Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Google searches redirect to different sites

This is a discussion on Google searches redirect to different sites within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi, Whenever I use Google on either Firefox (3.5.7), or Internet Explorer (IE8), the search results come up fine. However,


Closed Thread
 
Thread Tools Search this Thread
Old 01-31-2010, 10:22 AM   #1
Registered Member
 
Join Date: Jan 2010
Posts: 4
OS: Windows Vista



Hi,

Whenever I use Google on either Firefox (3.5.7), or Internet Explorer (IE8), the search results come up fine. However, when I click on a result, it SOMETIMES redirects me to some other, random page. Other times it works ok.

Please help!

Here is a HijackThis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:42, on 31/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-21-1357454510-2622567830-3639993878-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LogMeInRemoteUser')
O4 - S-1-5-21-1357454510-2622567830-3639993878-1001 User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'LogMeInRemoteUser')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - https://help.broadbandassist.com/bbde...ivePreQual.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 14876 bytes

Thanks in advance!
mintyman is offline  
Sponsored Links
Advertisement
 
Old 01-31-2010, 11:45 AM   #2
Registered Member
 
Join Date: Jan 2010
Posts: 4
OS: Windows Vista



From the look of things, the ComboFix seems to be recommended to everyone with this problem, so I took the liberty of running it myself. Here is the log file:

ComboFix 10-01-30.07 - Jim 31/01/2010 19:29:58.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2036.1055 [GMT 0:00]
Running from: c:\users\Jim\Desktop\comfix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-31 19:36 . 2010-01-31 19:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-31 19:36 . 2010-01-31 19:36 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-01-31 19:36 . 2010-01-31 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-31 19:36 . 2010-01-31 19:36 -------- d-----w- c:\users\Darren\AppData\Local\temp
2010-01-31 18:18 . 2010-01-31 18:18 -------- d-----w- c:\program files\Trend Micro
2010-01-31 17:44 . 2009-12-14 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100131.003\NAVENG.SYS
2010-01-31 17:44 . 2009-12-14 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100131.003\EECTRL.SYS
2010-01-31 17:44 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100131.003\CCERASER.DLL
2010-01-31 17:44 . 2009-12-14 09:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100131.003\ECMSVR32.DLL
2010-01-31 17:44 . 2009-12-14 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100131.003\NAVENG32.DLL
2010-01-31 17:44 . 2009-12-14 09:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100131.003\NAVEX32A.DLL
2010-01-31 17:44 . 2009-12-14 09:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100131.003\NAVEX15.SYS
2010-01-31 17:44 . 2009-12-14 09:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100131.003\ERASER.SYS
2010-01-31 17:19 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2010-01-31 17:19 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-01-31 16:48 . 2010-01-31 17:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-31 16:48 . 2010-01-31 16:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-31 15:55 . 2010-01-31 15:55 -------- d-----w- c:\program files\ESET
2010-01-31 12:18 . 2009-12-14 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100130.021\NAVENG.SYS
2010-01-31 12:18 . 2009-12-14 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100130.021\EECTRL.SYS
2010-01-31 12:18 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100130.021\CCERASER.DLL
2010-01-31 12:18 . 2009-12-14 09:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100130.021\ECMSVR32.DLL
2010-01-31 12:18 . 2009-12-14 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100130.021\NAVENG32.DLL
2010-01-31 12:18 . 2009-12-14 09:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100130.021\NAVEX32A.DLL
2010-01-31 12:18 . 2009-12-14 09:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100130.021\NAVEX15.SYS
2010-01-31 12:18 . 2009-12-14 09:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100130.021\ERASER.SYS
2010-01-30 15:10 . 2009-11-20 03:02 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100128.002\SymIDSCo.sys
2010-01-30 15:10 . 2009-11-20 03:02 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100128.002\Scxpx86.dll
2010-01-30 15:10 . 2009-11-20 03:02 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100128.002\IDSvix86.sys
2010-01-30 15:10 . 2009-11-20 03:02 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100128.002\SymIDSI.dll
2010-01-30 15:10 . 2009-11-20 03:02 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100128.002\IDSxpx86.dll
2010-01-30 15:10 . 2009-11-20 03:02 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100128.002\IDSviA64.sys
2010-01-30 15:10 . 2008-11-21 01:26 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100128.002\IDS9xx86.dll
2010-01-28 12:02 . 2009-11-20 03:02 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100125.001\SymIDSCo.sys
2010-01-28 12:02 . 2009-11-20 03:02 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100125.001\Scxpx86.dll
2010-01-28 12:02 . 2009-11-20 03:02 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100125.001\IDSvix86.sys
2010-01-28 12:02 . 2009-11-20 03:02 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100125.001\SymIDSI.dll
2010-01-28 12:02 . 2009-11-20 03:02 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100125.001\IDSxpx86.dll
2010-01-28 12:02 . 2009-11-20 03:02 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100125.001\IDSviA64.sys
2010-01-28 12:02 . 2008-11-21 01:26 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100125.001\IDS9xx86.dll
2010-01-26 22:27 . 2010-01-26 22:27 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-26 22:11 . 2010-01-22 12:13 3858432 ----a-w- c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\72yilnrt.default\extensions\[email protected]\plugins\npRACtrl.dll
2010-01-26 22:11 . 2010-01-22 11:49 8520 ----a-w- c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\72yilnrt.default\extensions\[email protected]\plugins\ractrlkeyhook.dll
2010-01-26 22:11 . 2010-01-22 11:49 70984 ----a-w- c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\72yilnrt.default\extensions\[email protected]\plugins\LMIProxyHelper.exe
2010-01-26 22:11 . 2010-01-22 11:46 574768 ----a-w- c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\72yilnrt.default\extensions\[email protected]\plugins\LMIGuardianDll.dll
2010-01-26 22:11 . 2010-01-22 11:46 15664 ----a-w- c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\72yilnrt.default\extensions\[email protected]\plugins\LMIGuardianEvt.dll
2010-01-26 22:11 . 2010-01-22 11:46 83256 ----a-w- c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\72yilnrt.default\extensions\[email protected]\plugins\LMIGuardian.exe
2010-01-26 22:06 . 2010-01-26 22:06 0 ----a-w- c:\windows\nsreg.dat
2010-01-26 22:06 . 2010-01-26 22:06 -------- d-----w- c:\users\Jim\AppData\Local\Mozilla
2010-01-26 20:35 . 2010-01-26 20:35 -------- d-----w- c:\users\Jim\AppData\Roaming\Malwarebytes
2010-01-26 20:35 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-26 20:35 . 2010-01-26 20:35 -------- d-----w- c:\programdata\Malwarebytes
2010-01-26 20:35 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-26 20:35 . 2010-01-26 22:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-17 12:06 . 2010-01-17 12:06 -------- d-----w- c:\program files\Windows Portable Devices
2010-01-17 12:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-01-17 12:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-01-17 12:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-01-17 12:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-01-17 12:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-01-17 12:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-01-16 10:52 . 2010-01-14 20:08 58744 ----a-w- c:\programdata\BrowserZinc\browserzinc117.exe
2010-01-16 10:42 . 2010-01-16 10:47 -------- d-----w- c:\windows\system32\ca-ES
2010-01-16 10:42 . 2010-01-16 10:46 -------- d-----w- c:\windows\system32\eu-ES
2010-01-16 10:42 . 2010-01-16 10:46 -------- d-----w- c:\windows\system32\vi-VN
2010-01-16 10:32 . 2010-01-16 10:32 -------- d-----w- C:\be73ae461fe1d8d2d28bb1f79ec322
2010-01-13 08:24 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 08:24 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-11 13:44 . 2010-01-31 12:50 -------- d-----w- c:\program files\BrowserZinc
2010-01-11 13:44 . 2010-01-26 23:38 -------- d-----w- c:\programdata\BrowserZinc
2010-01-06 12:51 . 2010-01-06 15:11 1956072 ----a-w- c:\users\Jim\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-01-06 12:38 . 2010-01-06 12:38 -------- d-----w- c:\program files\VideoCodec
2010-01-05 16:12 . 2010-01-08 16:06 -------- d-----w- c:\users\Jim\AppData\Local\yskdwb
2010-01-05 16:11 . 2010-01-26 23:38 -------- d-----w- c:\program files\XVID Codec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 17:23 . 2008-11-21 11:41 -------- d-----w- c:\program files\Dell DataSafe Online
2010-01-31 13:42 . 2008-12-01 19:49 88000 ----a-w- c:\users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-31 13:30 . 2010-01-31 13:30 -------- d-----w- c:\users\Darren\AppData\Roaming\Symantec
2010-01-31 13:30 . 2010-01-31 13:30 -------- d-----w- c:\users\Darren\AppData\Roaming\Dell
2010-01-31 12:00 . 2008-12-01 22:49 -------- d-----w- c:\program files\LogMeIn
2010-01-20 21:48 . 2008-12-15 00:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 12:06 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-17 12:06 . 2010-01-17 12:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-01-16 10:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-01-16 10:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-16 10:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-01-16 10:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-01-16 10:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-01-16 10:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-16 10:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-01-14 11:12 . 2009-12-29 17:27 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 03:00 . 2008-12-01 21:11 -------- d-----w- c:\programdata\Microsoft Help
2010-01-11 13:43 . 2010-01-11 13:43 -------- dc-h--w- c:\programdata\{D2558229-AEF7-4728-9027-10643CDE6C91}
2010-01-11 13:43 . 2010-01-11 13:43 -------- d-----w- c:\program files\PornaZtar Toolbar
2010-01-05 11:42 . 2010-01-11 13:43 3034282 -c--a-w- c:\programdata\{D2558229-AEF7-4728-9027-10643CDE6C91}\Setup.exe
2010-01-05 11:42 . 2010-01-11 13:43 851968 -c--a-w- c:\programdata\{D2558229-AEF7-4728-9027-10643CDE6C91}\OFFLINE\mFileBagIDE.dll\bag\mvbpx.exe
2010-01-05 11:42 . 2010-01-11 13:43 1302528 -c--a-w- c:\programdata\{D2558229-AEF7-4728-9027-10643CDE6C91}\OFFLINE\3A0AAFF0\B94081D6\mvbsvc.exe
2010-01-05 11:42 . 2010-01-11 13:43 917504 -c--a-w- c:\programdata\{D2558229-AEF7-4728-9027-10643CDE6C91}\OFFLINE\53CCABA1\B94081D6\mvbdl.exe
2010-01-05 11:42 . 2010-01-11 13:43 868352 -c--a-w- c:\programdata\{D2558229-AEF7-4728-9027-10643CDE6C91}\OFFLINE\93CE9E2B\B94081D6\mvbasst.exe
2010-01-05 11:42 . 2010-01-11 13:43 999424 -c--a-w- c:\programdata\{D2558229-AEF7-4728-9027-10643CDE6C91}\OFFLINE\75918810\B94081D6\mvbapp.exe
2010-01-05 10:37 . 2010-01-11 13:43 204800 -c--a-w- c:\programdata\{D2558229-AEF7-4728-9027-10643CDE6C91}\OFFLINE\mFileBagIDE.dll\bag\mvbsh.dll
2010-01-05 10:20 . 2010-01-11 13:43 292029 -c--a-w- c:\programdata\{D2558229-AEF7-4728-9027-10643CDE6C91}\OFFLINE\mFileBagIDE.dll\bag\mvbterm.exe
2009-12-30 17:32 . 2009-11-06 16:14 88000 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-22 18:25 . 2009-06-16 13:05 -------- d-----w- c:\program files\Ruckus Buck's Dangerous Mines
2009-12-17 15:08 . 2009-12-17 15:08 -------- d-----w- c:\programdata\WindowsSearch
2009-12-17 14:06 . 2009-12-16 13:38 -------- d-----w- c:\programdata\Norton
2009-12-17 08:01 . 2010-01-11 13:43 81920 -c--a-w- c:\programdata\{D2558229-AEF7-4728-9027-10643CDE6C91}\OFFLINE\mFileBagIDE.dll\bag\LRI.dll
2009-12-17 08:01 . 2010-01-11 13:43 81920 -c--a-w- c:\programdata\{D2558229-AEF7-4728-9027-10643CDE6C91}\OFFLINE\8356C881\B94081D6\LRI.dll
2009-12-14 09:00 . 2009-12-14 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2009-12-14 09:00 . 2009-12-14 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2009-12-14 09:00 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-12-14 09:00 . 2009-12-14 09:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2009-12-14 09:00 . 2009-12-14 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2009-12-14 09:00 . 2009-12-14 09:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2009-12-14 09:00 . 2009-12-14 09:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2009-12-14 09:00 . 2009-12-14 09:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2009-12-13 17:39 . 2008-12-24 16:23 -------- d-----w- c:\program files\Common Files\Motive
2009-12-10 20:29 . 2009-12-16 13:38 1782128 ----a-w- c:\programdata\Norton\NUA.exe
2009-11-20 03:02 . 2009-11-20 03:02 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\symidsco.sys
2009-11-20 03:02 . 2009-11-20 03:02 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\scxpx86.dll
2009-11-20 03:02 . 2009-11-20 03:02 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvix86.sys
2009-11-20 03:02 . 2009-11-20 03:02 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\SymIDSI.dll
2009-11-20 03:02 . 2009-11-20 03:02 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\idsxpx86.dll
2009-11-20 03:02 . 2009-11-20 03:02 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvia64.sys
2009-11-09 12:31 . 2009-12-12 03:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-12 03:00 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-12 03:00 411648 ----a-w- c:\windows\system32\drivers\http.sys
2008-12-23 14:33 . 2008-12-23 14:33 321 --sh--w- c:\windows\System32\1018955119.sys
2008-11-21 18:55 . 2008-11-21 18:53 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( [email protected]_15.47.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-31 17:19 . 2009-06-15 15:00 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\secur32.dll
+ 2010-01-31 17:19 . 2009-06-15 15:25 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\secur32.dll
+ 2010-01-31 17:19 . 2009-06-15 15:08 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\secur32.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 94720 c:\windows\winsxs\x86_microsoft-windows-ie-setup_31bf3856ad364e35_8.0.6001.18702_none_7c2a7e005d93bd9b\inseng.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iesetup.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iernonce.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 59904 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_8.0.6001.18702_none_3d86a1c07a097782\icardie.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 34816 c:\windows\winsxs\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_8.0.6001.18702_none_20dfeb2e08d9ec0a\imgutil.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 66560 c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\wextract.exe
+ 2010-01-31 17:20 . 2009-12-10 13:03 69120 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22963_none_84246a436002f224\iecompat.dll
+ 2010-01-31 17:20 . 2009-12-10 05:05 69120 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18872_none_838efd4246ee54f4\iecompat.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_8.0.6001.18702_none_d658a8dacff20c9e\mshtmler.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 66560 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.6001.18702_none_2b140bc159303551\mshtmled.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 45568 c:\windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.6001.18702_none_3c45119b1f28ff3d\mshta.exe
+ 2010-01-31 17:20 . 2009-03-08 11:31 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedssync.exe
+ 2010-01-31 17:20 . 2009-03-08 11:31 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedsbs.dll
+ 2010-01-31 17:20 . 2009-03-08 11:34 43008 c:\windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.6001.18702_none_accc7a4465be292a\licmgr10.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\admparse.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\WininetPlugin.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\jsproxy.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 18944 c:\windows\winsxs\x86_microsoft-windows-i..tivexpolicyprovider_31bf3856ad364e35_8.0.6001.18702_none_6f561c09617d9439\corpol.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 46592 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_8.0.6001.18702_none_d0b191832934e44c\pngfilt.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 66560 c:\windows\System32\wextract.exe
+ 2008-01-21 01:58 . 2010-01-31 18:08 45882 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-01-31 18:08 75892 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-31 17:20 . 2009-03-08 11:31 46592 c:\windows\System32\pngfilt.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 48128 c:\windows\System32\mshtmler.dll
- 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\System32\mshtmler.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 66560 c:\windows\System32\mshtmled.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 45568 c:\windows\System32\mshta.exe
- 2008-01-21 02:23 . 2008-01-21 02:23 45568 c:\windows\System32\mshta.exe
+ 2010-01-31 17:20 . 2009-03-08 11:31 13312 c:\windows\System32\msfeedssync.exe
+ 2010-01-31 17:20 . 2009-03-08 11:31 55296 c:\windows\System32\msfeedsbs.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2009-06-11 17:43 . 2009-04-11 06:28 64512 c:\windows\System32\migration\WininetPlugin.dll
+ 2010-01-31 17:20 . 2009-03-08 11:34 43008 c:\windows\System32\licmgr10.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 25600 c:\windows\System32\jsproxy.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 94720 c:\windows\System32\inseng.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 34816 c:\windows\System32\imgutil.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 71680 c:\windows\System32\iesetup.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 55808 c:\windows\System32\iernonce.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 59904 c:\windows\System32\icardie.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 18944 c:\windows\System32\corpol.dll
- 2008-12-01 19:47 . 2010-01-31 15:30 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-01 19:47 . 2010-01-31 18:00 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-01 19:47 . 2010-01-31 15:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-01 19:47 . 2010-01-31 18:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-31 17:20 . 2009-03-08 11:32 72704 c:\windows\System32\admparse.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 72704 c:\windows\System32\admparse.dll
+ 2009-12-18 12:10 . 2010-01-31 18:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-18 12:10 . 2010-01-31 15:31 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-18 12:10 . 2010-01-31 18:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-18 12:10 . 2010-01-31 15:31 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-21 11:41 . 2010-01-31 17:24 69632 c:\windows\Installer\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}\DataSafeOnline.exe_1A8DCE2BACA54C36BCEAFB4AA008128B.exe
- 2008-11-21 11:41 . 2009-01-12 11:38 69632 c:\windows\Installer\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}\DataSafeOnline.exe_1A8DCE2BACA54C36BCEAFB4AA008128B.exe
+ 2008-11-21 11:41 . 2010-01-31 17:24 69632 c:\windows\Installer\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}\ARPPRODUCTICON.exe
- 2008-11-21 11:41 . 2009-01-12 11:38 69632 c:\windows\Installer\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}\ARPPRODUCTICON.exe
+ 2010-01-31 17:19 . 2009-06-15 12:51 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
+ 2010-01-31 17:19 . 2009-06-15 13:03 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
+ 2010-01-31 17:19 . 2009-06-15 12:59 7680 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
+ 2010-01-31 17:20 . 2009-03-08 11:35 2048 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18702_none_83daaad046b59436\iecompat.dll
+ 2008-12-01 19:50 . 2010-01-31 18:08 9828 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1357454510-2622567830-3639993878-1000_UserData.bin
+ 2010-01-31 18:00 . 2010-01-31 18:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-31 15:30 . 2010-01-31 15:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-31 15:30 . 2010-01-31 15:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-31 18:00 . 2010-01-31 18:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-31 17:19 . 2009-06-15 15:00 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22152_none_2452506b6bad8187\schannel.dll
+ 2010-01-31 17:19 . 2009-06-15 14:53 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18051_none_23c7b3565290c866\schannel.dll
+ 2010-01-31 17:19 . 2009-06-15 15:25 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22450_none_2269ddef6e88f9b5\schannel.dll
+ 2010-01-31 17:19 . 2009-06-15 15:24 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18272_none_21cc9ffa5579c754\schannel.dll
+ 2010-01-31 17:19 . 2009-06-15 15:08 272384 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.21067_none_207fa79f71646c31\schannel.dll
+ 2010-01-31 17:19 . 2009-06-15 15:28 272384 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16870_none_1fe460c0585503b5\schannel.dll
+ 2010-01-31 17:19 . 2009-06-15 14:59 217600 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22152_none_7eeef23078f56dde\msv1_0.dll
+ 2010-01-31 17:19 . 2009-06-15 14:53 218624 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18051_none_7e64551b5fd8b4bd\msv1_0.dll
+ 2010-01-31 17:19 . 2009-06-15 15:24 213504 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22450_none_7d067fb47bd0e60c\msv1_0.dll
+ 2010-01-31 17:19 . 2009-06-15 15:22 213504 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18272_none_7c6941bf62c1b3ab\msv1_0.dll
+ 2010-01-31 17:19 . 2009-06-15 15:06 216576 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21067_none_7b1c49647eac5888\msv1_0.dll
+ 2010-01-31 17:19 . 2009-06-15 15:25 216576 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16870_none_7a810285659cf00c\msv1_0.dll
+ 2010-01-31 17:19 . 2009-06-15 14:58 500736 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.22152_none_e912e288c7383abe\kerberos.dll
+ 2010-01-31 17:19 . 2009-06-15 14:52 499712 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.18051_none_e8884573ae1b819d\kerberos.dll
+ 2010-01-31 17:19 . 2009-06-15 15:22 500736 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22450_none_e72a700cca13b2ec\kerberos.dll
+ 2010-01-31 17:19 . 2009-06-15 15:21 499712 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.18272_none_e68d3217b104808b\kerberos.dll
+ 2010-01-31 17:19 . 2009-06-15 15:04 496640 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.21067_none_e54039bcccef2568\kerberos.dll
+ 2010-01-31 17:19 . 2009-06-15 15:23 494592 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.16870_none_e4a4f2ddb3dfbcec\kerberos.dll
+ 2010-01-31 17:19 . 2009-06-15 15:00 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22152_none_3d095074931fbe8f\wdigest.dll
+ 2010-01-31 17:19 . 2009-06-15 15:26 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22450_none_3b20ddf895fb36bd\wdigest.dll
+ 2010-01-31 17:19 . 2009-06-15 15:09 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21067_none_3936a7a898d6a939\wdigest.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 420352 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_8.0.6001.18702_none_2b4525a943b273a6\vbscript.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 726528 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18702_none_65cb0af10cefc76a\jscript.dll
+ 2010-01-31 17:20 . 2009-03-08 11:22 156160 c:\windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_8.0.6001.18702_none_aeeaf610b83f2e48\msls31.dll
+ 2009-10-14 05:15 . 2009-07-30 17:42 439880 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\ksecdd.sys
+ 2009-10-14 05:15 . 2009-07-28 06:53 439880 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\ksecdd.sys
+ 2009-10-14 05:15 . 2009-07-28 06:54 408136 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\ksecdd.sys
+ 2010-01-31 17:20 . 2009-03-08 11:35 121344 c:\windows\winsxs\x86_microsoft-windows-js-debuggeride_31bf3856ad364e35_8.0.6001.18702_none_1de359b6148047cc\jsdebuggeride.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 256000 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.6001.18702_none_cb86fb78a76dcdde\ieinstal.exe
+ 2010-01-31 17:20 . 2009-03-08 11:22 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieui.dll
+ 2010-01-31 17:20 . 2009-03-08 11:34 105984 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.6001.18702_none_d315f3a07395d0ed\url.dll
+ 2010-01-31 17:20 . 2009-03-08 11:34 208384 c:\windows\winsxs\x86_microsoft-windows-ie-winfxdocobj_31bf3856ad364e35_8.0.6001.18702_none_d4a239fe30224f93\WinFXDocObj.exe
+ 2010-01-31 17:20 . 2009-03-08 11:33 759296 c:\windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_8.0.6001.18702_none_d02233c4fe8667df\VGX.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18702_none_fe7d3c2acfc7f690\iesysprep.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\ie4uinit.exe
+ 2010-01-31 17:20 . 2009-03-08 21:09 140128 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\sqmapi.dll
+ 2010-01-31 17:20 . 2009-03-08 11:34 193536 c:\windows\winsxs\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_8.0.6001.18702_none_aa7d60ae7286ab24\msrating.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 109568 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\PDMSetup.exe
+ 2010-01-31 17:20 . 2009-01-08 01:20 355832 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\pdm.dll
+ 2010-01-31 17:20 . 2009-01-08 01:20 265720 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\msdbg2.dll
+ 2010-01-31 17:20 . 2009-03-08 11:34 236544 c:\windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.6001.18702_none_44170552678500f2\webcheck.dll
+ 2010-01-31 17:20 . 2009-03-08 11:34 109568 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18702_none_1a118a8629ee860e\occache.dll
+ 2010-01-31 17:20 . 2009-03-08 11:35 233984 c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_8.0.6001.18702_none_d5ea1c01e3fe67ea\jsprofilerui.dll
+ 2010-01-31 17:20 . 2009-03-08 11:35 118272 c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_8.0.6001.18702_none_ed92bec9472aab53\JSProfilerCore.dll
+ 2010-01-31 17:20 . 2009-03-08 11:35 521216 c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.6001.18702_none_9d577137e370ad2c\jsdbgui.dll
+ 2010-01-31 17:20 . 2009-03-08 21:09 638816 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
+ 2010-01-31 17:20 . 2009-03-08 11:33 132608 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\ieUnatt.exe
+ 2010-01-31 17:20 . 2009-03-08 11:35 144384 c:\windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.6001.18702_none_10e8e2fad95106ab\ExtExport.exe
+ 2010-01-31 17:20 . 2009-03-08 11:32 169472 c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\iexpress.exe
+ 2010-01-31 17:20 . 2009-03-08 11:33 196096 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18702_none_2a78524fb0047330\IEShims.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 246784 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18702_none_731a06b9605c0cc2\ieproxy.dll
+ 2010-01-31 17:20 . 2009-03-08 11:34 115712 c:\windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.6001.18702_none_e9612e8087062a88\ielowutil.exe
+ 2010-01-31 17:20 . 2009-03-08 11:33 125952 c:\windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_8.0.6001.18702_none_a0d17792aa595b3e\iecleanup.exe
+ 2010-01-31 17:20 . 2009-03-08 11:33 103936 c:\windows\winsxs\x86_microsoft-windows-ie-gc-setdepnx_31bf3856ad364e35_8.0.6001.18702_none_9396116207a33bbc\SetDepNx.exe
+ 2010-01-31 17:20 . 2009-03-08 11:33 107520 c:\windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.6001.18702_none_0ad3f877399acafc\RegisterIEPKEYs.exe
+ 2010-01-31 17:20 . 2009-03-08 11:32 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18702_none_42d1aca65041d4fb\msfeeds.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 216064 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtrans.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 348160 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtmsft.dll
+ 2010-01-31 17:20 . 2009-03-08 11:35 742912 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.18702_none_1e902f2a55a1ce84\iedvtool.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 183808 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18702_none_1faea70907d94aa5\iepeers.dll
+ 2010-01-31 17:20 . 2009-03-08 11:11 445952 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 163840 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieakui.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 229376 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieaksie.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 125952 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_8.0.6001.18702_none_87015889ddff063f\ieakeng.dll
+ 2010-01-31 17:20 . 2009-03-08 21:09 391536 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18702_none_573b8ed36d48a30a\iedkcs32.dll
+ 2010-01-31 17:20 . 2009-03-08 11:34 914944 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.18702_none_c3b0c8fe923e1b1f\mstime.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 107008 c:\windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.6001.18702_none_eb622404d6d4cb81\SetIEInstalledDate.exe
+ 2010-01-31 17:20 . 2009-03-08 11:32 128512 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_8.0.6001.18702_none_8eb687d4089bfe4d\advpack.dll
+ 2010-01-31 17:20 . 2009-03-08 11:34 914944 c:\windows\System32\wininet.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 208384 c:\windows\System32\WinFXDocObj.exe
+ 2010-01-31 17:20 . 2009-03-08 11:34 208384 c:\windows\System32\WinFXDocObj.exe
+ 2010-01-31 17:20 . 2009-03-08 11:34 236544 c:\windows\System32\webcheck.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 420352 c:\windows\System32\vbscript.dll
+ 2010-01-31 17:20 . 2009-03-08 11:34 105984 c:\windows\System32\url.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 105984 c:\windows\System32\url.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 107008 c:\windows\System32\SetIEInstalledDate.exe
+ 2010-01-31 17:20 . 2009-03-08 11:33 103936 c:\windows\System32\SetDepNx.exe
+ 2010-01-31 17:20 . 2009-03-08 11:33 107520 c:\windows\System32\RegisterIEPKEYs.exe
- 2006-11-02 10:33 . 2010-01-31 15:38 602846 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-01-31 18:04 602846 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-01-31 18:04 106292 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-01-31 15:38 106292 c:\windows\System32\perfc009.dat
+ 2010-01-31 17:20 . 2009-03-08 11:33 109568 c:\windows\System32\PDMSetup.exe
+ 2010-01-31 17:20 . 2009-03-08 11:34 109568 c:\windows\System32\occache.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 611840 c:\windows\System32\mstime.dll
+ 2010-01-31 17:20 . 2009-03-08 11:34 193536 c:\windows\System32\msrating.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 156160 c:\windows\System32\msls31.dll
+ 2010-01-31 17:20 . 2009-03-08 11:22 156160 c:\windows\System32\msls31.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 594432 c:\windows\System32\msfeeds.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 726528 c:\windows\System32\jscript.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 169472 c:\windows\System32\iexpress.exe
+ 2010-01-31 17:20 . 2009-03-08 11:33 132608 c:\windows\System32\ieUnatt.exe
+ 2010-01-31 17:20 . 2009-03-08 11:22 164352 c:\windows\System32\ieui.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 109056 c:\windows\System32\iesysprep.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 183808 c:\windows\System32\iepeers.dll
+ 2010-01-31 17:20 . 2009-03-08 21:09 391536 c:\windows\System32\iedkcs32.dll
+ 2010-01-31 17:20 . 2009-03-08 11:11 445952 c:\windows\System32\ieapfltr.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 163840 c:\windows\System32\ieakui.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 229376 c:\windows\System32\ieaksie.dll
+ 2010-01-31 17:20 . 2009-03-08 11:33 125952 c:\windows\System32\ieakeng.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 173056 c:\windows\System32\ie4uinit.exe
+ 2010-01-31 17:20 . 2009-03-08 11:31 216064 c:\windows\System32\dxtrans.dll
+ 2010-01-31 17:20 . 2009-03-08 11:31 348160 c:\windows\System32\dxtmsft.dll
+ 2010-01-31 17:28 . 2010-01-31 18:11 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2008-12-01 19:47 . 2010-01-31 18:00 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-01 19:47 . 2010-01-31 15:30 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-31 17:20 . 2009-03-08 11:32 128512 c:\windows\System32\advpack.dll
+ 2010-01-31 17:30 . 2010-01-31 19:06 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-12-18 12:10 . 2010-01-31 15:31 163840 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-18 12:10 . 2010-01-31 18:00 163840 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-31 17:19 . 2009-06-15 14:58 1259008 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsasrv.dll
+ 2010-01-31 17:19 . 2009-06-15 15:25 1257984 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsasrv.dll
+ 2010-01-31 17:19 . 2009-06-15 15:04 1235456 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsasrv.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 1985024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\iertutil.dll
+ 2010-01-31 17:20 . 2009-03-08 11:41 5937152 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18702_none_f62e34f637f4eb79\mshtml.dll
+ 2010-01-31 17:20 . 2009-02-07 04:07 3698584 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dat
+ 2010-01-31 17:20 . 2009-03-08 11:34 1206784 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18702_none_97ce3a35ec955bb0\urlmon.dll
+ 2010-01-31 17:20 . 2009-03-08 11:34 1206784 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2010-01-31 17:59 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2010-01-23 15:17 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-01-31 17:20 . 2009-03-08 11:41 5937152 c:\windows\System32\mshtml.dll
+ 2010-01-31 17:20 . 2009-03-08 11:32 1985024 c:\windows\System32\iertutil.dll
+ 2010-01-31 17:20 . 2009-02-07 04:07 3698584 c:\windows\System32\ieapfltr.dat
+ 2010-01-31 17:24 . 2010-01-31 17:24 4782080 c:\windows\Installer\8b2b0.msi
+ 2010-01-31 17:20 . 2009-03-08 11:39 11063808 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieframe.dll
+ 2010-01-31 17:20 . 2009-03-08 11:39 11063808 c:\windows\System32\ieframe.dll
+ 2009-05-15 02:00 . 2010-01-31 17:20 256738594 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-21 39408]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-26 30192]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"SSC Service Utility"="c:\program files\SSC Service Utility\ssc_serv.exe" [2007-10-09 665600]

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-21 11:37 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):56,43,29,18,9a,96,ca,01

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100128.002\IDSvix86.sys [30/01/2010 15:10 286768]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [05/12/2007 06:17 77824]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [23/09/2008 22:09 155648]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [08/01/2008 02:50 149352]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [01/12/2008 22:49 47640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [31/01/2010 16:48 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/09/2009 02:01 102448]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 11:31 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [08/01/2008 02:46 23888]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [06/11/2009 11:46 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/11/2008 11:28 30192]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-18 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Jim.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-01-08 02:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: motive.com\pbttbc.bt
FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\72yilnrt.default\
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\72yilnrt.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-01-31 19:36
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, https://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84E26856]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8299dd24
\Driver\ACPI -> acpi.sys @ 0x80691d68
\Driver\atapi -> ataport.SYS @ 0x807a7a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nyecebpruoenpiy]
"imagepath"="\??\c:\windows\TEMP\BF1.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-01-31 19:39:46
ComboFix-quarantined-files.txt 2010-01-31 19:39
ComboFix2.txt 2010-01-31 15:50

Pre-Run: 104,174,305,280 bytes free
Post-Run: 104,155,791,360 bytes free

- - End Of File - - CD94776052CDE2F46724321A46579FC3


Not tested browser since running it. Will keep you posted.

Anything in here that I should be aware of?
mintyman is offline  
Old 01-31-2010, 11:54 AM   #3
Registered Member
 
Join Date: Jan 2010
Posts: 4
OS: Windows Vista



Update: Browsers still being randomly re-directed! Argh ....I want: to cry :o(

Please help!
mintyman is offline  
Sponsored Links
Advertisement
 
Old 02-01-2010, 11:11 AM   #4
Registered Member
 
Join Date: Jan 2010
Posts: 4
OS: Windows Vista



Anyone able to help with this?
mintyman is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:03 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts