Results 1 to 2 of 2

Thread: Trying to remove Win32/Olmarik.AJL

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Dec 2010
    Posts
    2

    Default Trying to remove Win32/Olmarik.AJL

    Hello everybody,

    I have been infected by this malware Win32/Olmarik.AJL and I cannot manage to remove it from by boot sector, using the most updated version of NOD32.

    I was wondering whether any of you could suggest something I should do.

    I saw there are other two threads on this malware but none of them has been entirely followed up.

    Please find my system info below.

    Many thanks in advance and happy new year!

    Dan

    =================================================



    DDS (Ver_10-12-12.02) - NTFSx86
    Run by gianni at 11:53:28.86 on 26/12/2010
    Internet Explorer: 8.0.6001.18999
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.618 [GMT 1:00]

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\stacsv.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
    C:\Program Files\sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ESET\nod32kui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Eset\nod32.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\gianni\Downloads\dds.com
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.club-vaio.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://www.club-vaio.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\pdfforgeToolbarIE.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
    TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\pdfforgeToolbarIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
    mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
    mRun: [Norton Save and Restore 2.0] "c:\program files\norton save and restore\agent\VProTray.exe"
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SearchSettings] c:\program files\pdfforge toolbar\SearchSettings.exe
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [xswomarcne.exe] "c:\users\gianni\appdata\local\temp\xswomarcne.exe"
    mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
    mRun: [UpdateReminder] c:\program files\eset\UpdateReminder.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\post-i~1.lnk - c:\program files\3m\psnlite\PsnLite.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\imon.dll
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://anakin.esa.int/dana-cached/sc/JuniperSetupClient.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\gianni\appdata\roaming\mozilla\firefox\profiles\c5wtx1zl.default\
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\program files\abn amro e.dentifier2\mozilla\npBECON.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

    ============= SERVICES / DRIVERS ===============

    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-11-4 58472]
    R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2010-12-25 15424]
    R1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus_19917.sys [2010-11-4 34792]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2010-11-4 62568]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-11-4 156776]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2010-12-25 552064]
    R2 Norton Save and Restore;Norton Save and Restore;c:\program files\norton save and restore\agent\VProSvc.exe [2007-2-14 3425632]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-11-4 763112]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-3-5 5189992]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-4-26 74240]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-4-26 43904]
    R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-4-26 31104]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-4-26 807424]
    S2 gupdate1ca7133512ae61a;Google Update Service (gupdate1ca7133512ae61a);c:\program files\google\update\GoogleUpdate.exe [2009-11-29 133104]
    S3 Crscfpreg;Crscfpreg; [x]
    S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2008-3-20 23040]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-3 102448]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-7 21504]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-26 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2009-11-28 745472]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2009-11-28 397312]
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2009-11-28 1089536]
    S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-1-17 722288]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

    =============== Created Last 30 ================

    2010-12-26 10:07:59 -------- d-----w- c:\windows\en
    2010-12-26 10:07:00 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-12-26 10:00:10 -------- d-----w- c:\program files\MSN Toolbar
    2010-12-26 09:59:53 -------- d-----w- c:\program files\Bing Bar Installer
    2010-12-26 09:59:48 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-12-26 09:59:48 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2010-12-26 09:59:48 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-12-26 09:57:52 469256 ----a-w- c:\program files\common files\windows live\.cache\5a7e773a1cba4e32b\InstallManager_WLE_WLE.exe
    2010-12-26 09:56:52 15712 ----a-w- c:\program files\common files\windows live\.cache\37ebaa8a1cba4e31f\MeshBetaRemover.exe
    2010-12-26 09:55:54 94040 ----a-w- c:\program files\common files\windows live\.cache\151c694a1cba4e318\DSETUP.dll
    2010-12-26 09:55:54 525656 ----a-w- c:\program files\common files\windows live\.cache\151c694a1cba4e318\DXSETUP.exe
    2010-12-26 09:55:54 1691480 ----a-w- c:\program files\common files\windows live\.cache\151c694a1cba4e318\dsetup32.dll
    2010-12-26 09:55:50 94040 ----a-w- c:\program files\common files\windows live\.cache\11f6230a1cba4e317\DSETUP.dll
    2010-12-26 09:55:50 525656 ----a-w- c:\program files\common files\windows live\.cache\11f6230a1cba4e317\DXSETUP.exe
    2010-12-26 09:55:50 1691480 ----a-w- c:\program files\common files\windows live\.cache\11f6230a1cba4e317\dsetup32.dll
    2010-12-26 09:53:18 -------- d-----w- c:\users\gianni\appdata\local\Windows Live
    2010-12-26 09:51:50 754688 ----a-w- c:\windows\system32\webservices.dll
    2010-12-25 11:28:39 512096 ----a-w- c:\windows\system32\drivers\amon.sys
    2010-12-25 11:28:39 298104 ----a-w- c:\windows\system32\imon.dll
    2010-12-25 11:28:39 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
    2010-12-25 11:27:28 -------- d-----w- c:\program files\ESET
    2010-12-25 11:02:44 -------- d-----w- c:\users\gianni\appdata\roaming\595943F9BDD4F49EF8976EEFFF6E676A
    2010-12-24 08:46:30 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{feab9cd0-1c15-47d4-8d57-451bd16ab3fe}\mpengine.dll
    2010-12-15 08:13:19 66048 ----a-w- c:\program files\windows mail\wabmig.exe
    2010-12-15 08:13:19 515584 ----a-w- c:\program files\windows mail\wab.exe
    2010-12-15 08:13:18 33280 ----a-w- c:\program files\windows mail\wabfind.dll
    2010-12-15 08:13:14 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-12-15 08:13:08 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-12-15 08:13:08 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-12-15 08:13:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-12-15 08:13:06 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-12-15 08:13:06 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-12-15 08:10:49 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2010-12-02 23:05:25 -------- d-----w- C:\Photo

    ==================== Find3M ====================

    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe

    ============= FINISH: 11:54:32.45 ===============

  2. #2
    Junior Member
    Join Date
    Dec 2010
    Posts
    2

    Default Working Solution

    Hello,

    I thought it was useful to share that I have been able to solve the problem above using the guidelines at the following URL:


    Cheers,

    Dan
    Last edited by tashi; 2010-12-26 at 17:29. Reason: Removed tool referral as per FAQ ;-)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •