Do What You Gotta Do.mp3
[2012/02/16 07:37:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/18 17:03:25 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011/06/21 12:20:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/21 12:20:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/21 12:20:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/21 12:20:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/21 12:20:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/26 13:33:27 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/26 13:33:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/09/23 17:06:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
< End of report >
Michael D
2012-05-01, 21:56
Sadly... yes there are still redirects to Happili... several searches same thing, when I hit the back button and re-click it goes correct. :sad:
Hi,
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
[2012/04/26 17:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\119CKROL.DEFAULT\EXTENSIONS\MQXABXKPOG@MQXABXKPOG.ORG.XPI
[2012/04/12 15:44:55 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Michael D
2012-05-03, 00:47
Hi Jeff,
Thanks again for taking your time with this. :)
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.MICHAEL-9L4P8YF
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: michael delwarte
->Java cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 287553 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 26778731 bytes
->Flash cache emptied: 1289 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 26.00 mb
OTL by OldTimer - Version 3.2.42.2 log created on 05022012_143743
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Michael D
2012-05-03, 01:26
and here is the new scan log, :thanks:
OTL logfile created on: 5/2/2012 2:48:20 PM - Run 5
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.99 Mb Total Physical Memory | 403.78 Mb Available Physical Memory | 39.82% Memory free
2.38 Gb Paging File | 1.96 Gb Available in Paging File | 82.16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 43.04 Gb Free Space | 28.88% Space Free | Partition Type: NTFS
Computer Name: MICHAEL-9L4P8YF | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files\UPHClean\uphclean.exe (Windows (R) Codename Longhorn DDK provider)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\defs\12050201\algo.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Windows (R) Codename Longhorn DDK provider)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (STacSV) -- C:\WINDOWS\System32\stacsv.exe (IDT, Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (iHCService) Intel(R) -- C:\Program Files\Intel\IDU\IDUServ.exe (OSA Technologies, Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (igfx) -- system32\DRIVERS\igdkmd32.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (ha10kx2k) -- system32\drivers\ha10kx2k.sys File not found
DRV - (emupia) -- system32\drivers\emupia2k.sys File not found
DRV - (CTSBLFX.SYS) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS File not found
DRV - (CTSBLFX) -- system32\drivers\CTSBLFX.SYS File not found
DRV - (ctprxy2k) -- system32\drivers\ctprxy2k.sys File not found
DRV - (CTHWIUT.SYS) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS File not found
DRV - (CTHWIUT) -- system32\drivers\CTHWIUT.SYS File not found
DRV - (CTEXFIFX.SYS) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS File not found
DRV - (CTEXFIFX) -- system32\drivers\CTEXFIFX.SYS File not found
DRV - (CTERFXFX.SYS) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS File not found
DRV - (CTERFXFX) -- system32\drivers\CTERFXFX.SYS File not found
DRV - (CTEDSPSY.SYS) -- C:\WINDOWS\System32\drivers\CTEDSPSY.SYS File not found
DRV - (CTEDSPSY) -- system32\drivers\CTEDSPSY.SYS File not found
DRV - (CTEDSPIO.SYS) -- C:\WINDOWS\System32\drivers\CTEDSPIO.SYS File not found
DRV - (CTEDSPIO) -- system32\drivers\CTEDSPIO.SYS File not found
DRV - (CTEDSPFX.SYS) -- C:\WINDOWS\System32\drivers\CTEDSPFX.SYS File not found
DRV - (CTEDSPFX) -- system32\drivers\CTEDSPFX.SYS File not found
DRV - (CTEAPSFX.SYS) -- C:\WINDOWS\System32\drivers\CTEAPSFX.SYS File not found
DRV - (CTEAPSFX) -- system32\drivers\CTEAPSFX.SYS File not found
DRV - (CTAUDFX.SYS) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS File not found
DRV - (CTAUDFX) -- system32\drivers\CTAUDFX.SYS File not found
DRV - (ctaud2k) Creative Audio Driver (WDM) -- system32\drivers\ctaud2k.sys File not found
DRV - (ctac32k) -- system32\drivers\ctac32k.sys File not found
DRV - (CT20XUT.SYS) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS File not found
DRV - (CT20XUT) -- system32\drivers\CT20XUT.SYS File not found
DRV - (COMMONFX.SYS) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS File not found
DRV - (COMMONFX) -- system32\drivers\COMMONFX.SYS File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (SIODRV) -- C:\WINDOWS\system32\drivers\SIODRV.SYS (Intel Corporation)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.sys (NETGEAR, Inc.)
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (smbusp) Intel(R) -- C:\WINDOWS\system32\drivers\intelsmb.sys (Intel Corporation)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (Avocent/OSA Technologies Inc.)
DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (BrUsbScn) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.)
DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&oe=utf-8&mssrc=ms_chr&mstb=adawaretb&q={searchTerms}
IE - HKCU\..\SearchScopes\{43BA46F2-627A-4BED-8364-37ADC1A00FAE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{7D30BC5A-D1FA-43D4-8EC4-535813D28409}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\..\SearchScopes\{9F89937E-611A-4897-B6F5-89E1CCCD03EC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {fa1cfe8c-66b4-4469-b360-b60c79d70c28}:5.22.35.6030
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/15 17:41:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/26 17:56:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/24 11:39:29 | 000,000,000 | ---D | M]
[2009/01/26 13:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/05/02 14:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\extensions
[2010/04/27 17:59:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/17 19:44:45 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2009/03/15 13:44:17 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\searchplugins\aol-search.xml
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\119CKROL.DEFAULT\EXTENSIONS\MQXABXKPOG@MQXABXKPOG.ORG.XPI
[2012/04/15 17:41:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/04/20 18:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/17 11:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/05/02 14:37:49 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212714337317 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212769596000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77B3BB3A-0FAB-42D1-AB17-77A11E5D8029}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5927AE0-655D-4A43-96BF-CDD9CFAB6835}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/05 16:51:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/01 07:12:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/27 15:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/26 17:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/26 17:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/26 17:53:54 | 016,339,280 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 12.0.exe
[2012/04/24 11:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.1
[2012/04/24 11:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012/04/21 10:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Forum help 4-21-12
[2012/04/21 10:40:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/04/21 10:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/04/21 10:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/21 10:27:18 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2012/04/21 10:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2012/04/20 19:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/04/20 19:30:54 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/04/20 19:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/04/20 19:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/04/20 19:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TestApp
========== Files - Modified Within 30 Days ==========
[2012/05/02 14:42:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/02 14:37:49 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/05/02 14:18:36 | 000,012,852 | ---- | M] () -- C:\WINDOWS\daytimer.ini
[2012/05/02 14:18:36 | 000,000,069 | ---- | M] () -- C:\WINDOWS\dtodebug.ini
[2012/05/02 13:54:50 | 000,000,274 | ---- | M] () -- C:\WINDOWS\DTO2KXSV.INI
[2012/05/02 13:54:48 | 000,000,848 | ---- | M] () -- C:\WINDOWS\DtSync.ini
[2012/05/02 13:51:07 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/02 09:31:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/30 14:24:37 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/04/26 18:39:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/26 17:56:51 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/26 17:56:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/04/26 17:53:54 | 016,339,280 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 12.0.exe
[2012/04/26 16:47:46 | 000,000,321 | RHS- | M] () -- C:\boot.ini
[2012/04/26 13:42:14 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/24 12:03:05 | 004,163,282 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FoxitReader51_Manual.pdf
[2012/04/24 11:30:57 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk
[2012/04/23 16:42:55 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/04/23 16:42:55 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/04/21 23:32:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/04/21 23:23:48 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/04/21 10:54:59 | 000,004,712 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2012/04/21 10:40:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/04/21 10:31:37 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/04/21 10:26:44 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2012/04/20 19:30:10 | 000,001,427 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sdsetup.exe.lnk
[2012/04/15 04:09:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 15:44:58 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/12 06:14:19 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 06:14:19 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 06:06:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/02 23:59:34 | 007,576,952 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\12 - Do What You Gotta Do.mp3
========== Files Created - No Company Name ==========
[2012/04/26 17:56:51 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/26 17:56:51 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/26 17:56:51 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/04/24 12:02:51 | 004,163,282 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FoxitReader51_Manual.pdf
[2012/04/24 11:30:57 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk
[2012/04/21 10:54:59 | 000,004,712 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2012/04/21 10:31:37 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/04/20 19:30:10 | 000,001,427 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sdsetup.exe.lnk
[2012/04/02 23:59:38 | 007,576,952 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\12 - Do What You Gotta Do.mp3
[2012/02/16 07:37:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/18 17:03:25 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011/06/21 12:20:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/21 12:20:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/21 12:20:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/21 12:20:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/21 12:20:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/26 13:33:27 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/26 13:33:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/09/23 17:06:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
< End of report >
Michael D
2012-05-03, 06:17
Hi Jeff,
I don't know if this means anything but it is behaving the same way, click on and it goes to Happili - hit back button click again it goes correct.
BUT the difference is the way the site (Happili) looks it is losing its flair, and the several links with descriptions underneath are gone and there is a gobbledygook warning message and that is all - Please see the attached screen shot if you want.
It seems to be losing power - but I don't know anything about this stuff.
Thank you!
Michael
Hi Michael,
Sorry for the delay...
We need to reset Firefox to defaults...Before we do so be sure that you have all of your passwords saved someplace. There are many many files related to Firefox and finding the culprit will be like finding a pin in a haystack so this is our best option.
Once you have all of your passwords saved someplace safe do the following...
Go to Start >> Run >> copy/paste the following text in the Code Box to the Run bar and press OK
firefox -safe-mode firefox-safe-mode
You will now be looking at a box showing FireFox Safe Mode.
Check all the boxes
Press Make Changes and Restart
Now open Firefox and let me know if you are still being redirected.
Hi,
Are you still with us? :)
Due to lack of feedback, this topic will now be closed.
If you are the original poster and you still require help, please start a new thread.
-------------------