Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Browser redirecting / unable to install / run anti spyware programs

This is a discussion on Browser redirecting / unable to install / run anti spyware programs within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi there, had a look through the other threads and it seems like you guys really do help ppl out


 
 
Thread Tools Search this Thread
Old 07-27-2009, 02:30 PM   #1
Guest
 
Join Date: Jul 2009
Posts: 10
OS:



Hi there, had a look through the other threads and it seems like you guys really do help ppl out so hopefully you can help me too!

I have a brand new laptop, 1 week old and I have downloaded only a handful of programs onto it since ive had it plus standard internet browsing. I did use bit torrect twice to download a program and the problems started after that.

I have since uninstalled bit torrent and installed avira anti virus, spywareblaster and online armor. I had tried numerous times to download malwarebytes and superantispyware but both have downloaded but either failed post installation (malwarebytes) or during installation (superantispyware). I tried to download AVG before Avira but that had the same problem failing mid installation saying it couldnt connect to the interent when i was clearly connected.

I have also tried to run online virus scans. All I tried failed except for f secure which located and deleted some suspect files. All the files my anti virus softwares have found and deleted have made no difference to the problem.

The problem! When using google or just clicking links I am redirecting to random pages.

Any help would be greatly apprieciated thankyou.

Attached and zipped are ark.txt and attach.txt.

below is DDS.tx copied and pasted as requested. thanks

DDS (Ver_09-06-26.01) - NTFSx86
Run by Will at 21:03:36.78 on 27/07/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3062.1726 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k rpcss
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\SLsvc.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\TUProgSt.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Users\Will\Desktop\dds.scr
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Will\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\OAui.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 85.255.112.154,85.255.112.227
TCP: {3E955844-C532-4812-9414-00C0494E1E6A} = 85.255.112.154,85.255.112.227
TCP: {ABABCFA4-72E6-4667-9AE9-9008E33FED30} = 85.255.112.154,85.255.112.227
TCP: {F06DEC4F-81D1-41C4-BF4B-A59849391C96} = 85.255.112.154,85.255.112.227
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: DeviceNP - DeviceNP.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\will\appdata\roaming\mozilla\firefox\profiles\h2fow90e.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-7-27 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-7-27 24656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-27 108289]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-7-27 362184]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-11-22 540448]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-7-27 604488]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-11-22 193840]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2009-7-27 30800]
S2 rpcnetp;rpcnetp;c:\windows\system32\rpcnetp.exe --> c:\windows\system32\rpcnetp.exe [?]
S2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-7-27 3142344]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-6-8 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-6-8 172131]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]

=============== Created Last 30 ================

2009-07-27 20:44 <DIR> --d----- c:\programdata\F-Secure
2009-07-27 20:44 <DIR> --d----- c:\progra~2\F-Secure
2009-07-27 20:38 <DIR> --d----- c:\users\will\.housecall6.6
2009-07-27 20:24 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 20:24 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-27 20:24 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-27 20:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 20:24 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-27 20:05 604,488 a------- c:\windows\system32\TUProgSt.exe
2009-07-27 20:05 29,000 a------- c:\windows\system32\uxtuneup.dll
2009-07-27 20:05 17,224 a------- c:\windows\system32\authuitu.dll
2009-07-27 20:05 361,288 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-27 20:05 <DIR> --d----- c:\users\will\appdata\roaming\TuneUp Software
2009-07-27 20:04 <DIR> --d----- c:\programdata\TuneUp Software
2009-07-27 20:04 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-07-27 20:04 <DIR> --d----- c:\progra~2\TuneUp Software
2009-07-27 20:04 <DIR> --dsh--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-27 20:04 <DIR> --dsh--- c:\progra~2\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-27 19:34 <DIR> --d----- c:\users\will\appdata\roaming\OnlineArmor
2009-07-27 19:34 <DIR> --d----- c:\programdata\OnlineArmor
2009-07-27 19:34 <DIR> --d----- c:\progra~2\OnlineArmor
2009-07-27 19:33 30,800 a------- c:\windows\system32\drivers\OAnet.sys
2009-07-27 19:33 24,656 a------- c:\windows\system32\drivers\OAmon.sys
2009-07-27 19:33 200,784 a------- c:\windows\system32\drivers\OADriver.sys
2009-07-27 19:33 <DIR> --d----- c:\program files\Tall Emu
2009-07-27 18:48 <DIR> --d----- c:\users\will\appdata\roaming\SUPERAntiSpyware.com
2009-07-27 18:48 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-27 18:47 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-27 18:35 <DIR> a-d----- c:\programdata\TEMP
2009-07-27 18:35 <DIR> --d----- c:\program files\SpywareBlaster
2009-07-27 18:01 261,527,664 a------- c:\windows\MEMORY.DMP
2009-07-27 17:44 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-27 17:44 <DIR> --d----- c:\programdata\Avira
2009-07-27 17:44 <DIR> --d----- c:\program files\Avira
2009-07-27 17:44 <DIR> --d----- c:\progra~2\Avira
2009-07-27 15:31 <DIR> --d----- c:\users\will\appdata\roaming\Spotify
2009-07-27 15:30 <DIR> --d----- c:\program files\Spotify
2009-07-27 12:40 <DIR> --d----- c:\users\will\DoctorWeb
2009-07-27 12:17 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-27 11:41 <DIR> --d----- c:\users\will\appdata\roaming\AVG8
2009-07-24 17:39 32,592 a------- c:\windows\system32\msonpmon.dll
2009-07-24 17:33 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-07-24 12:18 <DIR> --d----- c:\program files\VideoLAN
2009-07-24 12:11 0 a---h--- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-24 12:06 <DIR> --d----- c:\users\will\{ddbee589-8d8d-4eeb-9e97-e1ada599f109}
2009-07-24 12:05 <DIR> --d----- c:\program files\common files\PCSuite
2009-07-24 12:05 <DIR> --d----- c:\program files\common files\Nokia
2009-07-24 12:04 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-24 12:04 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-07-23 23:03 0 a---h--- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-07-23 23:02 <DIR> --d----- c:\programdata\PC Suite
2009-07-23 22:57 91,136 a------- c:\windows\system32\nmwcdcls.dll
2009-07-23 22:57 <DIR> --d----- c:\program files\Nokia
2009-07-23 22:57 <DIR> --d----- c:\programdata\Installations
2009-07-23 00:01 3,131 a------- c:\windows\bthservsdp.dat
2009-07-22 18:37 <DIR> --d----- c:\users\will\appdata\roaming\BitTorrent
2009-07-22 18:34 <DIR> --d----- c:\program files\BitTorrent
2009-07-22 18:02 2,048 a------- c:\windows\system32\tzres.dll
2009-07-22 17:52 622,080 a------- c:\windows\system32\icardagt.exe
2009-07-22 17:52 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-22 17:52 97,800 a------- c:\windows\system32\infocardapi.dll
2009-07-22 17:52 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-07-22 17:52 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-07-22 17:52 11,264 a------- c:\windows\system32\icardres.dll
2009-07-22 17:52 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-07-22 17:52 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-07-22 17:48 96,760 a------- c:\windows\system32\dfshim.dll
2009-07-22 17:48 282,112 a------- c:\windows\system32\mscoree.dll
2009-07-22 17:48 41,984 a------- c:\windows\system32\netfxperf.dll
2009-07-22 17:48 158,720 a------- c:\windows\system32\mscorier.dll
2009-07-22 17:48 83,968 a------- c:\windows\system32\mscories.dll
2009-07-22 17:47 <DIR> --d----- c:\program files\MSXML 4.0
2009-07-22 17:45 2,868,736 a------- c:\windows\system32\mf.dll
2009-07-22 17:44 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-07-22 17:44 72,704 a------- c:\windows\system32\secur32.dll
2009-07-22 17:44 24,064 a------- c:\windows\system32\amxread.dll
2009-07-22 17:44 13,824 a------- c:\windows\system32\apilogen.dll
2009-07-22 17:44 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-07-22 17:44 2,927,104 a------- c:\windows\explorer.exe
2009-07-22 17:41 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-07-22 17:36 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-07-22 17:36 83,456 a------- c:\windows\system32\wudriver.dll
2009-07-22 17:36 162,064 a------- c:\windows\system32\wuwebv.dll
2009-07-22 17:36 31,232 a------- c:\windows\system32\wuapp.exe
2009-07-22 17:29 384 a------- c:\windows\myClean.bat
2009-07-22 17:27 <DIR> --d----- c:\users\will\Bluetooth Software
2009-07-22 17:26 44 a------- c:\windows\system\hpsysdrv.dat
2009-07-22 17:21 80,936 a------- c:\windows\system32\drivers\btwavdt.sys
2009-07-22 17:21 80,424 a------- c:\windows\system32\drivers\btwaudio.sys
2009-07-22 17:21 16,168 a------- c:\windows\system32\drivers\btwrchid.sys
2009-07-22 17:21 233,472 a------- c:\windows\system32\BtwRSupport.dll
2009-07-22 17:21 <DIR> --d----- c:\windows\system32\es-MX
2009-07-22 17:21 <DIR> --d----- c:\windows\system32\es-AR
2009-07-22 17:21 <DIR> --d----- c:\program files\WIDCOMM
2009-07-22 17:18 204,800 a------- c:\windows\system32\IVIresizeW7.dll
2009-07-22 17:18 200,704 a------- c:\windows\system32\IVIresizeA6.dll
2009-07-22 17:18 192,512 a------- c:\windows\system32\IVIresizeP6.dll
2009-07-22 17:18 192,512 a------- c:\windows\system32\IVIresizeM6.dll
2009-07-22 17:18 188,416 a------- c:\windows\system32\IVIresizePX.dll
2009-07-22 17:18 20,480 a------- c:\windows\system32\IVIresize.dll
2009-07-22 17:16 <DIR> --d----- c:\program files\common files\InterVideo
2009-07-22 17:16 <DIR> --d----- c:\program files\InterVideo
2009-07-22 17:16 0 a--shr-- c:\windows\system32\drivers\103C_HP_bNB_550_Y5336AN_0U_QCNU9124R5Y_E489318-A42_4A_I3618_SHP_V12.01_68MVU F.06_T090225_WV3-1_L409_M3063_J250_7Intel_86FD_91.80_#081121_N_(NN313EA#ABU)_XMOBILE_CN10_Z_2F.06_G80862A12;80862A13.MRK
2009-07-22 17:15 <DIR> --d----- c:\users\Will

==================== Find3M ====================

2009-07-27 19:44 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-07-27 19:34 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-27 19:34 51,200 a------- c:\windows\inf\infpub.dat
2009-07-27 19:34 86,016 a------- c:\windows\inf\infstor.dat
2009-06-15 16:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 16:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 16:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 13:52 289,792 a------- c:\windows\system32\atmfd.dll
2009-05-11 12:47 1,302,600 a------- c:\windows\system32\WUDFUpdate_01007.dll
2008-11-22 08:44 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:03:54.69 ===============
Attached Files
File Type: zip ark.zip (783 Bytes, 18 views)
File Type: zip Attach.zip (3.0 KB, 15 views)
w.k.bradley is offline  
Sponsored Links
Advertisement
 
Old 07-28-2009, 07:06 PM   #2
Security Team
Analyst
 
thewall's Avatar
 
Join Date: Jun 2009
Location: Florida
Posts: 981
OS: Windows XP, Windows 7, Windows 8



Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.
__________________
thewall is offline  
Old 07-29-2009, 04:01 AM   #3
Guest
 
Join Date: Jul 2009
Posts: 10
OS:



Thats great, thankyou for your time much apprieciated!
w.k.bradley is offline  
Sponsored Links
Advertisement
 
Old 07-29-2009, 06:36 AM   #4
Security Team
Analyst
 
thewall's Avatar
 
Join Date: Jun 2009
Location: Florida
Posts: 981
OS: Windows XP, Windows 7, Windows 8



Please do the following:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all six boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
__________________
thewall is offline  
Old 07-30-2009, 03:21 AM   #5
Guest
 
Join Date: Jul 2009
Posts: 10
OS:



Hi there below is the rootrepeal log pasted. Thanks!

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/30 10:01
Program Version: Version 1.3.3.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\windows\System32\Drivers\dump_iaStor.sys
Address: 0x8AB0A000 Size: 843776 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\windows\system32\drivers\rootrepeal.sys
Address: 0xB2BB7000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{11990f29-7b95-11de-b82f-00247e4004c5}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7d220713-7add-11de-bd87-00247e4004c5}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8f9bde35-7ae1-11de-8fd3-00247e4004c5}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{dde70167-7b57-11de-9d4b-00247e4004c5}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\System32\ESQULolievkfobpupyekrsknvwebfsgmaephq.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\ESQULuxpxivotxttdboyipixxdylpblcdypqa.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\ESQULzcounter
Status: Invisible to the Windows API!

Path: C:\Program Files\Windows Media Player\Network Sharing\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\System32\drivers\ESQULrxmeqcmuitnjnccecnjmqmswwdsfslru.sys
Status: Invisible to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6000.16386_none_ce9b7ddbcb9fa3ba\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6000.16720_none_ce96043fcba4732e\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6000.20883_none_b7ce1ae3e546b821\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6001.18111_none_ce70e8f5cbf67fcf\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.0.6001.22230_none_b7a55991e59bf8e2\CORPER~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.22230_none_599095f00849688b\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_fae80e68066f4ac7\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_2e6f68d711833115\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_2eb424f22ad51329\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_2ff255b70ef48daa\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_30df444827c761d0\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.20864_none_24101549d032590a\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_c4f661e592b1c88e\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_c53b1e00ac03aaa2\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_c6794ec590232523\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_c7663d56a8f5f949\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_cab9e41b8efd69ed\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_cafea036a84f4c01\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_cc3cd0fb8c6ec682\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_cd29bf8ca5419aa8\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_f87832f6f02b1a0c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_f8bcef12097cfc20\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_f9fb1fd6ed9c76a1\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_74dcd7a292078251\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_752193bdab596465\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_765fc4828f78dee6\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_774cb313a84bb30c\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7cb07809421da431\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.20883_none_65e88ead5bbfe924\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ddac10e22fd3c967\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ddd4d2342f7e88a6\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_f477a046162e5054\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_7ab8208b3397ed7d\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_7afcdca64ce9cf91\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_7c3b0d6b31094a12\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_7d27fbfc49dc1e38\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_807ba2c12fe38edc\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_80c05edc493570f0\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_81fe8fa12d54eb71\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_82eb7e324627bf97\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_c71adcbf2e98b7f5\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_c75f98da47ea9a09\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_c89dc99f2c0a148a\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_c98ab83044dce8b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.16708_none_9958372092944487\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.20864_none_999cf33babe6269b\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.18096_none_9adb24009005a11c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.22208_none_9bc81291a8d87542\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.16708_none_23cb592eb6e076f6\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_b25b01638e2dbfa3\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_b29fbd7ea77fa1b7\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_b3ddee438b9f1c38\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_b4cadcd4a471f05e\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_c1843fad322b4004\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_c1843fad322b4004\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_c1c8fbc84b7d2218\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_c1c8fbc84b7d2218\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_c3072c8d2f9c9c99\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_c3072c8d2f9c9c99\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_c3f41b1e486f70bf\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_c3f41b1e486f70bf\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_c5e14f032f533a9c\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_c6260b1e48a51cb0\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_c7643be32cc49731\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.18096_none_254e460eb451d38b\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.22208_none_263b349fcd24a7b1\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_c8df4fb390304286\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_c8df4fb390304286\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_c9240bcea982249a\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_c9240bcea982249a\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_ca623c938da19f1b\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_ca623c938da19f1b\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_cb4f2b24a6747341\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_cb4f2b24a6747341\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_c8512a7445976b57\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_3432eb0d0dced274\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_3477a7282720b488\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_35b5d7ed0b402f09\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_36a2c67e2413032f\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NETFramework\CORPER~1.H
Status: Locked to the Windows API!

Path: c:\programdata\avira\antivir desktop\temp\avguard.tmp
Status: Allocation size mismatch (API: 106758144, Raw: 0)

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MICROS~1.TAS
Status: Locked to the Windows API!

Path: c:\windows\system32\logfiles\scm\scm.evm
Status: Allocation size mismatch (API: 1048576, Raw: 491520)

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Windows\inf\MSDTC Bridge 3.0.0.0\0000\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\inf\ServiceModelEndpoint 3.0.0.0\0000\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\inf\ServiceModelOperation 3.0.0.0\0000\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\inf\ServiceModelService 3.0.0.0\0000\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.SecuriProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1308 Status: Locked to the Windows API!

SSDT
-------------------
#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9cae60

#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c9da0

#: 022 Function Name: NtAlpcCreatePort
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c9460

#: 042 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9cb5c0

#: 054 Function Name: NtConnectPort
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c9610

#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d80d0

#: 064 Function Name: NtCreateKey
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d6430

#: 071 Function Name: NtCreatePort
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c92c0

#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c6580

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c6960

#: 075 Function Name: NtCreateSection
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c6060

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8bc2cddc

#: 116 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c85a0

#: 122 Function Name: NtDeleteFile
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d8b50

#: 123 Function Name: NtDeleteKey
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d69e0

#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d7330

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c8fe0

#: 133 Function Name: NtEnumerateKey
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d8070

#: 136 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d80a0

#: 165 Function Name: NtLoadDriver
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9ca5d0

#: 166 Function Name: NtLoadKey
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d7780

#: 186 Function Name: NtOpenFile
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d8760

#: 189 Function Name: NtOpenKey
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d6c20

#: 194 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8bc2cdc8

#: 197 Function Name: NtOpenSection
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c6300

#: 201 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x8bc2cdcd

#: 210 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9cb250

#: 218 Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9caa10

#: 234 Function Name: NtQueryKey
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d8010

#: 252 Function Name: NtQueryValueKey
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d8040

#: 255 Function Name: NtQueueApcThread
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9cb740

#: 268 Function Name: NtReplaceKey
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d7b20

#: 276 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9ca180

#: 280 Function Name: NtRestoreKey
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d7d80

#: 282 Function Name: NtResumeThread
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c8c90

#: 283 Function Name: NtSaveKey
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d7ff0

#: 286 Function Name: NtSecureConnectPort
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c99d0

#: 289 Function Name: NtSetContextThread
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c83c0

#: 301 Function Name: NtSetInformationFile
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d8e10

#: 317 Function Name: NtSetSystemInformation
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c8720

#: 324 Function Name: NtSetValueKey
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9d6c40

#: 326 Function Name: NtShutdownSystem
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9ca4d0

#: 330 Function Name: NtSuspendProcess
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c8e40

#: 331 Function Name: NtSuspendThread
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c8ac0

#: 332 Function Name: NtSystemDebugControl
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c8900

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8bc2cdd7

#: 335 Function Name: NtTerminateThread
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c81a0

#: 342 Function Name: NtUnloadDriver
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9ca7f0

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9cb400

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c7c80

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c6e60

Stealth Objects
-------------------
Object: Hidden Module [Name: ESQULolievkfobpupyekrsknvwebfsgmaephq.dll]
Process: svchost.exe (PID: 872) Address: 0x10000000 Size: 57344

Object: Hidden Module [Name: ESQULuxpxivotxttdboyipixxdylpblcdypqa.dll]
Process: firefox.exe (PID: 3616) Address: 0x00cd0000 Size: 237568

Hidden Services
-------------------
Service Name: ESQULserv.sys
Image Path: C:\windows\system32\drivers\ESQULrxmeqcmuitnjnccecnjmqmswwdsfslru.sys

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c48b0

#: 241 Function Name: NtGdiOpenDCW
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c4d70

#: 317 Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c1d50

#: 320 Function Name: NtUserBlockInput
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c37d0

#: 329 Function Name: NtUserCallHwndParamLock
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c3350

#: 334 Function Name: NtUserCallTwoParam
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c41c0

#: 397 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c2770

#: 403 Function Name: NtUserGetClipboardData
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c3a80

#: 415 Function Name: NtUserGetDC
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c4590

#: 428 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c2640

#: 430 Function Name: NtUserGetKeyState
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c2510

#: 454 Function Name: NtUserGetWindowDC
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c4720

#: 479 Function Name: NtUserMessageCall
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c28a0

#: 484 Function Name: NtUserMoveWindow
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c3da0

#: 497 Function Name: NtUserPostMessage
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c2ca0

#: 498 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c3000

#: 513 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c1bf0

#: 525 Function Name: NtUserSendInput
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c35a0

#: 532 Function Name: NtUserSetClipboardViewer
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c3940

#: 550 Function Name: NtUserSetParent
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c3bd0

#: 568 Function Name: NtUserSetWindowPos
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c4090

#: 572 Function Name: NtUserSetWindowsHookAW
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c1740

#: 573 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c1360

#: 576 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c19a0

#: 579 Function Name: NtUserShowWindow
Status: Hooked by "C:\windows\system32\drivers\OADriver.sys" at address 0x8f9c3fc0

==EOF==
w.k.bradley is offline  
Old 07-31-2009, 06:12 AM   #6
Security Team
Analyst
 
thewall's Avatar
 
Join Date: Jun 2009
Location: Florida
Posts: 981
OS: Windows XP, Windows 7, Windows 8



Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
  • Double click on ComboFix.exe & follow the prompts.


When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
__________________
thewall is offline  
Old 07-31-2009, 11:21 AM   #7
Guest
 
Join Date: Jul 2009
Posts: 10
OS:



ComboFix 09-07-29.04 - Will 31/07/2009 17:47.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3062.2218 [GMT 1:00]
Running from: c:\users\Will\Desktop\CombiFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
The following files were disabled during the run:
c:\program files\Tall Emu\Online Armor\OAwatch.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1160142273-2939523366-537080702-500
c:\$recycle.bin\S-1-5-21-3301516528-2256398539-3239164289-500
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\Installer\2aecbf.msi
c:\windows\system32\ESQULzcounter
F:\Autorun.inf


.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-31 16:53 . 2009-07-31 17:16 -------- d-----w- c:\users\Will\AppData\Local\temp
2009-07-31 16:36 . 2009-07-31 16:36 -------- d-----w- c:\users\Will\AppData\Roaming\Malwarebytes
2009-07-31 15:38 . 2009-07-31 16:54 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-07-29 20:15 . 2009-07-29 20:15 -------- d-----w- c:\users\Will\AppData\Local\Google
2009-07-29 20:15 . 2009-07-29 20:15 -------- d-----w- c:\program files\Google
2009-07-27 19:44 . 2009-07-27 19:44 -------- d-----w- c:\progra~2\F-Secure
2009-07-27 19:05 . 2009-07-27 19:05 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-27 19:05 . 2009-07-15 10:48 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-07-27 19:05 . 2009-07-15 10:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-27 19:05 . 2009-07-27 19:05 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-27 19:05 . 2009-07-27 19:05 -------- d-----w- c:\users\Will\AppData\Roaming\TuneUp Software
2009-07-27 19:04 . 2009-07-27 19:05 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-27 19:04 . 2009-07-27 19:04 -------- d-----w- c:\progra~2\TuneUp Software
2009-07-27 19:04 . 2009-07-27 19:04 -------- d-sh--w- c:\progra~2\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-27 18:34 . 2009-07-27 20:37 -------- d-----w- c:\progra~2\OnlineArmor
2009-07-27 18:34 . 2009-07-27 18:34 -------- d-----w- c:\users\Will\AppData\Roaming\OnlineArmor
2009-07-27 18:33 . 2009-07-11 04:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-07-27 18:33 . 2009-07-11 04:17 30800 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-07-27 18:33 . 2009-07-11 04:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-07-27 18:33 . 2009-07-27 18:33 -------- d-----w- c:\program files\Tall Emu
2009-07-27 17:48 . 2009-07-27 17:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-27 17:48 . 2009-07-27 17:48 -------- d-----w- c:\users\Will\AppData\Roaming\SUPERAntiSpyware.com
2009-07-27 17:47 . 2009-07-27 17:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\SpywareBlaster
2009-07-27 16:44 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-27 16:44 . 2009-03-24 15:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-27 16:44 . 2009-07-27 16:44 -------- d-----w- c:\program files\Avira
2009-07-27 16:44 . 2009-07-27 16:44 -------- d-----w- c:\progra~2\Avira
2009-07-27 14:31 . 2009-07-27 14:56 -------- d-----w- c:\users\Will\AppData\Roaming\Spotify
2009-07-27 14:31 . 2009-07-27 14:31 -------- d-----w- c:\users\Will\AppData\Local\Spotify
2009-07-27 14:30 . 2009-07-27 14:30 -------- d-----w- c:\program files\Spotify
2009-07-27 11:17 . 2009-07-27 11:16 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-27 10:41 . 2009-07-27 10:41 -------- d-----w- c:\users\Will\AppData\Roaming\AVG8
2009-07-24 16:39 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-07-24 16:33 . 2009-07-24 16:33 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-24 16:33 . 2009-07-24 16:33 -------- d-----w- c:\users\Will\AppData\Local\Microsoft Help
2009-07-24 16:32 . 2009-07-24 16:32 -------- d--h--r- C:\MSOCache
2009-07-24 11:20 . 2009-07-24 11:22 -------- d-----w- c:\users\Will\AppData\Roaming\vlc
2009-07-24 11:18 . 2009-07-24 11:18 -------- d-----w- c:\program files\VideoLAN
2009-07-24 11:05 . 2009-07-24 11:05 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-24 11:05 . 2009-07-24 11:05 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-24 11:04 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-24 11:04 . 2009-07-24 11:04 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-23 22:02 . 2009-07-23 22:03 -------- d-----w- c:\users\Will\AppData\Roaming\PC Suite
2009-07-23 22:02 . 2009-07-27 18:46 -------- d-----w- c:\progra~2\PC Suite
2009-07-23 22:02 . 2009-07-24 10:30 -------- d-----w- c:\users\Will\AppData\Roaming\Nokia
2009-07-23 22:02 . 2009-07-24 11:04 -------- d-----w- c:\program files\DIFX
2009-07-23 22:01 . 2009-07-24 11:04 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-23 21:57 . 2009-07-24 11:00 -------- d-----w- c:\program files\Nokia
2009-07-23 21:57 . 2009-02-09 07:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-07-23 21:57 . 2009-07-24 10:48 -------- d-----w- c:\progra~2\Installations
2009-07-22 23:01 . 2009-07-31 16:45 3131 ----a-w- c:\windows\bthservsdp.dat
2009-07-22 17:37 . 2009-07-27 20:00 -------- d-----w- c:\users\Will\AppData\Roaming\BitTorrent
2009-07-22 17:34 . 2009-07-27 20:00 -------- d-----w- c:\program files\BitTorrent
2009-07-22 17:02 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-22 16:52 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-22 16:52 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-22 16:52 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-22 16:52 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-22 16:52 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-22 16:52 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-22 16:52 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-22 16:48 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-22 16:48 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-22 16:48 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-22 16:48 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-22 16:48 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-22 16:47 . 2009-07-22 16:47 -------- d-----w- c:\program files\MSXML 4.0
2009-07-22 16:45 . 2008-06-23 01:59 2868736 ----a-w- c:\windows\system32\mf.dll
2009-07-22 16:44 . 2009-02-13 08:49 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-07-22 16:44 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-07-22 16:44 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-07-22 16:44 . 2009-02-13 08:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-07-22 16:44 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-07-22 16:44 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2009-07-22 16:41 . 2008-09-10 03:40 1334272 ----a-w- c:\windows\system32\msxml6.dll
2009-07-22 16:38 . 2009-07-22 16:38 -------- d-----w- c:\users\Will\AppData\Local\Mozilla
2009-07-22 16:36 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-07-22 16:36 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-07-22 16:36 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-07-22 16:36 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-07-22 16:36 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-07-22 16:36 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-07-22 16:36 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-07-22 16:36 . 2008-10-16 13:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-07-22 16:36 . 2008-10-16 12:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-07-22 16:29 . 2008-04-21 07:28 384 ----a-w- c:\windows\myClean.bat
2009-07-22 16:27 . 2009-07-22 16:27 -------- d-----w- c:\users\Will\Bluetooth Software
2009-07-22 16:27 . 2009-07-22 16:27 115312 ----a-w- c:\users\Will\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-22 16:26 . 2009-07-22 16:26 44 ----a-w- c:\windows\system\hpsysdrv.dat
2009-07-22 16:24 . 2009-07-23 22:04 -------- d-----w- c:\users\Will\AppData\Roaming\Hewlett-Packard
2009-07-22 16:21 . 2008-04-22 07:46 80936 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2009-07-22 16:21 . 2008-04-22 07:46 80424 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2009-07-22 16:21 . 2008-04-22 07:46 16168 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2009-07-22 16:21 . 2008-04-22 07:46 233472 ----a-w- c:\windows\system32\BtwRSupport.dll
2009-07-22 16:21 . 2009-07-22 16:21 -------- d-----w- c:\windows\system32\es-MX
2009-07-22 16:21 . 2009-07-22 16:21 -------- d-----w- c:\windows\system32\es-AR
2009-07-22 16:21 . 2009-07-22 16:21 -------- d-----w- c:\program files\WIDCOMM
2009-07-22 16:18 . 2002-11-22 01:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-07-22 16:18 . 2002-11-22 01:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-07-22 16:18 . 2002-11-22 01:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-07-22 16:18 . 2002-11-22 01:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-07-22 16:18 . 2002-11-22 01:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-07-22 16:18 . 2002-11-22 01:57 20480 ----a-w- c:\windows\system32\IVIresize.dll
2009-07-22 16:16 . 2009-07-22 16:18 -------- d-----w- c:\program files\Common Files\InterVideo
2009-07-22 16:16 . 2009-07-22 16:18 -------- d-----w- c:\program files\InterVideo
2009-07-22 16:16 . 2009-07-22 16:16 -------- d-----w- c:\users\Will\AppData\Roaming\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 16:55 . 2008-04-17 10:29 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-07-29 20:19 . 2009-07-29 20:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-27 19:52 . 2008-11-22 08:49 -------- d-----w- c:\program files\Java
2009-07-24 16:39 . 2008-11-22 08:21 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-24 16:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-07-24 11:11 . 2009-07-24 11:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-23 22:03 . 2009-07-23 22:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-07-22 16:30 . 2008-11-22 08:43 -------- d-----w- c:\progra~2\McAfee
2009-07-22 16:27 . 2008-11-22 08:45 -------- d-----w- c:\progra~2\SiteAdvisor
2009-07-22 16:23 . 2008-11-22 07:56 -------- d-----w- c:\progra~2\Hewlett-Packard
2009-07-22 16:18 . 2008-11-22 07:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 16:16 . 2008-11-22 07:55 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-22 16:16 . 2009-07-22 16:16 0 --sha-r- c:\windows\system32\drivers\103C_HP_bNB_550_Y5336AN_0U_QCNU9124R5Y_E489318-A42_4A_I3618_SHP_V12.01_68MVU F.06_T090225_WV3-1_L409_M3063_J250_7Intel_86FD_91.80_#081121_N_(NN313EA#ABU)_XMOBILE_CN10_Z_2F.06_G80862A12;80862A13.MRK
2009-06-15 15:24 . 2009-07-22 16:45 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-22 16:45 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-22 16:45 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-22 16:45 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-05-11 11:47 . 2009-05-11 11:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-07-15 21:41 . 2009-07-22 16:38 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-11-22 07:50 . 2008-11-22 07:50 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-22 133656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-27 148888]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-17 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-7-22 197904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 17:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8CEC7F03-5A32-4F69-871A-5431653341C8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9F7726A5-668A-41C5-8B9E-7EE4EC283378}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BA30B39F-A9C0-44E4-9ECC-AB4E2B8CCE97}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{40E2A57D-9490-4DF3-A102-A662A2DD8F41}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{92D9B830-B624-4607-8E84-60FBABAE5EF7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{68A50661-FA73-4A95-A0A4-82D1FE944BB8}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify
"UDP Query User{C8864670-587D-418F-B45E-E5554F9D0F64}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 OADevice;OADriver;c:\windows\System32\drivers\OADriver.sys [27/07/2009 19:33 200784]
R1 OAmon;OAmon;c:\windows\System32\drivers\OAmon.sys [27/07/2009 19:33 24656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27/07/2009 17:44 108289]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [27/07/2009 19:33 362184]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [22/11/2008 09:30 540448]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [27/07/2009 20:05 604488]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [22/11/2008 09:50 193840]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 07:29 3658752]
R3 OAnet;OnlineArmor Service;c:\windows\System32\drivers\OAnet.sys [27/07/2009 19:33 30800]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [27/07/2009 19:33 3142344]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 03:23 179712]
S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [08/06/2007 17:49 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\System32\flcdlock.exe [08/06/2007 18:06 172131]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08/04/2008 13:12 1112560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\h2fow90e.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-07-31 18:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000004A058B61312D3BBA7D 524288 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6076)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\windows\system32\BtwNamespaceExt.dll
c:\windows\system32\BtwNeLib.dll
c:\windows\system32\btwapi.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btrez.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\AEADISRV.EXE
c:\windows\System32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Tall Emu\Online Armor\oahlp.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\windows\System32\WUDFHost.exe
.
**************************************************************************
.
Completion time: 2009-07-31 18:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-31 17:19

Pre-Run: 208,390,021,120 bytes free
Post-Run: 208,430,071,808 bytes free

362 --- E O F --- 2009-07-24 10:29
w.k.bradley is offline  
Old 07-31-2009, 06:01 PM   #8
Security Team
Analyst
 
thewall's Avatar
 
Join Date: Jun 2009
Location: Florida
Posts: 981
OS: Windows XP, Windows 7, Windows 8



Please perform the following next:

Click Start>Run and copy/paste the following bolded text into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A report should pop open for you. Please post the contents of that report in your next reply.
__________________
thewall is offline  
Old 08-02-2009, 04:09 PM   #9
Guest
 
Join Date: Jul 2009
Posts: 10
OS:



2009-07-31 16:52:07 . 2009-07-31 16:52:07 6,947 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-07-31 16:44:42 . 2009-07-31 16:44:42 1,290,129 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Tall Emu\Online Armor\_OAwatch_.dll.zip
2009-07-31 15:47:30 . 2009-07-31 15:47:30 951 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ESQULserv.sys.reg.dat
2009-07-31 15:45:16 . 2009-07-31 16:44:43 699 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-07-27 18:33:38 . 2009-07-31 16:44:43 860,360 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Tall Emu\Online Armor\OAwatch.dll.vir
2009-07-27 17:47:32 . 2009-07-27 17:47:32 6,511,616 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\2aecbf.msi.vir
2009-07-23 21:36:58 . 2009-07-31 15:38:34 4 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\ESQULzcounter.vir
w.k.bradley is offline  
Old 08-02-2009, 05:36 PM   #10
Security Team
Analyst
 
thewall's Avatar
 
Join Date: Jun 2009
Location: Florida
Posts: 981
OS: Windows XP, Windows 7, Windows 8



Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.
__________________
thewall is offline  
Old 08-03-2009, 04:05 PM   #11
Guest
 
Join Date: Jul 2009
Posts: 10
OS:



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, August 3, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, August 03, 2009 16:57:22
Records in database: 2577101
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 131691
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:31:01

No malware has been detected. The scan area is clean.

The selected area was scanned.
w.k.bradley is offline  
Old 08-03-2009, 04:51 PM   #12
Guest
 
Join Date: Jul 2009
Posts: 10
OS:



Looks like everything is working fine now have been able to install malwarebytes and my system shows up clean! No more redirecting from what I can tell... looks fixed! Thanks for your time, is there anything else I can do to be sure? You guys provide a great service, really apprieciated!
w.k.bradley is offline  
Old 08-03-2009, 07:17 PM   #13
Security Team
Analyst
 
thewall's Avatar
 
Join Date: Jun 2009
Location: Florida
Posts: 981
OS: Windows XP, Windows 7, Windows 8



Thank you but don't go away quite yet. We still have a little bit left to do.


Special ComboFix script made for this computer only

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs including TeaTimer if you have it so they do not interfere with the running of ComboFix. Instructions for doing so are located here

3. Open notepad and copy/paste the text in the quotebox below into it:
Quote:
DeQuarantine::
C:\Qoobox\Quarantine\C\Program Files\Tall Emu\Online Armor\OAwatch.dll.vir
Quit:

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

ComboFix will alert you that an update is available - be sure to allow the update.

When finished, it shall produce a DeQuarantine.txt log which I will require in your next reply.
__________________
thewall is offline  
Old 08-05-2009, 12:07 PM   #14
Guest
 
Join Date: Jul 2009
Posts: 10
OS:



ComboFix 09-08-04.03 - Will 05/08/2009 18:54.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3062.1765 [GMT 1:00]
Running from: c:\users\Will\Desktop\CombiFix.exe
Command switches used :: c:\users\Will\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.

2009-08-05 17:58 . 2009-08-05 17:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-05 17:44 . 2009-08-05 17:45 -------- d-----w- c:\windows\LastGood
2009-08-05 14:08 . 2009-08-05 14:08 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-08-05 13:53 . 2009-08-05 13:52 404737 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-05 13:53 . 2009-06-03 15:26 345345 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-08-05 13:53 . 2009-04-09 09:20 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-08-05 13:53 . 2009-02-13 15:01 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-08-05 13:53 . 2008-12-05 10:32 126721 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-03 22:10 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 22:10 . 2009-08-03 22:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 22:10 . 2009-08-03 22:10 -------- d-----w- c:\programdata\Malwarebytes
2009-08-03 22:10 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 16:12 . 2009-08-03 16:12 -------- d-----w- c:\windows\Sun
2009-07-31 18:29 . 2009-07-31 18:29 -------- d-----w- c:\programdata\Nokia
2009-07-31 18:28 . 2009-07-31 18:27 24500120 ----a-w- c:\programdata\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NokiaSoftwareUpdaterSetup_en_us.exe
2009-07-31 18:27 . 2009-07-31 18:27 3351812 ----a-w- c:\programdata\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\msxml6Exec.exe
2009-07-31 18:27 . 2009-07-31 18:27 36864 ----a-w- c:\programdata\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe
2009-07-31 18:27 . 2009-07-31 18:27 3181612 ----a-w- c:\programdata\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\vcredistExec.exe
2009-07-31 16:53 . 2009-08-05 17:58 -------- d-----w- c:\users\Will\AppData\Local\temp
2009-07-31 16:36 . 2009-07-31 16:36 -------- d-----w- c:\users\Will\AppData\Roaming\Malwarebytes
2009-07-29 20:15 . 2009-07-29 20:15 -------- d-----w- c:\users\Will\AppData\Local\Google
2009-07-29 20:15 . 2009-07-29 20:15 -------- d-----w- c:\program files\Google
2009-07-27 19:44 . 2009-07-27 19:44 -------- d-----w- c:\programdata\F-Secure
2009-07-27 19:05 . 2009-07-27 19:05 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-27 19:05 . 2009-07-15 10:48 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-07-27 19:05 . 2009-07-15 10:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-27 19:05 . 2009-07-27 19:05 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-27 19:05 . 2009-07-27 19:05 -------- d-----w- c:\users\Will\AppData\Roaming\TuneUp Software
2009-07-27 19:04 . 2009-07-27 19:05 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-27 19:04 . 2009-07-27 19:04 -------- d-----w- c:\programdata\TuneUp Software
2009-07-27 19:04 . 2009-07-27 19:04 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-27 18:34 . 2009-07-27 20:37 -------- d-----w- c:\programdata\OnlineArmor
2009-07-27 18:34 . 2009-07-27 18:34 -------- d-----w- c:\users\Will\AppData\Roaming\OnlineArmor
2009-07-27 18:33 . 2009-07-11 04:17 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-07-27 18:33 . 2009-07-11 04:17 30800 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-07-27 18:33 . 2009-07-11 04:17 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-07-27 18:33 . 2009-07-27 18:33 -------- d-----w- c:\program files\Tall Emu
2009-07-27 17:48 . 2009-07-27 17:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-27 17:48 . 2009-07-27 17:48 -------- d-----w- c:\users\Will\AppData\Roaming\SUPERAntiSpyware.com
2009-07-27 17:47 . 2009-07-27 17:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\SpywareBlaster
2009-07-27 16:44 . 2009-08-05 13:53 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-27 16:44 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-27 16:44 . 2009-07-27 16:44 -------- d-----w- c:\programdata\Avira
2009-07-27 16:44 . 2009-07-27 16:44 -------- d-----w- c:\program files\Avira
2009-07-27 14:31 . 2009-07-27 14:56 -------- d-----w- c:\users\Will\AppData\Roaming\Spotify
2009-07-27 14:31 . 2009-07-27 14:31 -------- d-----w- c:\users\Will\AppData\Local\Spotify
2009-07-27 14:30 . 2009-07-27 14:30 -------- d-----w- c:\program files\Spotify
2009-07-27 11:17 . 2009-07-27 11:16 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-27 10:41 . 2009-07-27 10:41 -------- d-----w- c:\users\Will\AppData\Roaming\AVG8
2009-07-24 16:39 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-07-24 16:33 . 2009-07-24 16:33 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-24 16:33 . 2009-07-24 16:33 -------- d-----w- c:\users\Will\AppData\Local\Microsoft Help
2009-07-24 16:32 . 2009-07-24 16:32 -------- d--h--r- C:\MSOCache
2009-07-24 11:20 . 2009-08-04 10:40 -------- d-----w- c:\users\Will\AppData\Roaming\vlc
2009-07-24 11:18 . 2009-07-24 11:18 -------- d-----w- c:\program files\VideoLAN
2009-07-24 11:05 . 2009-07-24 11:05 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-24 11:05 . 2009-07-31 18:28 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-24 11:04 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-24 11:04 . 2009-07-24 11:04 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-24 11:00 . 2009-07-24 10:48 33816384 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_us.exe
2009-07-24 11:00 . 2009-07-24 11:00 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-24 11:00 . 2009-07-24 11:00 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-24 11:00 . 2009-07-24 11:00 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-24 11:00 . 2009-07-24 11:00 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-23 22:02 . 2009-07-23 22:03 -------- d-----w- c:\users\Will\AppData\Roaming\PC Suite
2009-07-23 22:02 . 2009-07-27 18:46 -------- d-----w- c:\programdata\PC Suite
2009-07-23 22:02 . 2009-07-24 10:30 -------- d-----w- c:\users\Will\AppData\Roaming\Nokia
2009-07-23 22:02 . 2009-07-24 11:04 -------- d-----w- c:\program files\DIFX
2009-07-23 22:01 . 2009-07-24 11:04 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-23 21:57 . 2009-07-31 18:28 -------- d-----w- c:\program files\Nokia
2009-07-23 21:57 . 2009-02-09 07:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-07-23 21:57 . 2009-07-23 21:56 33731296 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng_us_web.exe
2009-07-23 21:57 . 2009-07-23 21:57 8192 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-23 21:57 . 2009-07-23 21:57 61440 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-23 21:57 . 2009-07-23 21:57 10240 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-23 21:57 . 2009-07-31 18:27 -------- d-----w- c:\programdata\Installations
2009-07-22 23:01 . 2009-08-05 14:04 3131 ----a-w- c:\windows\bthservsdp.dat
2009-07-22 17:37 . 2009-07-27 20:00 -------- d-----w- c:\users\Will\AppData\Roaming\BitTorrent
2009-07-22 17:34 . 2009-07-27 20:00 -------- d-----w- c:\program files\BitTorrent
2009-07-22 17:02 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-22 16:52 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-22 16:52 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-22 16:52 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-22 16:52 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-22 16:52 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-22 16:52 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-22 16:52 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-22 16:48 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-22 16:48 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-22 16:48 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-22 16:48 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-22 16:48 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-22 16:47 . 2009-07-22 16:47 -------- d-----w- c:\program files\MSXML 4.0
2009-07-22 16:44 . 2009-02-13 08:49 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-07-22 16:44 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-07-22 16:44 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-07-22 16:44 . 2009-02-13 08:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-07-22 16:44 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-07-22 16:44 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2009-07-22 16:41 . 2008-09-10 03:40 1334272 ----a-w- c:\windows\system32\msxml6.dll
2009-07-22 16:38 . 2009-07-22 16:38 -------- d-----w- c:\users\Will\AppData\Local\Mozilla
2009-07-22 16:36 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-07-22 16:36 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-07-22 16:36 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-07-22 16:36 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-07-22 16:36 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-07-22 16:36 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-07-22 16:36 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-07-22 16:36 . 2008-10-16 13:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-07-22 16:36 . 2008-10-16 12:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-07-22 16:29 . 2008-04-21 07:28 384 ----a-w- c:\windows\myClean.bat
2009-07-22 16:27 . 2009-07-22 16:27 -------- d-----w- c:\users\Will\Bluetooth Software
2009-07-22 16:27 . 2009-08-05 14:10 115312 ----a-w- c:\users\Will\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-22 16:26 . 2009-07-22 16:26 44 ----a-w- c:\windows\system\hpsysdrv.dat
2009-07-22 16:24 . 2009-07-23 22:04 -------- d-----w- c:\users\Will\AppData\Roaming\Hewlett-Packard
2009-07-22 16:21 . 2008-04-22 07:46 80936 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2009-07-22 16:21 . 2008-04-22 07:46 80424 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2009-07-22 16:21 . 2008-04-22 07:46 16168 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2009-07-22 16:21 . 2008-04-22 07:46 233472 ----a-w- c:\windows\system32\BtwRSupport.dll
2009-07-22 16:21 . 2009-07-22 16:21 -------- d-----w- c:\windows\system32\es-MX
2009-07-22 16:21 . 2009-07-22 16:21 -------- d-----w- c:\windows\system32\es-AR
2009-07-22 16:21 . 2009-07-22 16:21 -------- d-----w- c:\program files\WIDCOMM
2009-07-22 16:18 . 2002-11-22 01:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-07-22 16:18 . 2002-11-22 01:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 17:45 . 2009-08-05 17:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-05 14:09 . 2008-04-17 10:29 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-08-05 14:03 . 2008-11-22 08:21 -------- d-----w- c:\programdata\Microsoft Help
2009-07-29 20:19 . 2009-07-29 20:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-27 19:52 . 2008-11-22 08:49 -------- d-----w- c:\program files\Java
2009-07-24 16:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-07-24 11:11 . 2009-07-24 11:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-23 22:03 . 2009-07-23 22:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-07-22 16:30 . 2008-11-22 08:43 -------- d-----w- c:\programdata\McAfee
2009-07-22 16:27 . 2008-11-22 08:45 -------- d-----w- c:\programdata\SiteAdvisor
2009-07-22 16:23 . 2008-11-22 07:56 -------- d-----w- c:\programdata\Hewlett-Packard
2009-07-22 16:18 . 2008-11-22 07:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 16:16 . 2008-11-22 07:55 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-22 16:16 . 2009-07-22 16:16 0 --sha-r- c:\windows\system32\drivers\103C_HP_bNB_550_Y5336AN_0U_QCNU9124R5Y_E489318-A42_4A_I3618_SHP_V12.01_68MVU F.06_T090225_WV3-1_L409_M3063_J250_7Intel_86FD_91.80_#081121_N_(NN313EA#ABU)_XMOBILE_CN10_Z_2F.06_G80862A12;80862A13.MRK
2009-07-18 16:06 . 2009-08-01 03:41 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-01 03:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-01 03:41 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-15 15:24 . 2009-07-22 16:45 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-22 16:45 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-22 16:45 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-22 16:45 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-05-11 11:47 . 2009-05-11 11:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2008-11-22 07:50 . 2008-11-22 07:50 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( [email protected]_17.16.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-31 18:28 . 2009-07-31 18:28 65536 c:\windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2\vcomp.dll
+ 2009-07-31 18:27 . 2009-07-31 18:27 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80KOR.dll
+ 2009-07-31 18:27 . 2009-07-31 18:27 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80JPN.dll
+ 2009-07-31 18:27 . 2009-07-31 18:27 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ITA.dll
+ 2009-07-31 18:27 . 2009-07-31 18:27 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80FRA.dll
+ 2009-07-31 18:27 . 2009-07-31 18:27 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ESP.dll
+ 2009-07-31 18:27 . 2009-07-31 18:27 57344 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ENU.dll
+ 2009-07-31 18:27 . 2009-07-31 18:27 65536 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80DEU.dll
+ 2009-07-31 18:27 . 2009-07-31 18:27 45056 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80CHT.dll
+ 2009-07-31 18:27 . 2009-07-31 18:27 40960 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80CHS.dll
+ 2009-08-01 03:41 . 2009-07-18 12:09 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21089_none_2a4b88e181591ecb\iebrshim.dll
+ 2009-08-01 03:41 . 2009-07-18 12:10 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16890_none_29ae416e684b83a1\iebrshim.dll
+ 2009-08-01 03:41 . 2009-07-18 12:09 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21089_none_c42672717aa9496e\iesetup.dll
+ 2009-08-01 03:41 . 2009-07-18 12:09 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21089_none_c42672717aa9496e\iernonce.dll
+ 2009-08-01 03:41 . 2009-07-18 10:02 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21089_none_c42672717aa9496e\ie4uinit.exe
+ 2009-08-01 03:41 . 2009-07-18 12:10 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16890_none_c3892afe619bae44\iesetup.dll
+ 2009-08-01 03:41 . 2009-07-18 12:10 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16890_none_c3892afe619bae44\iernonce.dll
+ 2009-08-01 03:41 . 2009-07-18 10:00 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16890_none_c3892afe619bae44\ie4uinit.exe
+ 2009-08-01 03:41 . 2009-07-18 09:52 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\ieUnatt.exe
+ 2009-08-01 03:41 . 2009-07-18 09:46 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\ieUnatt.exe
+ 2009-08-01 03:41 . 2009-07-18 10:02 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\ieUnatt.exe
+ 2009-08-01 03:41 . 2009-07-18 10:00 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\ieUnatt.exe
+ 2009-08-01 03:41 . 2009-07-18 12:09 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21089_none_58f13cb3806e0725\icardie.dll
+ 2009-08-01 03:41 . 2009-07-18 12:10 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16890_none_5853f54067606bfb\icardie.dll
+ 2009-08-01 03:41 . 2009-07-18 09:51 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22475_none_f3b07afbd37875ca\mshtmler.dll
+ 2009-08-01 03:41 . 2009-07-18 11:52 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22475_none_f3b07afbd37875ca\ieencode.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18294_none_f3103c28ba6bf764\mshtmler.dll
+ 2009-08-01 03:41 . 2009-07-18 16:01 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18294_none_f3103c28ba6bf764\ieencode.dll
+ 2009-08-01 03:41 . 2009-07-18 08:42 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21089_none_f1c343cdd6569c41\mshtmler.dll
+ 2009-08-01 03:41 . 2009-07-18 12:09 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21089_none_f1c343cdd6569c41\ieencode.dll
+ 2009-08-01 03:41 . 2009-07-18 08:34 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16890_none_f125fc5abd490117\mshtmler.dll
+ 2009-08-01 03:41 . 2009-07-18 12:10 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16890_none_f125fc5abd490117\ieencode.dll
+ 2009-08-01 03:41 . 2009-07-18 11:50 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22475_none_ae7516482017c315\admparse.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18294_none_add4d775070b44af\admparse.dll
+ 2009-08-01 03:41 . 2009-07-18 12:06 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21089_none_ac87df1a22f5e98c\admparse.dll
+ 2009-08-01 03:41 . 2009-07-18 12:07 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16890_none_abea97a709e84e62\admparse.dll
+ 2009-08-01 03:41 . 2009-07-18 09:36 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22180_none_04028882b857ddd1\WininetPlugin.dll
+ 2009-08-01 03:41 . 2009-07-18 11:45 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22180_none_04028882b857ddd1\jsproxy.dll
+ 2009-07-22 16:46 . 2009-04-11 06:28 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18071_none_0384bbed9f313b6d\WininetPlugin.dll
+ 2009-07-22 16:46 . 2009-04-11 06:28 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18071_none_0384bbed9f313b6d\jsproxy.dll
+ 2009-08-01 03:41 . 2009-07-18 11:56 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22475_none_022be7f8bb24eb6f\WininetPlugin.dll
+ 2009-08-01 03:41 . 2009-07-18 11:53 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22475_none_022be7f8bb24eb6f\jsproxy.dll
+ 2008-11-22 07:52 . 2008-11-22 07:52 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\WininetPlugin.dll
+ 2009-08-01 03:41 . 2009-07-18 16:02 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\jsproxy.dll
+ 2009-08-01 03:41 . 2009-07-18 12:16 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21089_none_003eb0cabe0311e6\WininetPlugin.dll
+ 2009-08-01 03:41 . 2009-07-18 12:10 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21089_none_003eb0cabe0311e6\jsproxy.dll
+ 2009-08-01 03:41 . 2009-07-18 12:17 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16890_none_ffa16957a4f576bc\WininetPlugin.dll
+ 2009-08-01 03:41 . 2009-07-18 12:11 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16890_none_ffa16957a4f576bc\jsproxy.dll
+ 2009-08-01 03:41 . 2009-07-18 12:15 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.21089_none_ec1c2c762f9973ef\pngfilt.dll
+ 2009-08-01 03:41 . 2009-07-18 12:15 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16890_none_eb7ee503168bd8c5\pngfilt.dll
+ 2008-01-21 01:58 . 2009-08-05 14:10 43056 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-07-24 18:50 . 2006-07-24 18:50 47920 c:\windows\System32\VBAME.DLL
+ 2006-07-24 09:50 . 2006-07-24 09:50 47920 c:\windows\System32\VBAME.DLL
+ 2006-07-24 09:50 . 2006-07-24 09:50 39728 c:\windows\System32\SCP32.DLL
- 2006-07-24 18:50 . 2006-07-24 18:50 39728 c:\windows\System32\SCP32.DLL
- 2009-07-22 16:46 . 2009-04-24 16:02 28160 c:\windows\System32\jsproxy.dll
+ 2009-08-01 03:41 . 2009-07-18 16:02 28160 c:\windows\System32\jsproxy.dll
- 2006-10-26 21:10 . 2006-10-26 21:10 33088 c:\windows\System32\FM20ENU.DLL
+ 2006-10-26 13:10 . 2006-10-26 13:10 33088 c:\windows\System32\FM20ENU.DLL
- 2006-11-02 09:14 . 2006-11-02 09:14 18944 c:\windows\System32\drivers\usbprint.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 18944 c:\windows\System32\drivers\usbprint.sys
- 2006-11-02 08:55 . 2006-11-02 08:55 73216 c:\windows\System32\drivers\usbccgp.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 73216 c:\windows\System32\drivers\usbccgp.sys
+ 2009-07-22 23:01 . 2009-08-05 17:52 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-22 23:01 . 2009-07-31 16:56 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-22 23:01 . 2009-08-05 17:52 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-22 23:01 . 2009-07-31 16:56 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-22 23:01 . 2009-07-31 16:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-22 23:01 . 2009-08-05 17:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-05 17:45 . 2006-11-02 09:14 18944 c:\windows\LastGood\system32\drivers\usbprint.sys
+ 2009-08-05 17:44 . 2006-11-02 08:55 73216 c:\windows\LastGood\system32\drivers\usbccgp.sys
+ 2009-07-31 18:28 . 2009-07-31 18:28 10134 c:\windows\Installer\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\ARPPRODUCTICON.exe
+ 2009-07-24 16:39 . 2009-08-05 14:03 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-07-24 16:39 . 2009-07-24 16:39 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-07-24 16:39 . 2009-08-05 14:03 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-07-24 16:39 . 2009-07-24 16:39 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-07-24 16:39 . 2009-08-05 14:03 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-07-24 16:39 . 2009-07-24 16:39 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-11-02 10:25 . 2009-08-05 15:00 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-07-31 16:44 51200 c:\windows\inf\infpub.dat
+ 2009-07-22 16:17 . 2009-08-05 14:10 5204 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-48853071-3864755990-352854806-1004_UserData.bin
+ 2009-08-05 14:08 . 2009-08-05 14:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-31 16:46 . 2009-07-31 16:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-31 16:46 . 2009-07-31 16:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-05 14:08 . 2009-08-05 14:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-31 18:28 . 2009-07-31 18:28 8854 c:\windows\Installer\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
+ 2009-07-31 18:28 . 2009-07-31 18:28 8854 c:\windows\Installer\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NewShortcut37_E2CBBE559A074AF98E8596196B075190.exe
+ 2009-07-31 18:28 . 2009-07-31 18:28 8854 c:\windows\Installer\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
+ 2009-08-01 03:41 . 2009-07-18 10:02 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21089_none_0b99cb87f04d1d33\ieuser.exe
+ 2009-08-01 03:41 . 2009-07-18 10:01 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16890_none_0afc8414d73f8209\ieuser.exe
+ 2009-08-01 03:41 . 2009-07-18 10:02 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21089_none_e6f1966badd25d81\ieinstal.exe
+ 2009-08-01 03:41 . 2009-07-18 10:01 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16890_none_e6544ef894c4c257\ieinstal.exe
+ 2009-08-01 03:41 . 2009-07-18 09:24 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22180_none_66bc01a4c4a3d534\ieui.dll
+ 2009-08-01 03:41 . 2009-07-18 09:20 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18071_none_663e350fab7d32d0\ieui.dll
+ 2009-08-01 03:41 . 2009-07-18 11:52 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22475_none_64e5611ac770e2d2\ieui.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18294_none_64452247ae64646c\ieui.dll
+ 2009-08-01 03:41 . 2009-07-18 12:09 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21089_none_62f829ecca4f0949\ieui.dll
+ 2009-08-01 03:41 . 2009-07-18 12:10 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16890_none_625ae279b1416e1f\ieui.dll
+ 2009-08-01 03:41 . 2009-07-18 11:56 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22475_none_47e69ed4a5d609cc\sqmapi.dll
+ 2009-08-01 03:41 . 2009-07-18 11:52 271360 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22475_none_47e69ed4a5d609cc\iertutil.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18294_none_474660018cc98b66\sqmapi.dll
+ 2009-08-01 03:41 . 2009-07-18 16:01 270848 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18294_none_474660018cc98b66\iertutil.dll
+ 2009-08-01 03:41 . 2009-07-18 12:15 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21089_none_45f967a6a8b43043\sqmapi.dll
+ 2009-08-01 03:41 . 2009-07-18 12:09 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21089_none_45f967a6a8b43043\iertutil.dll
+ 2009-08-01 03:41 . 2009-07-18 12:16 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16890_none_455c20338fa69519\sqmapi.dll
+ 2009-08-01 03:41 . 2009-07-18 12:10 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16890_none_455c20338fa69519\iertutil.dll
+ 2009-08-01 03:41 . 2009-07-18 11:55 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22475_none_37695ca72d74ef3a\occache.dll
+ 2009-08-01 03:41 . 2009-07-18 16:04 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18294_none_36c91dd4146870d4\occache.dll
+ 2009-08-01 03:41 . 2009-07-18 12:14 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21089_none_357c2579305315b1\occache.dll
+ 2009-08-01 03:41 . 2009-07-18 12:15 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16890_none_34dede0617457a87\occache.dll
+ 2009-08-01 03:41 . 2009-07-18 11:55 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
+ 2009-08-01 03:41 . 2009-07-18 21:39 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
+ 2009-08-01 03:41 . 2009-07-18 12:16 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
+ 2009-08-01 03:41 . 2009-07-18 12:16 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
+ 2009-08-01 03:41 . 2009-07-18 12:12 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21089_none_467ea6b45f94c4f4\mshtmled.dll
+ 2009-08-01 03:41 . 2009-07-18 12:13 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16890_none_45e15f41468729ca\mshtmled.dll
+ 2009-08-01 03:41 . 2009-07-18 11:54 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22475_none_60297ec753c83e27\msfeeds.dll
+ 2009-08-01 03:41 . 2009-07-18 16:02 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18294_none_5f893ff43abbbfc1\msfeeds.dll
+ 2009-08-01 03:41 . 2009-07-18 12:12 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.21089_none_5e3c479956a6649e\msfeeds.dll
+ 2009-08-01 03:41 . 2009-07-18 12:13 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16890_none_5d9f00263d98c974\msfeeds.dll
+ 2009-08-01 03:41 . 2009-07-18 12:08 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21089_none_961c0c5c9dd41267\dxtrans.dll
+ 2009-08-01 03:41 . 2009-07-18 12:08 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21089_none_961c0c5c9dd41267\dxtmsft.dll
+ 2009-08-01 03:41 . 2009-07-18 12:09 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16890_none_957ec4e984c6773d\dxtrans.dll
+ 2009-08-01 03:41 . 2009-07-18 12:09 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16890_none_957ec4e984c6773d\dxtmsft.dll
+ 2009-08-01 03:41 . 2009-07-18 12:09 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21089_none_f9e7d3a487ee8c39\ieapfltr.dll
+ 2009-08-01 03:41 . 2009-07-18 12:10 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16890_none_f94a8c316ee0f10f\ieapfltr.dll
+ 2009-08-01 03:41 . 2009-07-18 11:52 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22475_none_ae7516482017c315\ieakui.dll
+ 2009-08-01 03:41 . 2009-07-18 11:52 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22475_none_ae7516482017c315\ieaksie.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18294_none_add4d775070b44af\ieakui.dll
+ 2009-08-01 03:41 . 2009-07-18 16:01 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18294_none_add4d775070b44af\ieaksie.dll
+ 2009-08-01 03:41 . 2009-07-18 12:09 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21089_none_ac87df1a22f5e98c\ieakui.dll
+ 2009-08-01 03:41 . 2009-07-18 12:09 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21089_none_ac87df1a22f5e98c\ieaksie.dll
+ 2009-08-01 03:41 . 2009-07-18 12:10 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16890_none_abea97a709e84e62\ieakui.dll
+ 2009-08-01 03:41 . 2009-07-18 12:10 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16890_none_abea97a709e84e62\ieaksie.dll
+ 2009-08-01 03:41 . 2009-07-18 11:52 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.22475_none_749360f470cf0c36\iedkcs32.dll
+ 2009-08-01 03:41 . 2009-07-18 16:01 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.18294_none_73f3222157c28dd0\iedkcs32.dll
+ 2009-08-01 03:41 . 2009-07-18 12:09 388608 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.21089_none_72a629c673ad32ad\iedkcs32.dll
+ 2009-08-01 03:41 . 2009-07-18 12:10 385024 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.16890_none_7208e2535a9f9783\iedkcs32.dll
+ 2009-08-01 03:41 . 2009-07-18 11:47 828928 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22180_none_04028882b857ddd1\wininet.dll
+ 2009-08-01 03:41 . 2009-07-18 11:35 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18071_none_0384bbed9f313b6d\wininet.dll
+ 2009-08-01 03:41 . 2009-07-18 11:56 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22475_none_022be7f8bb24eb6f\wininet.dll
+ 2009-08-01 03:41 . 2009-07-18 16:06 827904 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\wininet.dll
+ 2009-08-01 03:41 . 2009-07-18 12:16 828928 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21089_none_003eb0cabe0311e6\wininet.dll
+ 2009-08-01 03:41 . 2009-07-18 12:17 827392 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16890_none_ffa16957a4f576bc\wininet.dll
+ 2009-08-01 03:41 . 2009-07-18 11:54 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22475_none_e1089b1f95c4844b\mstime.dll
+ 2009-08-01 03:41 . 2009-07-18 16:03 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18294_none_e0685c4c7cb805e5\mstime.dll
+ 2009-08-01 03:41 . 2009-07-18 12:13 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.21089_none_df1b63f198a2aac2\mstime.dll
+ 2009-08-01 03:41 . 2009-07-18 12:13 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16890_none_de7e1c7e7f950f98\mstime.dll
+ 2009-08-01 03:41 . 2009-07-18 12:06 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21089_none_aa2122c70f008df0\advpack.dll
+ 2009-08-01 03:41 . 2009-07-18 12:07 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16890_none_a983db53f5f2f2c6\advpack.dll
+ 2009-07-22 23:59 . 2009-08-05 13:52 185786 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-23 00:15 . 2009-08-05 17:44 289880 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2009-08-05 14:10 102582 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 10:33 . 2009-07-31 17:01 638782 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-05 17:46 638782 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-05 17:46 121746 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-31 17:01 121746 c:\windows\System32\perfc009.dat
+ 2009-08-01 03:41 . 2009-07-18 16:04 146432 c:\windows\System32\occache.dll
+ 2009-08-01 03:41 . 2009-07-18 16:03 671232 c:\windows\System32\mstime.dll
- 2009-07-22 16:46 . 2009-04-24 16:03 671232 c:\windows\System32\mstime.dll
- 2006-07-24 18:50 . 2006-07-24 18:50 125744 c:\windows\System32\MSSTDFMT.DLL
+ 2006-07-24 09:50 . 2006-07-24 09:50 125744 c:\windows\System32\MSSTDFMT.DLL
+ 2009-08-01 03:41 . 2009-07-18 16:02 458240 c:\windows\System32\msfeeds.dll
- 2009-07-22 16:46 . 2009-04-24 16:03 458240 c:\windows\System32\msfeeds.dll
- 2009-07-22 16:46 . 2009-04-24 16:02 270848 c:\windows\System32\iertutil.dll
+ 2009-08-01 03:41 . 2009-07-18 16:01 270848 c:\windows\System32\iertutil.dll
- 2009-07-22 16:46 . 2009-04-24 16:02 389120 c:\windows\System32\iedkcs32.dll
+ 2009-08-01 03:41 . 2009-07-18 16:01 389120 c:\windows\System32\iedkcs32.dll
+ 2009-08-01 03:41 . 2009-07-18 16:01 230400 c:\windows\System32\ieaksie.dll
- 2009-07-22 16:46 . 2009-04-24 16:02 230400 c:\windows\System32\ieaksie.dll
+ 2006-11-02 12:47 . 2009-08-05 14:09 410544 c:\windows\System32\FNTCACHE.DAT
+ 2008-01-21 02:23 . 2008-01-21 02:23 220160 c:\windows\System32\drivers\UMDF\WpdFs.dll
+ 2009-07-31 18:27 . 2009-07-31 18:27 331264 c:\windows\Installer\43d91.msi
+ 2009-07-31 18:28 . 2009-07-31 18:28 458752 c:\windows\Installer\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NewShortcut20_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2009-07-31 18:28 . 2009-07-31 18:28 458752 c:\windows\Installer\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NewShortcut16_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2009-08-05 14:01 . 2009-08-05 14:01 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2008-11-22 08:23 . 2008-11-22 08:23 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2009-07-24 16:39 . 2009-07-24 16:39 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-24 16:39 . 2009-08-05 14:03 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-24 16:39 . 2009-08-05 14:03 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-07-24 16:39 . 2009-07-24 16:39 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-07-24 16:39 . 2009-08-05 14:03 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-07-24 16:39 . 2009-07-24 16:39 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-07-24 16:39 . 2009-08-05 14:03 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-07-24 16:39 . 2009-07-24 16:39 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-07-24 16:39 . 2009-07-24 16:39 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-07-24 16:39 . 2009-08-05 14:03 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-07-24 16:39 . 2009-08-05 14:03 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-07-24 16:39 . 2009-07-24 16:39 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-07-24 16:39 . 2009-08-05 14:03 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-07-24 16:39 . 2009-07-24 16:39 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2006-11-02 10:25 . 2009-08-05 15:00 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-07-31 16:44 143360 c:\windows\inf\infstrng.dat
+ 2009-08-01 03:41 . 2009-07-18 11:45 6081024 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22180_none_66bc01a4c4a3d534\ieframe.dll
+ 2009-08-01 03:41 . 2009-07-18 11:32 6079488 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18071_none_663e350fab7d32d0\ieframe.dll
+ 2009-08-01 03:41 . 2009-07-18 09:55 6072832 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22475_none_64e5611ac770e2d2\ieframe.dll
+ 2009-08-01 03:41 . 2009-07-18 16:01 6069248 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18294_none_64452247ae64646c\ieframe.dll
+ 2009-08-01 03:41 . 2009-07-18 12:09 6070784 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21089_none_62f829ecca4f0949\ieframe.dll
+ 2009-08-01 03:41 . 2009-07-18 12:10 6067200 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16890_none_625ae279b1416e1f\ieframe.dll
+ 2009-08-01 03:41 . 2009-07-18 11:45 3600384 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22180_none_155ca7a138ae4707\mshtml.dll
+ 2009-08-01 03:41 . 2009-07-18 11:33 3599360 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18071_none_14dedb0c1f87a4a3\mshtml.dll
+ 2009-08-01 03:41 . 2009-07-18 11:54 3584512 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22475_none_138607173b7b54a5\mshtml.dll
+ 2009-08-01 03:41 . 2009-07-18 16:02 3583488 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18294_none_12e5c844226ed63f\mshtml.dll
+ 2009-08-01 03:41 . 2009-07-18 12:12 3600384 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21089_none_1198cfe93e597b1c\mshtml.dll
+ 2009-08-01 03:41 . 2009-07-18 12:13 3597824 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16890_none_10fb8876254bdff2\mshtml.dll
+ 2009-08-01 03:41 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21089_none_f9e7d3a487ee8c39\ieapfltr.dat
+ 2009-08-01 03:41 . 2009-06-18 06:57 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16890_none_f94a8c316ee0f10f\ieapfltr.dat
+ 2009-08-01 03:41 . 2009-07-18 11:47 1167872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22180_none_b6fcace0ed4eb73e\urlmon.dll
+ 2009-08-01 03:41 . 2009-07-18 11:34 1167872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18071_none_b67ee04bd42814da\urlmon.dll
+ 2009-08-01 03:41 . 2009-07-18 11:56 1166848 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22475_none_b5260c56f01bc4dc\urlmon.dll
+ 2009-08-01 03:41 . 2009-07-18 16:06 1166336 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18294_none_b485cd83d70f4676\urlmon.dll
+ 2009-08-01 03:41 . 2009-07-18 12:16 1163264 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21089_none_b338d528f2f9eb53\urlmon.dll
+ 2009-08-01 03:41 . 2009-07-18 12:16 1159680 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16890_none_b29b8db5d9ec5029\urlmon.dll
+ 2009-08-01 03:41 . 2009-07-18 16:06 1166336 c:\windows\System32\urlmon.dll
- 2009-07-22 16:46 . 2009-04-24 16:05 1166336 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2009-08-05 14:08 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-07-27 17:12 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-08-01 03:41 . 2009-07-18 16:02 3583488 c:\windows\System32\mshtml.dll
+ 2009-08-01 03:41 . 2009-07-18 16:01 6069248 c:\windows\System32\ieframe.dll
- 2009-07-22 16:46 . 2009-04-24 16:02 6069248 c:\windows\System32\ieframe.dll
- 2006-10-26 22:10 . 2006-10-26 22:10 1190688 c:\windows\System32\FM20.DLL
+ 2006-10-26 13:10 . 2006-10-26 13:10 1190688 c:\windows\System32\FM20.DLL
+ 2009-07-31 18:28 . 2009-07-31 18:28 1481728 c:\windows\Installer\43d97.msi
+ 2009-07-24 16:39 . 2009-08-05 14:03 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-07-24 16:39 . 2009-07-24 16:39 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-07-24 16:39 . 2009-08-05 14:03 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-07-24 16:39 . 2009-07-24 16:39 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-07-22 17:48 . 2009-08-05 14:03 36516321 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-22 133656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-27 148888]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-17 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-7-22 197904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 17:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8CEC7F03-5A32-4F69-871A-5431653341C8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9F7726A5-668A-41C5-8B9E-7EE4EC283378}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BA30B39F-A9C0-44E4-9ECC-AB4E2B8CCE97}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{40E2A57D-9490-4DF3-A102-A662A2DD8F41}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{92D9B830-B624-4607-8E84-60FBABAE5EF7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{68A50661-FA73-4A95-A0A4-82D1FE944BB8}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify
"UDP Query User{C8864670-587D-418F-B45E-E5554F9D0F64}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 OADevice;OADriver;c:\windows\System32\drivers\OADriver.sys [27/07/2009 19:33 200784]
R1 OAmon;OAmon;c:\windows\System32\drivers\OAmon.sys [27/07/2009 19:33 24656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27/07/2009 17:44 108289]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [27/07/2009 19:33 362184]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [22/11/2008 09:30 540448]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [27/07/2009 20:05 604488]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [22/11/2008 09:50 193840]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 07:29 3658752]
R3 OAnet;OnlineArmor Service;c:\windows\System32\drivers\OAnet.sys [27/07/2009 19:33 30800]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [27/07/2009 19:33 3142344]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 03:23 179712]
S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [08/06/2007 17:49 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\System32\flcdlock.exe [08/06/2007 18:06 172131]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08/04/2008 13:12 1112560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 09:54]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\h2fow90e.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-08-05 18:58
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5344)
c:\windows\system32\btmmhook.dll
.
Completion time: 2009-08-05 19:00
ComboFix-quarantined-files.txt 2009-08-05 18:00
ComboFix2.txt 2009-07-31 17:19
C:\DeQuarantine.txt

Pre-Run: 208,732,913,664 bytes free
Post-Run: 209,533,988,864 bytes free

575 --- E O F --- 2009-08-03 16:31
w.k.bradley is offline  
Old 08-05-2009, 05:23 PM   #15
Security Team
Analyst
 
thewall's Avatar
 
Join Date: Jun 2009
Location: Florida
Posts: 981
OS: Windows XP, Windows 7, Windows 8



I need another report which should have been generated. Please do the following:


Click Start>Run and copy/paste the following bolded text into the Run box and click OK:

C:\DeQuarantine.txt

A report should pop open for you. Please post the contents of that report in your next reply.
__________________
thewall is offline  
Old 08-06-2009, 03:13 AM   #16
Guest
 
Join Date: Jul 2009
Posts: 10
OS:



C:\Qoobox\Quarantine\C\Program Files\Tall Emu\Online Armor\OAwatch.dll.vir -> C:\Program Files\Tall Emu\Online Armor\OAwatch.dll ( 860360 bytes )
w.k.bradley is offline  
Old 08-07-2009, 05:45 AM   #17
Security Team
Analyst
 
thewall's Avatar
 
Join Date: Jun 2009
Location: Florida
Posts: 981
OS: Windows XP, Windows 7, Windows 8



Let's run DDS once again like you did when you first posted your problem.



Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

I will need only the DDS.txt posted.
__________________
thewall is offline  
Old 08-08-2009, 11:04 AM   #18
Guest
 
Join Date: Jul 2009
Posts: 10
OS:



DDS (Ver_09-06-26.01) - NTFSx86
Run by Will at 18:02:00.32 on 08/08/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3062.1641 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\TUProgSt.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Users\Will\Desktop\dds.scr
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: DeviceNP - DeviceNP.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\will\appdata\roaming\mozilla\firefox\profiles\h2fow90e.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-7-27 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-7-27 24656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-27 108289]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-7-27 362184]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-11-22 540448]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-7-27 604488]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-11-22 193840]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2009-7-27 30800]
S2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-7-27 3142344]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-6-8 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-6-8 172131]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]
SUnknown rpcnetp;rpcnetp; [x]

=============== Created Last 30 ================

2009-08-08 15:23 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-08-05 19:36 <DIR> --d----- c:\programdata\WEBREG
2009-08-05 19:36 <DIR> --d----- c:\progra~2\WEBREG
2009-08-05 19:30 <DIR> --d----- c:\programdata\HP Product Assistant
2009-08-05 19:30 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-08-05 19:29 <DIR> --d----- c:\program files\common files\HP
2009-08-05 19:29 118,272 a------- c:\windows\system32\hpz3l5ha.dll
2009-08-05 19:28 165,313 a------- c:\windows\hpoins21.dat
2009-08-05 19:28 7,262 -------- c:\windows\hpomdl21.dat
2009-08-05 19:28 <DIR> --d----- c:\programdata\HP
2009-08-05 19:27 364,544 a------- c:\windows\system32\hppldcoi.dll
2009-08-05 19:27 271,704 a------- c:\windows\system32\hpzids01.dll
2009-08-05 19:27 729,088 a------- c:\windows\system32\hpowiax5.dll
2009-08-05 19:27 303,104 a------- c:\windows\system32\hpovst12.dll
2009-08-05 19:27 970,752 a------- c:\windows\system32\hpotiop5.dll
2009-08-05 18:59 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-08-05 18:45 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-03 23:10 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 23:10 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-03 23:10 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-03 23:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 23:10 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-31 19:29 <DIR> --d----- c:\programdata\Nokia
2009-07-31 19:29 <DIR> --d----- c:\progra~2\Nokia
2009-07-31 17:36 <DIR> --d----- c:\users\will\appdata\roaming\Malwarebytes
2009-07-31 16:46 219,648 a------- c:\windows\PEV.exe
2009-07-31 16:46 161,792 a------- c:\windows\SWREG.exe
2009-07-31 16:46 98,816 a------- c:\windows\sed.exe
2009-07-29 21:19 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-27 20:44 <DIR> --d----- c:\programdata\F-Secure
2009-07-27 20:44 <DIR> --d----- c:\progra~2\F-Secure
2009-07-27 20:05 604,488 a------- c:\windows\system32\TUProgSt.exe
2009-07-27 20:05 29,000 a------- c:\windows\system32\uxtuneup.dll
2009-07-27 20:05 17,224 a------- c:\windows\system32\authuitu.dll
2009-07-27 20:05 361,288 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-27 20:05 <DIR> --d----- c:\users\will\appdata\roaming\TuneUp Software
2009-07-27 20:04 <DIR> --d----- c:\programdata\TuneUp Software
2009-07-27 20:04 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-07-27 20:04 <DIR> --d----- c:\progra~2\TuneUp Software
2009-07-27 20:04 <DIR> --dsh--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-27 20:04 <DIR> --dsh--- c:\progra~2\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-27 19:34 <DIR> --d----- c:\users\will\appdata\roaming\OnlineArmor
2009-07-27 19:34 <DIR> --d----- c:\programdata\OnlineArmor
2009-07-27 19:34 <DIR> --d----- c:\progra~2\OnlineArmor
2009-07-27 19:33 30,800 a------- c:\windows\system32\drivers\OAnet.sys
2009-07-27 19:33 24,656 a------- c:\windows\system32\drivers\OAmon.sys
2009-07-27 19:33 200,784 a------- c:\windows\system32\drivers\OADriver.sys
2009-07-27 19:33 <DIR> --d----- c:\program files\Tall Emu
2009-07-27 18:48 <DIR> --d----- c:\users\will\appdata\roaming\SUPERAntiSpyware.com
2009-07-27 18:48 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-27 18:47 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-27 18:35 <DIR> a-d----- c:\programdata\TEMP
2009-07-27 18:35 <DIR> --d----- c:\program files\SpywareBlaster
2009-07-27 18:01 261,957,904 a------- c:\windows\MEMORY.DMP
2009-07-27 17:44 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-27 17:44 <DIR> --d----- c:\programdata\Avira
2009-07-27 17:44 <DIR> --d----- c:\program files\Avira
2009-07-27 17:44 <DIR> --d----- c:\progra~2\Avira
2009-07-27 15:31 <DIR> --d----- c:\users\will\appdata\roaming\Spotify
2009-07-27 15:30 <DIR> --d----- c:\program files\Spotify
2009-07-27 12:17 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-27 11:41 <DIR> --d----- c:\users\will\appdata\roaming\AVG8
2009-07-24 17:39 32,592 a------- c:\windows\system32\msonpmon.dll
2009-07-24 17:33 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-07-24 12:18 <DIR> --d----- c:\program files\VideoLAN
2009-07-24 12:11 0 a---h--- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-24 12:05 <DIR> --d----- c:\program files\common files\PCSuite
2009-07-24 12:05 <DIR> --d----- c:\program files\common files\Nokia
2009-07-24 12:04 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-24 12:04 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-07-23 23:03 0 a---h--- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-07-23 23:02 <DIR> --d----- c:\programdata\PC Suite
2009-07-23 22:57 91,136 a------- c:\windows\system32\nmwcdcls.dll
2009-07-23 22:57 <DIR> --d----- c:\program files\Nokia
2009-07-23 22:57 <DIR> --d----- c:\programdata\Installations
2009-07-23 00:01 3,131 a------- c:\windows\bthservsdp.dat
2009-07-22 18:37 <DIR> --d----- c:\users\will\appdata\roaming\BitTorrent
2009-07-22 18:34 <DIR> --d----- c:\program files\BitTorrent
2009-07-22 18:02 2,048 a------- c:\windows\system32\tzres.dll
2009-07-22 17:52 622,080 a------- c:\windows\system32\icardagt.exe
2009-07-22 17:52 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-22 17:52 97,800 a------- c:\windows\system32\infocardapi.dll
2009-07-22 17:52 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-07-22 17:52 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-07-22 17:52 11,264 a------- c:\windows\system32\icardres.dll
2009-07-22 17:52 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-07-22 17:52 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-07-22 17:48 96,760 a------- c:\windows\system32\dfshim.dll
2009-07-22 17:48 282,112 a------- c:\windows\system32\mscoree.dll
2009-07-22 17:48 41,984 a------- c:\windows\system32\netfxperf.dll
2009-07-22 17:48 158,720 a------- c:\windows\system32\mscorier.dll
2009-07-22 17:48 83,968 a------- c:\windows\system32\mscories.dll
2009-07-22 17:47 <DIR> --d----- c:\program files\MSXML 4.0
2009-07-22 17:44 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-07-22 17:44 72,704 a------- c:\windows\system32\secur32.dll
2009-07-22 17:44 24,064 a------- c:\windows\system32\amxread.dll
2009-07-22 17:44 13,824 a------- c:\windows\system32\apilogen.dll
2009-07-22 17:44 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-07-22 17:44 2,927,104 a------- c:\windows\explorer.exe
2009-07-22 17:41 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-07-22 17:36 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-07-22 17:36 83,456 a------- c:\windows\system32\wudriver.dll
2009-07-22 17:36 162,064 a------- c:\windows\system32\wuwebv.dll
2009-07-22 17:36 31,232 a------- c:\windows\system32\wuapp.exe
2009-07-22 17:29 384 a------- c:\windows\myClean.bat
2009-07-22 17:27 <DIR> --d----- c:\users\will\Bluetooth Software
2009-07-22 17:26 44 a------- c:\windows\system\hpsysdrv.dat
2009-07-22 17:21 80,936 a------- c:\windows\system32\drivers\btwavdt.sys
2009-07-22 17:21 80,424 a------- c:\windows\system32\drivers\btwaudio.sys
2009-07-22 17:21 16,168 a------- c:\windows\system32\drivers\btwrchid.sys
2009-07-22 17:21 233,472 a------- c:\windows\system32\BtwRSupport.dll
2009-07-22 17:21 <DIR> --d----- c:\windows\system32\es-MX
2009-07-22 17:21 <DIR> --d----- c:\windows\system32\es-AR
2009-07-22 17:21 <DIR> --d----- c:\program files\WIDCOMM
2009-07-22 17:18 204,800 a------- c:\windows\system32\IVIresizeW7.dll
2009-07-22 17:18 200,704 a------- c:\windows\system32\IVIresizeA6.dll
2009-07-22 17:18 192,512 a------- c:\windows\system32\IVIresizeP6.dll
2009-07-22 17:18 192,512 a------- c:\windows\system32\IVIresizeM6.dll
2009-07-22 17:18 188,416 a------- c:\windows\system32\IVIresizePX.dll
2009-07-22 17:18 20,480 a------- c:\windows\system32\IVIresize.dll
2009-07-22 17:16 <DIR> --d----- c:\program files\common files\InterVideo
2009-07-22 17:16 <DIR> --d----- c:\program files\InterVideo
2009-07-22 17:16 0 a--shr-- c:\windows\system32\drivers\103C_HP_bNB_550_Y5336AN_0U_QCNU9124R5Y_E489318-A42_4A_I3618_SHP_V12.01_68MVU F.06_T090225_WV3-1_L409_M3063_J250_7Intel_86FD_91.80_#081121_N_(NN313EA#ABU)_XMOBILE_CN10_Z_2F.06_G80862A12;80862A13.MRK
2009-07-22 17:15 <DIR> --d----- c:\users\Will

==================== Find3M ====================

2009-08-08 17:56 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-08 17:56 51,200 a------- c:\windows\inf\infpub.dat
2009-08-08 17:54 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-08-05 19:29 86,016 a------- c:\windows\inf\infstor.dat
2009-07-18 17:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 17:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 10:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-06-15 16:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 16:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 16:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 13:52 289,792 a------- c:\windows\system32\atmfd.dll
2009-05-11 12:47 1,302,600 a------- c:\windows\system32\WUDFUpdate_01007.dll
2008-11-22 08:44 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:02:22.40 ===============
w.k.bradley is offline  
Old 08-08-2009, 07:06 PM   #19
Security Team
Analyst
 
thewall's Avatar
 
Join Date: Jun 2009
Location: Florida
Posts: 981
OS: Windows XP, Windows 7, Windows 8



Good news. Everything looks clean.

Let's do some cleaning up of our tools and then I have some suggestions for helping you to keep from becoming reinfected.

We will now uninstall ComboFix:

Go to Start > Run - type in ComboFix /u (case insensitive) >>OK


You can now delete RootRepeal and GMER if they are still on your Desktop.



Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  1. Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  2. Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  3. Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  4. Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  5. Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  6. Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  7. Finally, this is very important. It is absolutely essential to keep all of your security programs up to date




If you have any other questions or issues feel free to ask as I will be checking back on this topic.



Other than that if there is nothing else I can do for you then I wish you good luck in the future and thank you for using our forum.


thewall
__________________
thewall is offline  
Old 08-13-2009, 05:50 AM   #20
Security Team
Analyst
 
thewall's Avatar
 
Join Date: Jun 2009
Location: Florida
Posts: 981
OS: Windows XP, Windows 7, Windows 8



Since this issue appears to be resolved ... this Topic has been closed.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
__________________
thewall is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:40 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts