Computer Hope
Software => Computer viruses and spyware => Topic started by: jim.mar on January 25, 2012, 01:23:45 PM
-
I am not sure that this problem is a virus or not. It all started when I OKed an uupdate on my computer with service pack 1 (running windows 7 home premium).
I have a desktop computer that has had internet access via cable and ethernet input for years. A few years ago I installed a wireless router to allow me to access the internet on my laptop via wifi. Yesterday my main computer (the desktop) was unable to access the internet. Accept, once in a while (and while trying to use Chrome as my browser), I can get on to facebook. but not anything else.. Internet Explorer tries but cannot respond, the same happens with Firefox. I know that my internet connection, cable, is working because;
1) I do get facebook occasionally and
2) I can get full access to the internet with my laptop on wifi thru the browser.
I tried disconnecting the ethernet cable and immediately got an error message telling me about it.
My machine is running Windows 7 home premium, 64 bit
with an AMD Athlon II x4 processor on 4 GB of ram.
All of this started after I had updated my os with service pack 1. I have tried going back to before Service Pack 1, with "RESTORE" with no luck. I ran "malwarebytes" and "Superantispyware" (found one trojan") still no luck. Does anyone have any suggestions??
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.
(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)
Checkmark the following boxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List content of Hosts
- List IP Configuration
- Lst Last 10 Event Viewer Errors
- List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post. .
-
SUPER DAVE: Thanks for the comeback. I have done as you have instructed. Log follows:
MiniToolBox by Farbar Version: 18-01-2012
Ran by JIM (administrator) on 26-01-2012 at 10:53:18
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Atheros AR8131 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Rosie
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 6C-62-6D-7B-E8-97
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ac85:8b9d:d728:28b6%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, January 26, 2012 9:13:49 AM
Lease Expires . . . . . . . . . . : Friday, January 27, 2012 9:13:49 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 241984109
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-51-00-58-6C-62-6D-7B-E8-97
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{9F8D9178-14EC-465A-9768-9E35F078DAD7}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 10:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c4f:2c46:b3a6:cf5a(Preferred)
Link-local IPv6 Address . . . . . : fe80::c4f:2c46:b3a6:cf5a%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.224.177
74.125.224.178
74.125.224.179
74.125.224.180
74.125.224.176
Pinging google.com [74.125.224.210] with 32 bytes of data:
Reply from 74.125.224.210: bytes=32 time=28ms TTL=54
Reply from 74.125.224.210: bytes=32 time=27ms TTL=53
Ping statistics for 74.125.224.210:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 27ms, Maximum = 28ms, Average = 27ms
Server: UnKnown
Address: 192.168.1.1
Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56
Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=48ms TTL=52
Reply from 98.137.149.56: bytes=32 time=44ms TTL=52
Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 44ms, Maximum = 48ms, Average = 46ms
Server: UnKnown
Address: 192.168.1.1
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 4ms, Average = 3ms
===========================================================================
Interface List
9...6c 62 6d 7b e8 97 ......Atheros AR8131 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.6 276
192.168.1.6 255.255.255.255 On-link 192.168.1.6 276
192.168.1.255 255.255.255.255 On-link 192.168.1.6 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.6 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.6 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:4137:9e76:c4f:2c46:b3a6:cf5a/128
On-link
9 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::c4f:2c46:b3a6:cf5a/128
On-link
9 276 fe80::ac85:8b9d:d728:28b6/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
9 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Event log errors: ===============================
Application errors:
==================
Error: (01/26/2012 10:18:11 AM) (Source: Application Hang) (User: )
Description: The program WINWORD.EXE version 9.0.0.3822 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 130c
Start Time: 01ccdc499ee585ce
Termination Time: 1545
Application Path: C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
Report Id: a9d22c57-4841-11e1-be39-6c626d7be897
Error: (01/26/2012 09:49:28 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1500
Start Time: 01ccdc4a680f98ba
Termination Time: 0
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report Id: b34ab9e8-483d-11e1-be39-6c626d7be897
Error: (01/26/2012 09:49:27 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x000a1d68
Faulting process id: 0x358
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (01/26/2012 09:39:51 AM) (Source: Application Hang) (User: )
Description: The program Explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 880
Start Time: 01ccdc4900e072f4
Termination Time: 31
Application Path: C:\Windows\Explorer.exe
Report Id: 588a23ee-483c-11e1-be39-6c626d7be897
Error: (01/26/2012 09:38:59 AM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 7dc
Start Time: 01ccdb96b09f3b28
Termination Time: 60000
Application Path: C:\Windows\Explorer.EXE
Report Id: 132a2921-483c-11e1-be39-6c626d7be897
Error: (01/25/2012 01:52:41 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 984
Start Time: 01ccdba3346b3da9
Termination Time: 0
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report Id: 82f36757-4796-11e1-be39-6c626d7be897
Error: (01/25/2012 01:19:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\
manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_
fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_
microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/25/2012 00:35:57 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1300
Start Time: 01ccdb9879f3f92a
Termination Time: 0
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report Id: c8cab042-478b-11e1-be39-6c626d7be897
Error: (01/25/2012 00:35:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x000a1d68
Faulting process id: 0xf80
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (01/25/2012 00:26:29 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1068
Start Time: 01ccdb97226d3167
Termination Time: 15
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report Id: 750a572d-478a-11e1-be39-6c626d7be897
System errors:
=============
Error: (01/26/2012 10:48:19 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.
Error: (01/26/2012 10:48:18 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.
Error: (01/26/2012 10:48:17 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.
Error: (01/26/2012 10:19:17 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom1, has a bad block.
Error: (01/26/2012 10:19:10 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom1, has a bad block.
Error: (01/26/2012 10:19:04 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom1, has a bad block.
Error: (01/26/2012 10:18:58 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom1, has a bad block.
Error: (01/26/2012 10:18:51 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom1, has a bad block.
Error: (01/26/2012 10:18:43 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom1, has a bad block.
Error: (01/26/2012 10:18:37 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom1, has a bad block.
Microsoft Office Sessions:
=========================
Error: (01/26/2012 10:18:11 AM) (Source: Application Hang)(User: )
Description: WINWORD.EXE9.0.0.3822130c01ccdc499ee585 ce1545C:\Program Files (x86)\
Microsoft Office\Office\WINWORD.EXEa9d22c57-4841-11e1-be39-6c626d7be897
Error: (01/26/2012 09:49:28 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7601.17514150001ccdc4a6 80f98ba0C:\Program Files (x86)\
Internet Explorer\iexplore.exeb34ab9e8-483d-11e1-be39-6c626d7be897
Error: (01/26/2012 09:49:27 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912ntdll .dll6.1.7601.
177254ec49b8fc0000005000a1d6835801ccdc4 a7777e0ddC:\Program Files (x86)\
Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dllb53c3980-483d-11e1-be39-6c626d7be897
Error: (01/26/2012 09:39:51 AM) (Source: Application Hang)(User: )
Description: Explorer.exe6.1.7601.1756788001ccdc4900 e072f431C:\Windows\Explorer.
exe588a23ee-483c-11e1-be39-6c626d7be897
Error: (01/26/2012 09:38:59 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.175677dc01ccdb96b0 9f3b2860000C:\Windows\Explorer.
EXE132a2921-483c-11e1-be39-6c626d7be897
Error: (01/25/2012 01:52:41 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7601.1751498401ccdba334 6b3da90C:\Program Files (x86)\
Internet Explorer\iexplore.exe82f36757-4796-11e1-be39-6c626d7be897
Error: (01/25/2012 01:19:14 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\
Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)
\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (01/25/2012 00:35:57 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7601.17514130001ccdb987 9f3f92a0C:\Program Files (x86)\
Internet Explorer\iexplore.exec8cab042-478b-11e1-be39-6c626d7be897
Error: (01/25/2012 00:35:53 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912ntdll .dll6.1.7601.
177254ec49b8fc0000005000a1d68f8001ccdb9 88d12065aC:\Program Files (x86)\
Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dllcad8c05d-478b-11e1-be39-6c626d7be897
Error: (01/25/2012 00:26:29 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7601.17514106801ccdb972 26d316715C:\Program Files (x86)\
Internet Explorer\iexplore.exe750a572d-478a-11e1-be39-6c626d7be897
========================= Memory info: ===================================
Percentage of memory in use: 34%
Total physical RAM: 4095.18 MB
Available physical RAM: 2676.11 MB
Total Pagefile: 8188.55 MB
Available Pagefile: 6495.71 MB
Total Virtual: 4095.88 MB
Available Virtual: 3951.79 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:244.04 GB) (Free:188.08 GB) NTFS
2 Drive d: (Music) (Fixed) (Total:352.03 GB) (Free:265.06 GB) NTFS
3 Drive e: (Pers data) (Fixed) (Total:63.48 GB) (Free:36.25 GB) NTFS
4 Drive f: (Windows 7) (Fixed) (Total:12.86 GB) (Free:8.7 GB) NTFS
8 Drive l: () (Removable) (Total:3.74 GB) (Free:0.24 GB) FAT32
========================= Users: ========================================
User accounts for \\ROSIE
Administrator Guest JIM
Terri
**** End of log ****
-
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here (http://www.softpedia.com/get/Others/Signatures-Updates/SUPERAntiSpyware-Database-Definitions-Updates.shtml)
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
************************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
****************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.
(http://i424.photobucket.com/albums/pp322/digistar/DDS.jpg)
1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html).Then post your DDS logs. (DDS.txt and Attach.txt )
-
SUPERDAVE: OK, I am scanning with Superantispyware right now as I am writing on my laptop. I had to download the program on the laptop and move it to the desktop. I will copy the log and post it when it is finished. I have to use a flash drive as my laptop CD burner/reader is not compatible with my desktop CD burner/reader
FYI; Last night about 8;30 (mountain standard time) I received a call from somewhere in Asia telling me they were calling on behalf of Microsoft who was getting error reports from my computer, and that they were going to fix it for me. I had a hard time understanding them and when I asked how much they were going to charge me for their services they got very evasive so I hung up on them. Was I right or wrong to do that?
-
FYI; Last night about 8;30 (mountain standard time) I received a call from somewhere in Asia telling me they were calling on behalf of Microsoft who was getting error reports from my computer, and that they were going to fix it for me. I had a hard time understanding them and when I asked how much they were going to charge me for their services they got very evasive so I hung up on them. Was I right or wrong to do that?
You did the correct thing.
-
I received a call from somewhere in Asia telling me they were calling on behalf of Microsoft who was getting error reports from my computer
They come from "sweatshop" call centres in India. We get them here in England quite a lot, at one time I was getting 3 or 4 a week. British Telecom do not sell phone book information to third parties, but what happens is people acquire the paper phone books, guillotine off the spines, scan and OCR the pages, and get enough usable names, addresses and phone numbers to put on CDROMs and sell to "marketing" outfits including these phone spammers. Our landline phone number is listed against my girlfriend's name (let's call her Barbara Jones) but as "B Jones" (no gender specific title like Miss or Mr). My name isn't Jones, so if I answer the ringing phone and I say "Hi" in my male voice and they say "Is that Mr Jones?" I know at once it's one of these phone spammers. The heavy Indian accent gives it away anyhow. They usually say they are calling from the "Microsoft Security Centre" and they have detected "malware" on the computer "registered at your address" (which they quote). I often have fun playing around with these people, pretending to believe them etc. They use dreadful profanity when they realise what I am doing. They will ask you to look in event log, or type ASSOC at the RUN box, or something, and then tell you what you see as "proof" that you are infected, but for only $50 etc, etc.
-
Thank You Salmon Trout (aka B Jones): Now I am a little wiser. That was sthe third one that I have recieved over the past three years. At first I thought that they were legitimate but after they sked for $125.00 for a one year commitment, I wised up. Thanks again. IJIM
-
Super Dave,; following aae the logs for Super Antispy and MBAM. I have yet to do the DDS scan.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/27/2012 at 10:24 AM
Application Version : 5.0.1142
Core Rules Database Version : 8173
Trace Rules Database Version: 5985
Scan type : Quick Scan
Total Scan Time : 00:03:07
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 598
Memory threats detected : 0
Registry items scanned : 31174
Registry threats detected : 29
File items scanned : 11744
File threats detected : 203
Adware.EpicPlay
(x86) HKCR\CLSID\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}
(x86) HKCR\CLSID\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}\InprocServer32
(x86) HKCR\CLSID\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}\ProgID
(x86) HKCR\CLSID\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}\Programmable
(x86) HKCR\CLSID\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}\TypeLib
(x86) HKCR\CLSID\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}\VersionIndependentProgID
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}
(x86) HKCR\CLSID\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}
(x86) HKCR\EpicPlay.TextLinks.1
(x86) HKCR\EpicPlay.TextLinks.1\CLSID
(x86) HKCR\EpicPlay.TextLinks
(x86) HKCR\EpicPlay.TextLinks\CLSID
(x86) HKCR\EpicPlay.TextLinks\CurVer
(x86) HKCR\TypeLib\{7D5716DC-76B4-4421-908C-12A6E587F1C3}
(x86) HKCR\TypeLib\{7D5716DC-76B4-4421-908C-12A6E587F1C3}\1.0
(x86) HKCR\TypeLib\{7D5716DC-76B4-4421-908C-12A6E587F1C3}\1.0\0
(x86) HKCR\TypeLib\{7D5716DC-76B4-4421-908C-12A6E587F1C3}\1.0\0\win32
(x86) HKCR\TypeLib\{7D5716DC-76B4-4421-908C-12A6E587F1C3}\1.0\FLAGS
(x86) HKCR\TypeLib\{7D5716DC-76B4-4421-908C-12A6E587F1C3}\1.0\HELPDIR
C:\PROGRAM FILES (X86)\EPICPLAY\EPICPLAYGAMES.DLL
(x86) HKU\S-1-5-21-3909975552-3371312792-2741729148-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}
(x86) HKCR\Interface\{381F1945-55BB-4760-9050-726888B22C0F}
(x86) HKCR\Interface\{381F1945-55BB-4760-9050-726888B22C0F}\ProxyStubClsid32
(x86) HKCR\Interface\{381F1945-55BB-4760-9050-726888B22C0F}\TypeLib
(x86) HKCR\Interface\{381F1945-55BB-4760-9050-726888B22C0F}\TypeLib#Version
(x86) HKCR\Interface\{B351B62C-A449-4E8B-9A81-9FEB79C24384}
(x86) HKCR\Interface\{B351B62C-A449-4E8B-9A81-9FEB79C24384}\ProxyStubClsid32
(x86) HKCR\Interface\{B351B62C-A449-4E8B-9A81-9FEB79C24384}\TypeLib
(x86) HKCR\Interface\{B351B62C-A449-4E8B-9A81-9FEB79C24384}\TypeLib#Version
Adware.Tracking Cookie
.mediaplex.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
counter.surfcounters.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.r1-ads.ace.advertising.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.mediabrandsww.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.californiastateautomobileassociation.1 12.2o7.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.backingtracksonline.co.uk [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.backingtracksonline.co.uk [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.backingtracksonline.co.uk [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ads.bridgetrack.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ads.bridgetrack.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ads.bridgetrack.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
track.totalvac.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.dealtime.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
stat.dealtime.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
tracking.waterfrontmedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
sales.liveperson.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.edge.ru4.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.edge.ru4.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
segment-pixel.invitemedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ads.neudesicmediagroup.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ads.neudesicmediagroup.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ads.neudesicmediagroup.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.specificmedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
www.kntrack.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
affiliate.utatracker.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
pixel.invitemedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5PEQ3KB4.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
============================================================
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7622
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
1/27/2012 2:26:16 PM
mbam-log-2012-01-27 (14-26-16).txt
Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 459296
Time elapsed: 44 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
SusperDave: Following are the DDSlogs:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by JIM at 11:17:52 on 2012-01-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2638 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Stickies\stickies.exe
C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/MAIL
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Helper.dll
uURLSearchHooks: H - No File
mURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {B9B97401-98E1-4942-930D-C36652DAB7F2} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [DriverCure] C:\Program Files (x86)\ParetoLogic\DriverCure\DriverCure.exe -scan
mRun: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\JIM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Stickies.lnk - C:\Program Files (x86)\Stickies\stickies.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F8D9178-14EC-465A-9768-9E35F078DAD7} : DhcpNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {00000000-0000-0000-0000-000000000000} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB-X64: {B9B97401-98E1-4942-930D-C36652DAB7F2} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-22 44768]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-27 366152]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe [2011-3-20 287024]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;\??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys --> C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [?]
R3 pctNdisMP;PC Tools Driver;C:\Windows\system32\DRIVERS\pctNdis64.sys --> C:\Windows\system32\DRIVERS\pctNdis64.sys [?]
R3 pctplfw;pctplfw;\??\C:\Windows\System32\drivers\pctplfw64.sys --> C:\Windows\System32\drivers\pctplfw64.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;C:\Windows\system32\DRIVERS\pctNdis64.sys --> C:\Windows\system32\DRIVERS\pctNdis64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
.
=============== Created Last 30 ================
.
2012-01-27 20:37:06 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8C8B97EF-6072-4622-8018-0A71D348CBCA}\offreg.dll
2012-01-27 20:33:13 709968 ----a-w- C:\Windows\isRS-000.tmp
2012-01-27 17:17:38 -------- d-----w- C:\Users\JIM\AppData\Roaming\SUPERAntiSpyware.com
2012-01-27 17:16:45 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-01-25 19:56:11 -------- d-----w- C:\Users\JIM\AppData\Roaming\DriverCure
2012-01-25 19:55:40 -------- d-----w- C:\ProgramData\ParetoLogic
2012-01-25 19:55:40 -------- d-----w- C:\ProgramData\DriverCure
2012-01-25 19:55:40 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2012-01-25 19:55:39 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2012-01-25 19:19:50 577536 ----a-w- C:\Windows\SysWow64\ANIWZCS2.dll
2012-01-25 19:19:50 57407 ----a-w- C:\Windows\SysWow64\ANICtl.dll
2012-01-25 19:19:50 49152 ----a-w- C:\Windows\SysWow64\AQCKGen.dll
2012-01-25 19:19:50 192512 ----a-w- C:\Windows\SysWow64\aIPH.dll
2012-01-25 19:19:50 131072 ----a-w- C:\Windows\SysWow64\WlanApp.dll
2012-01-25 19:19:50 1163337 ----a-w- C:\Windows\SysWow64\odSupp_M.dll
2012-01-25 19:19:24 36864 ----a-w- C:\Windows\SysWow64\ANIOApi.dll
2012-01-25 19:19:24 28205 ----a-w- C:\Windows\SysWow64\ANIO.sys
2012-01-25 19:19:24 16997 ----a-w- C:\Windows\SysWow64\ANIO.VXD
2012-01-25 19:19:24 11904 ----a-w- C:\Windows\SysWow64\anio4.sys
2012-01-25 19:19:24 -------- d-----w- C:\Program Files (x86)\ANI
2012-01-25 19:19:17 -------- d-----w- C:\Program Files (x86)\D-Link
2012-01-24 23:44:17 0 ---ha-w- C:\Users\JIM\AppData\Local\BIT1ECD.tmp
2012-01-24 23:42:23 0 ---ha-w- C:\Users\JIM\AppData\Local\BIT606D.tmp
2012-01-24 23:26:37 0 ---ha-w- C:\Users\JIM\AppData\Local\BITCBF.tmp
2012-01-24 23:24:41 0 ---ha-w- C:\Users\JIM\AppData\Local\BIT474E.tmp
2012-01-24 22:57:33 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8C8B97EF-6072-4622-8018-0A71D348CBCA}\mpengine.dll
2012-01-23 23:32:58 -------- d-----w- C:\Windows\System32\SPReview
2012-01-23 23:32:01 -------- d-----w- C:\Windows\System32\EventProviders
2012-01-23 23:30:40 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-23 23:30:25 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-23 23:30:15 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-23 23:30:06 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-17 16:35:13 -------- d-----w- C:\Users\JIM\AppData\Roaming\FCTB000060231
2012-01-11 15:09:32 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 15:09:32 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 15:09:32 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 15:09:31 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 15:09:28 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 15:09:28 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 15:09:19 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 15:09:19 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-10 18:49:08 -------- d-----w- C:\Program Files (x86)\Dogpile Bundle Toolbar
2012-01-10 18:49:04 -------- d-----w- C:\Users\JIM\AppData\Local\The Weather Channel
2012-01-10 18:48:56 -------- d-----w- C:\Program Files (x86)\EpicPlay
.
==================== Find3M ====================
.
2012-01-25 18:37:06 639 ----a-w- C:\Windows\uninstallstickies.bat
2012-01-23 23:41:00 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-01-23 23:40:59 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-12-03 20:16:04 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr
2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-15 21:29:56 270720 ----a-w- C:\Windows\System32\MpSigStub.exe
2011-11-05 17:45:06 1409 ----a-w- C:\Windows\SysWow64\tmp3A218.FOT
2011-11-05 17:45:06 1409 ----a-w- C:\Windows\SysWow64\tmp00318.FOT
2011-11-05 17:45:05 1409 ----a-w- C:\Windows\SysWow64\tmpE6E08.FOT
2011-11-05 17:45:05 1409 ----a-w- C:\Windows\SysWow64\tmpCCE08.FOT
2011-11-05 17:45:05 1409 ----a-w- C:\Windows\SysWow64\tmpA1F08.FOT
2011-11-05 17:45:05 1409 ----a-w- C:\Windows\SysWow64\tmp24018.FOT
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 11:20:35.85 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/18/2011 8:09:53 PM
System Uptime: 1/28/2012 7:28:33 AM (4 hours ago)
.
Motherboard: MSI | | 870-G45 (MS-7599)
Processor: AMD Athlon(tm) II X4 640 Processor | CPU1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 244 GiB total, 186.883 GiB free.
D: is FIXED (NTFS) - 352 GiB total, 265.058 GiB free.
E: is FIXED (NTFS) - 63 GiB total, 36.26 GiB free.
F: is FIXED (NTFS) - 13 GiB total, 8.699 GiB free.
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP220: 1/24/2012 5:33:36 PM - Windows Update
RP221: 1/25/2012 12:10:20 PM - Installed AirPlus G
RP222: 1/27/2012 9:30:14 AM - Windows Update
.
==== Installed Programs ======================
.
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
7-Zip 4.57
ACE-HIGH MP3 WAV WMA OGG Converter
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
AirPlus G
Akamai NetSession Interface Service
ANIO Service
ANIWZCS2 Service
Ask Toolbar
Ask Toolbar Updater
ASUS E-Green Uninstall
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Audacity 1.3.12 (Unicode)
avast! Free Antivirus
AVS Audio Converter version 6.2
AVS Audio Editor version 6.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Belarc Advisor 8.1
Bing Bar
Bing Rewards Client Installer
BufferChm
CanoScan Toolbox Ver4.6
CNET TechTracker
Creative MediaSource 5
Creative Software AutoUpdate
Creative WaveStudio 7
Destinations
DeviceDiscovery
DocMgr
DocProc
Dogpile Bundle Toolbar
DriverFinder
E-Hammer
EpicPlay
ESET Online Scanner v3
Express Burn Disc Burning Software
Express Rip
Facebook Video Calling 1.1.1.1
Fax
FreeRIP v3.6
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Photo and Imaging 2.2 - Scanjet 3970 Series
HP Product Detection
HP Update
HPProductAssistant
HPSSupply
ImagXpress
Java Auto Updater
Java(TM) 6 Update 29
KaraFun 1.18
KRISTAL Audio Engine
LAME v3.98.3 for Audacity
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft Flight Simulator X
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Small Business
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Streets & Trips 2008
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 6-9 Converter
MixPad Audio Mixer
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NCH Toolbar
Nero 7 Essentials
NeroExpress
neroxml
OmniPage SE
ParetoLogic DriverCure
PC Health Doc PDF Reader 0.1
PC Tools Firewall Plus 7.0
Platform
Prism Video File Converter
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
ShareIns
Skype Click to Call
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Sophos Anti-Rootkit 1.5.4
SpywareBlaster 4.4
Status
Stickies 7.0b
SunlitGreen Photo Editor 1.3
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VIA Platform Device Manager
Visual Studio 2008 x64 Redistributables
WebReg
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
1/28/2012 11:11:14 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.
1/28/2012 11:06:20 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
1/27/2012 10:13:25 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5.
1/27/2012 1:34:53 PM, Error: Service Control Manager [7000] - The ANIO Service service failed to start due to the following error: The system cannot find the file specified.
1/25/2012 8:39:36 AM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.
1/25/2012 12:53:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
1/25/2012 12:10:08 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {9C0BA3C1-2B67-45EB-BF69-BED9658D28D2} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding
1/24/2012 8:40:20 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: The process cannot access the file because it is being used by another process.
1/24/2012 8:40:20 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The process cannot access the file because it is being used by another process.
1/24/2012 8:39:31 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The process cannot access the file because it is being used by another process.
1/24/2012 8:39:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
1/24/2012 8:39:30 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/24/2012 8:39:30 AM, Error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.
1/24/2012 8:39:29 AM, Error: Service Control Manager [7023] - The Windows Font Cache Service service terminated with the following error: The process cannot access the file because it is being used by another process.
1/24/2012 5:34:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2572077).
1/24/2012 4:53:01 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/24/2012 4:51:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
1/24/2012 4:51:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/24/2012 4:46:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/24/2012 4:46:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/24/2012 4:46:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/24/2012 4:46:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/24/2012 4:46:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/24/2012 4:46:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/24/2012 4:46:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy pctgntdi Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf
1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/24/2012 4:20:36 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================
Thank you, JIM
-
I strongly recommend that you remove Ask from your computer because it;
•Promotes its toolbars on sites targeted to kids.
•Promotes its toolbars through ads that appear to be part of other companies' sites.
•Promotes its toolbars through other companies' spyware.
•Installs without any disclosure whatsoever and without any consent whatsoever.
•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
See Here (http://www.benedelman.org/spyware/ask-toolbars/) for more info.
If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.
•AskBarDis or anything related to Ask
Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
***************************************************
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.
:OTL
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {B9B97401-98E1-4942-930D-C36652DAB7F2} - No File
mRun: [<NO NAME>]
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: HP Smart BHO Class - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {00000000-0000-0000-0000-000000000000} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB-X64: {B9B97401-98E1-4942-930D-C36652DAB7F2} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
:Files
C:\Windows\isRS-000.tmp
:COMMANDS
[resethosts]
[purity]
[start explorer]
* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***********************************************************
Download Combofix from any of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://"http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html") for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.
-
I ran OTL as instructed. The report follows Also, being as I am running windows7 64 bit should i still do COMBOfix?
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret <UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.> in the current context!
Error: Unable to interpret <IF REQUESTED, ZIP IT UP & ATTACH IT> in the current context!
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret <DDS (Ver_2011-08-26.01)> in the current context!
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret <Microsoft Windows 7 Home Premium > in the current context!
Error: Unable to interpret <Boot Device: \Device\HarddiskVolume1> in the current context!
Error: Unable to interpret <Install Date: 3/18/2011 8:09:53 PM> in the current context!
Error: Unable to interpret <System Uptime: 1/28/2012 7:28:33 AM (4 hours ago)> in the current context!
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret <Motherboard: MSI | | 870-G45 (MS-7599)> in the current context!
Error: Unable to interpret <Processor: AMD Athlon(tm) II X4 640 Processor | CPU1 | 3000/200mhz> in the current context!
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret <==== Disk Partitions =========================> in the current context!
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret <C: is FIXED (NTFS) - 244 GiB total, 186.883 GiB free.> in the current context!
Error: Unable to interpret <D: is FIXED (NTFS) - 352 GiB total, 265.058 GiB free.> in the current context!
Error: Unable to interpret <E: is FIXED (NTFS) - 63 GiB total, 36.26 GiB free.> in the current context!
Error: Unable to interpret <F: is FIXED (NTFS) - 13 GiB total, 8.699 GiB free.> in the current context!
Error: Unable to interpret <G: is CDROM ()> in the current context!
Error: Unable to interpret <H: is CDROM ()> in the current context!
Error: Unable to interpret <I: is CDROM ()> in the current context!
Error: Unable to interpret <L: is Removable> in the current context!
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret <==== Disabled Device Manager Items =============> in the current context!
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret <Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}> in the current context!
Error: Unable to interpret <Description: Officejet 4500 G510n-z> in the current context!
Error: Unable to interpret <Device ID: ROOT\MULTIFUNCTION\0000> in the current context!
Error: Unable to interpret <Manufacturer: HP> in the current context!
Error: Unable to interpret <Name: Officejet 4500 G510n-z> in the current context!
Error: Unable to interpret <PNP Device ID: ROOT\MULTIFUNCTION\0000> in the current context!
Error: Unable to interpret <Service: > in the current context!
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret <==== System Restore Points ===================> in the current context!
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret <RP220: 1/24/2012 5:33:36 PM - Windows Update> in the current context!
Error: Unable to interpret <RP221: 1/25/2012 12:10:20 PM - Installed AirPlus G> in the current context!
Error: Unable to interpret <RP222: 1/27/2012 9:30:14 AM - Windows Update> in the current context!
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret <==== Installed Programs ======================> in the current context!
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret <4500_G510nz_Help> in the current context!
Error: Unable to interpret <4500G510nz> in the current context!
Error: Unable to interpret <4500G510nz_Software_Min> in the current context!
Error: Unable to interpret <7-Zip 4.57> in the current context!
Error: Unable to interpret <ACE-HIGH MP3 WAV WMA OGG Converter> in the current context!
Error: Unable to interpret <Adobe Acrobat 4.0> in the current context!
Error: Unable to interpret <Adobe AIR> in the current context!
Error: Unable to interpret <Adobe Flash Player 10 Plugin> in the current context!
Error: Unable to interpret <Adobe Flash Player 11 ActiveX> in the current context!
Error: Unable to interpret <Adobe Reader X (10.1.1)> in the current context!
Error: Unable to interpret <AirPlus G> in the current context!
Error: Unable to interpret <Akamai NetSession Interface Service> in the current context!
Error: Unable to interpret <ANIO Service> in the current context!
Error: Unable to interpret <ANIWZCS2 Service> in the current context!
Error: Unable to interpret <Ask Toolbar> in the current context!
Error: Unable to interpret <Ask Toolbar Updater> in the current context!
Error: Unable to interpret <ASUS E-Green Uninstall> in the current context!
Error: Unable to interpret <Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver> in the current context!
Error: Unable to interpret <Audacity 1.3.12 (Unicode)> in the current context!
Error: Unable to interpret <avast! Free Antivirus> in the current context!
Error: Unable to interpret <AVS Audio Converter version 6.2> in the current context!
Error: Unable to interpret <AVS Audio Editor version 6.1> in the current context!
Error: Unable to interpret <AVS Update Manager 1.0> in the current context!
Error: Unable to interpret <AVS4YOU Software Navigator 1.4> in the current context!
Error: Unable to interpret <Belarc Advisor 8.1> in the current context!
Error: Unable to interpret <Bing Bar> in the current context!
Error: Unable to interpret <Bing Rewards Client Installer> in the current context!
Error: Unable to interpret <BufferChm> in the current context!
Error: Unable to interpret <CanoScan Toolbox Ver4.6> in the current context!
Error: Unable to interpret <CNET TechTracker> in the current context!
Error: Unable to interpret <Creative MediaSource 5> in the current context!
Error: Unable to interpret <Creative Software AutoUpdate> in the current context!
Error: Unable to interpret <Creative WaveStudio 7> in the current context!
Error: Unable to interpret <Destinations> in the current context!
Error: Unable to interpret <DeviceDiscovery> in the current context!
Error: Unable to interpret <DocMgr> in the current context!
Error: Unable to interpret <DocProc> in the current context!
Error: Unable to interpret <Dogpile Bundle Toolbar> in the current context!
Error: Unable to interpret <DriverFinder> in the current context!
Error: Unable to interpret <E-Hammer> in the current context!
Error: Unable to interpret <EpicPlay> in the current context!
Error: Unable to interpret <ESET Online Scanner v3> in the current context!
Error: Unable to interpret <Express Burn Disc Burning Software> in the current context!
Error: Unable to interpret <Express Rip> in the current context!
Error: Unable to interpret <Facebook Video Calling 1.1.1.1> in the current context!
Error: Unable to interpret <Fax> in the current context!
Error: Unable to interpret <FreeRIP v3.6> in the current context!
Error: Unable to interpret <Google Chrome> in the current context!
Error: Unable to interpret <Google Earth> in the current context!
Error: Unable to interpret <Google Toolbar for Internet Explorer> in the current context!
Error: Unable to interpret <Google Update Helper> in the current context!
Error: Unable to interpret <GPBaseService2> in the current context!
Error: Unable to interpret <HP Photo and Imaging 2.2 - Scanjet 3970 Series> in the current context!
Error: Unable to interpret <HP Product Detection> in the current context!
Error: Unable to interpret <HP Update> in the current context!
Error: Unable to interpret <HPProductAssistant> in the current context!
Error: Unable to interpret <HPSSupply> in the current context!
Error: Unable to interpret <ImagXpress> in the current context!
Error: Unable to interpret <Java Auto Updater> in the current context!
Error: Unable to interpret <Java(TM) 6 Update 29> in the current context!
Error: Unable to interpret <KaraFun 1.18> in the current context!
Error: Unable to interpret <KRISTAL Audio Engine> in the current context!
Error: Unable to interpret <LAME v3.98.3 for Audacity> in the current context!
Error: Unable to interpret <LightScribe System Software> in the current context!
Error: Unable to interpret <Malwarebytes' Anti-Malware version 1.51.2.1300> in the current context!
Error: Unable to interpret <MarketResearch> in the current context!
Error: Unable to interpret <Microsoft Flight Simulator X> in the current context!
Error: Unable to interpret <Microsoft Office 2000 SR-1 Disc 2> in the current context!
Error: Unable to interpret <Microsoft Office 2000 SR-1 Small Business> in the current context!
Error: Unable to interpret <Microsoft Office PowerPoint Viewer 2007 (English)> in the current context!
Error: Unable to interpret <Microsoft Silverlight> in the current context!
Error: Unable to interpret <Microsoft Streets & Trips 2008> in the current context!
Error: Unable to interpret <Microsoft Visual C++ 2005 Redistributable> in the current context!
Error: Unable to interpret <Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022> in the current context!
Error: Unable to interpret <Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148> in the current context!
Error: Unable to interpret <Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161> in the current context!
Error: Unable to interpret <Microsoft Works 6-9 Converter> in the current context!
Error: Unable to interpret <MixPad Audio Mixer> in the current context!
Error: Unable to interpret <MSXML 4.0 SP2 (KB954430)> in the current context!
Error: Unable to interpret <MSXML 4.0 SP2 (KB973688)> in the current context!
Error: Unable to interpret <MSXML 4.0 SP2 Parser and SDK> in the current context!
Error: Unable to interpret <NCH Toolbar> in the current context!
Error: Unable to interpret <Nero 7 Essentials> in the current context!
Error: Unable to interpret <NeroExpress> in the current context!
Error: Unable to interpret <neroxml> in the current context!
Error: Unable to interpret <OmniPage SE> in the current context!
Error: Unable to interpret <ParetoLogic DriverCure> in the current context!
Error: Unable to interpret <PC Health Doc PDF Reader 0.1> in the current context!
Error: Unable to interpret <PC Tools Firewall Plus 7.0> in the current context!
Error: Unable to interpret <Platform> in the current context!
Error: Unable to interpret <Prism Video File Converter> in the current context!
Error: Unable to interpret <Scan> in the current context!
Error: Unable to interpret <Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)> in the current context!
Error: Unable to interpret <Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)> in the current context!
Error: Unable to interpret <Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)> in the current context!
Error: Unable to interpret <Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)> in the current context!
Error: Unable to interpret <Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)> in the current context!
Error: Unable to interpret <Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)> in the current context!
Error: Unable to interpret <Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)> in the current context!
Error: Unable to interpret <ShareIns> in the current context!
Error: Unable to interpret <Skype Click to Call> in the current context!
Error: Unable to interpret <Skype™ 5.5> in the current context!
Error: Unable to interpret <SmartWebPrinting> in the current context!
Error: Unable to interpret <SolutionCenter> in the current context!
Error: Unable to interpret <Sophos Anti-Rootkit 1.5.4> in the current context!
Error: Unable to interpret <SpywareBlaster 4.4> in the current context!
Error: Unable to interpret <Status> in the current context!
Error: Unable to interpret <Stickies 7.0b> in the current context!
Error: Unable to interpret <SunlitGreen Photo Editor 1.3> in the current context!
Error: Unable to interpret <Toolbox> in the current context!
Error: Unable to interpret <TrayApp> in the current context!
Error: Unable to interpret <Update for Microsoft .NET Framework 4 Client Profile (KB2468871)> in the current context!
Error: Unable to interpret <Update for Microsoft .NET Framework 4 Client Profile (KB2533523)> in the current context!
Error: Unable to interpret <VIA Platform Device Manager> in the current context!
Error: Unable to interpret <Visual Studio 2008 x64 Redistributables> in the current context!
Error: Unable to interpret <WebReg> in the current context!
Error: Unable to interpret <Yahoo! BrowserPlus 2.9.8> in the current context!
Error: Unable to interpret <Yahoo! Software Update> in the current context!
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret <==== Event Viewer Messages From Past Week ========> in the current context!
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret <1/28/2012 11:11:14 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.> in the current context!
Error: Unable to interpret <1/28/2012 11:06:20 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.> in the current context!
Error: Unable to interpret <1/27/2012 10:13:25 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5.> in the current context!
Error: Unable to interpret <1/27/2012 1:34:53 PM, Error: Service Control Manager [7000] - The ANIO Service service failed to start due to the following error: The system cannot find the file specified.> in the current context!
Error: Unable to interpret <1/25/2012 8:39:36 AM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.> in the current context!
Error: Unable to interpret <1/25/2012 12:53:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.> in the current context!
Error: Unable to interpret <1/25/2012 12:10:08 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {9C0BA3C1-2B67-45EB-BF69-BED9658D28D2} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding> in the current context!
Error: Unable to interpret <1/24/2012 8:40:20 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: The process cannot access the file because it is being used by another process.> in the current context!
Error: Unable to interpret <1/24/2012 8:40:20 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The process cannot access the file because it is being used by another process.> in the current context!
Error: Unable to interpret <1/24/2012 8:39:31 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The process cannot access the file because it is being used by another process.> in the current context!
Error: Unable to interpret <1/24/2012 8:39:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.> in the current context!
Error: Unable to interpret <1/24/2012 8:39:30 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.> in the current context!
Error: Unable to interpret <1/24/2012 8:39:30 AM, Error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.> in the current context!
Error: Unable to interpret <1/24/2012 8:39:29 AM, Error: Service Control Manager [7023] - The Windows Font Cache Service service terminated with the following error: The process cannot access the file because it is being used by another process.> in the current context!
Error: Unable to interpret <1/24/2012 5:34:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2572077).> in the current context!
Error: Unable to interpret <1/24/2012 4:53:01 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.> in the current context!
Error: Unable to interpret <1/24/2012 4:51:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}> in the current context!
Error: Unable to interpret <1/24/2012 4:51:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}> in the current context!
Error: Unable to interpret <1/24/2012 4:46:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}> in the current context!
Error: Unable to interpret <1/24/2012 4:46:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}> in the current context!
Error: Unable to interpret <1/24/2012 4:46:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}> in the current context!
Error: Unable to interpret <1/24/2012 4:46:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}> in the current context!
Error: Unable to interpret <1/24/2012 4:46:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}> in the current context!
Error: Unable to interpret <1/24/2012 4:46:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}> in the current context!
Error: Unable to interpret <1/24/2012 4:46:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy pctgntdi Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf> in the current context!
Error: Unable to interpret <1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.> in the current context!
Error: Unable to interpret <1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.> in the current context!
Error: Unable to interpret <1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.> in the current context!
Error: Unable to interpret <1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.> in the current context!
Error: Unable to interpret <1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.> in the current context!
Error: Unable to interpret <1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.> in the current context!
Error: Unable to interpret <1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.> in the current context!
Error: Unable to interpret <1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.> in the current context!
Error: Unable to interpret <1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.> in the current context!
Error: Unable to interpret <1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.> in the current context!
Error: Unable to interpret <1/24/2012 4:46:25 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.> in the current context!
Error: Unable to interpret <1/24/2012 4:20:36 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.> in the current context!
Error: Unable to interpret <.> in the current context!
Error: Unable to interpret <==== End Of File ===========================> in the current context!
OTL by OldTimer - Version 3.2.31.0 log created on 01282012_130523
========================================================================
-
being as I am running windows7 64 bit should i still do COMBOfix?
Yes. CF will work on 64 bit machines.
Are you certain that you did the OTL script correctly? That is one weird log.Please try it again.
-
okay
-
OTL log 1-29-2012
========== OTL ==========
========== FILES ==========
C:\Windows\isRS-000.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01292012_143923
-
NOTE: I found ASK in three places in Program files and in
-
NOTE: I found ASK in three places in Program files and in CONTROL PANEL>PROGRAMS AND FEATURES. When i tried to uninstall the ASK toolbar I got the following messagae: "Error 1316. A network error occured whjile attemping to read from file C:\Windows\Installer\Ask Toolebar.msi" and it looks like the Ask Toolbar is still there....
-
When I tried to run ComboFix, it looked like it was starting to run, then itt came iup with a blank blue screen with a blinking cursor. The screen was labeled "C:\. Administrator"...
-
From the title of your post and your posts, it's not clear what you are trying to get done. If you can post here you are getting to the internet. Are you using another computer?
If you are just trying to uninstall Ask, try revo uninstaller.
http://www.revouninstaller.com/ (http://www.revouninstaller.com/)
-
rthompson80819: Yes I am using my wife's laptop to access the internet and download the tools asked for by SuperDave. Then I transfer them to my computer via flashstick and try to do as instructed. Sometimes I need more info. Right now I am having trouble with Combofix.
Thanks for the info on revoinstaller. Will try that later after SuperDave is finished with me. Thanks again, JIM
-
Ok Delete ComboFix from your desktop. This is slightly different. You have to rename it when downloading the program
Download Combofix from any of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.
Refer to this image:
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://"http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html") for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click PCHelpForum.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.
-
Thanks SuperDave: That worked, wow what a monstrous log. posting it as follows:
ComboFix 12-01-30.02 - JIM 01/30/2012 12:01:31.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2690 [GMT -7:00]
Running from: c:\users\JIM\Desktop\PCHelpForum.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\program files (x86)\DailyBibleGuideEI
c:\program files (x86)\DictionaryBoss\bar
c:\program files (x86)\DictionaryBoss\bar\Settings\s_pid.dat
c:\program files (x86)\DictionaryBossEI
c:\windows\security\Database\tmp.edb
F:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 19:44 . 2012-01-30 19:44 0 ---ha-w- c:\users\JIM\AppData\Local\BIT7292.tmp
2012-01-30 19:16 . 2012-01-30 19:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C8B97EF-6072-4622-8018-0A71D348CBCA}\offreg.dll
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Terri\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-27 17:17 . 2012-01-27 17:17 -------- d-----w- c:\users\JIM\AppData\Roaming\SUPERAntiSpyware.com
2012-01-27 17:16 . 2012-01-27 17:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-25 19:56 . 2012-01-25 19:58 -------- d-----w- c:\users\JIM\AppData\Roaming\DriverCure
2012-01-25 19:55 . 2012-01-25 19:56 -------- d-----w- c:\programdata\DriverCure
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\programdata\ParetoLogic
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-01-25 19:19 . 2004-10-22 20:42 577536 ----a-w- c:\windows\SysWow64\ANIWZCS2.dll
2012-01-25 19:19 . 2004-10-22 20:42 131072 ----a-w- c:\windows\SysWow64\WlanApp.dll
2012-01-25 19:19 . 2004-10-22 20:42 1163337 ----a-w- c:\windows\SysWow64\odSupp_M.dll
2012-01-25 19:19 . 2004-10-22 20:42 57407 ----a-w- c:\windows\SysWow64\ANICtl.dll
2012-01-25 19:19 . 2004-10-22 20:42 49152 ----a-w- c:\windows\SysWow64\AQCKGen.dll
2012-01-25 19:19 . 2004-10-22 20:42 192512 ----a-w- c:\windows\SysWow64\aIPH.dll
2012-01-25 19:19 . 2012-01-25 19:19 -------- d-----w- c:\program files (x86)\ANI
2012-01-25 19:19 . 2004-07-27 18:20 36864 ----a-w- c:\windows\SysWow64\ANIOApi.dll
2012-01-25 19:19 . 2004-07-27 18:20 28205 ----a-w- c:\windows\SysWow64\ANIO.sys
2012-01-25 19:19 . 2004-07-27 18:20 16997 ----a-w- c:\windows\SysWow64\ANIO.VXD
2012-01-25 19:19 . 2004-07-27 18:20 11904 ----a-w- c:\windows\SysWow64\anio4.sys
2012-01-25 19:19 . 2012-01-25 19:19 -------- d-----w- c:\program files (x86)\D-Link
2012-01-24 23:44 . 2012-01-24 23:44 0 ---ha-w- c:\users\JIM\AppData\Local\BIT1ECD.tmp
2012-01-24 23:42 . 2012-01-24 23:42 0 ---ha-w- c:\users\JIM\AppData\Local\BIT606D.tmp
2012-01-24 23:26 . 2012-01-24 23:26 0 ---ha-w- c:\users\JIM\AppData\Local\BITCBF.tmp
2012-01-24 23:24 . 2012-01-24 23:24 0 ---ha-w- c:\users\JIM\AppData\Local\BIT474E.tmp
2012-01-24 22:57 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C8B97EF-6072-4622-8018-0A71D348CBCA}\mpengine.dll
2012-01-23 23:32 . 2012-01-24 23:37 -------- d-----w- c:\windows\system32\SPReview
2012-01-23 23:32 . 2012-01-23 23:32 -------- d-----w- c:\windows\system32\EventProviders
2012-01-23 23:30 . 2012-01-23 23:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-23 23:30 . 2012-01-23 23:30 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-23 23:30 . 2012-01-23 23:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-23 23:30 . 2012-01-23 23:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-17 16:35 . 2012-01-17 16:35 -------- d-----w- c:\users\JIM\AppData\Roaming\FCTB000060231
2012-01-11 15:09 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 15:09 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 15:09 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 15:09 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 15:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 15:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 15:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 15:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 18:49 . 2012-01-10 18:49 -------- d-----w- c:\program files (x86)\Dogpile Bundle Toolbar
2012-01-10 18:49 . 2012-01-10 18:49 -------- d-----w- c:\users\JIM\AppData\Local\The Weather Channel
2012-01-10 18:48 . 2012-01-27 17:51 -------- d-----w- c:\program files (x86)\EpicPlay
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 19:50 . 2012-01-30 19:50 0 ---ha-w- c:\users\JIM\AppData\Local\BITA6AD.tmp
2012-01-25 18:37 . 2011-02-18 23:38 639 ----a-w- c:\windows\uninstallstickies.bat
2012-01-23 23:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-23 23:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-03 20:16 . 2011-07-09 17:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-03-22 21:03 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-03-22 21:03 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-03-22 21:03 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-03-22 21:03 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-03-22 21:03 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-03-22 21:03 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-03-22 21:03 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-03-22 21:03 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-03-22 21:03 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 04:52 . 2011-12-14 21:27 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 21:29 . 2010-10-20 20:33 270720 ----a-w- c:\windows\system32\MpSigStub.exe
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp3A218.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp00318.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpE6E08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpCCE08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpA1F08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp24018.FOT
2011-11-05 05:41 . 2011-12-14 21:27 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 21:27 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 21:27 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 21:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 21:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 21:27 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-05_17.01.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 00:14 . 2009-07-14 01:16 51200 c:\windows\twain_32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 51200 c:\windows\twain_32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 27648 c:\windows\SysWOW64\wups.dll
- 2009-07-14 00:14 . 2009-07-14 01:16 87552 c:\windows\SysWOW64\wudriver.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 87552 c:\windows\SysWOW64\wudriver.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 33792 c:\windows\SysWOW64\wuapp.exe
- 2009-07-14 00:14 . 2009-07-14 01:14 33792 c:\windows\SysWOW64\wuapp.exe
+ 2011-06-20 23:44 . 2010-11-20 12:21 40448 c:\windows\SysWOW64\wtsapi32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 51712 c:\windows\SysWOW64\wsnmp32.dll
- 2009-07-13 23:55 . 2009-07-14 01:16 51712 c:\windows\SysWOW64\wsnmp32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 11264 c:\windows\SysWOW64\wshirda.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 36352 c:\windows\SysWOW64\wshbth.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 21504 c:\windows\SysWOW64\wsdchngr.dll
+ 2011-06-20 23:45 . 2010-11-20 12:21 51712 c:\windows\SysWOW64\wscapi.dll
- 2009-07-13 23:37 . 2009-07-14 01:16 47104 c:\windows\SysWOW64\wkscli.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 47104 c:\windows\SysWOW64\wkscli.dll
- 2009-07-13 23:27 . 2009-07-14 01:14 28672 c:\windows\SysWOW64\WerFaultSecure.exe
+ 2011-06-20 23:44 . 2010-11-20 12:17 28672 c:\windows\SysWOW64\WerFaultSecure.exe
+ 2011-06-20 23:44 . 2010-11-20 12:21 89600 c:\windows\SysWOW64\wbem\WmiApRpl.dll
- 2009-07-13 23:31 . 2009-07-14 01:16 89600 c:\windows\SysWOW64\wbem\WmiApRpl.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 66048 c:\windows\SysWOW64\w32tm.exe
+ 2011-06-20 23:44 . 2010-11-20 12:21 25600 c:\windows\SysWOW64\vpnikeapi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 56832 c:\windows\SysWOW64\vfwwdm32.dll
- 2009-07-14 00:03 . 2009-07-14 01:16 56832 c:\windows\SysWOW64\vfwwdm32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 31744 c:\windows\SysWOW64\utildll.dll
- 2009-07-14 00:02 . 2009-07-14 01:16 31744 c:\windows\SysWOW64\utildll.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 26624 c:\windows\SysWOW64\userinit.exe
+ 2011-06-20 23:45 . 2010-11-20 12:21 81920 c:\windows\SysWOW64\userenv.dll
- 2009-07-13 23:40 . 2009-07-14 01:16 78848 c:\windows\SysWOW64\UserAccountControlSettings.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 78848 c:\windows\SysWOW64\UserAccountControlSettings.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 34304 c:\windows\SysWOW64\unlodctr.exe
+ 2011-06-20 23:44 . 2010-11-20 12:21 59392 c:\windows\SysWOW64\unimdmat.dll
- 2009-07-13 23:55 . 2009-07-14 01:16 59392 c:\windows\SysWOW64\unimdmat.dll
- 2009-07-13 23:15 . 2009-07-14 01:14 47616 c:\windows\SysWOW64\tzutil.exe
+ 2011-06-20 23:44 . 2010-11-20 12:17 47616 c:\windows\SysWOW64\tzutil.exe
- 2009-07-13 23:34 . 2009-07-14 01:16 65024 c:\windows\SysWOW64\TSpkg.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 65024 c:\windows\SysWOW64\TSpkg.dll
- 2009-07-14 00:02 . 2009-07-14 01:16 36864 c:\windows\SysWOW64\tsgqec.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 36864 c:\windows\SysWOW64\tsgqec.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 12288 c:\windows\SysWOW64\tsbyuv.dll
- 2011-03-19 16:07 . 2009-12-19 09:02 12288 c:\windows\SysWOW64\tsbyuv.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 21504 c:\windows\SysWOW64\TRAPI.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 69632 c:\windows\SysWOW64\tlscsp.dll
- 2009-07-13 23:40 . 2009-07-14 01:16 82944 c:\windows\SysWOW64\thumbcache.dll
+ 2011-06-20 23:45 . 2010-11-20 12:21 82944 c:\windows\SysWOW64\thumbcache.dll
+ 2011-06-20 23:45 . 2009-07-14 01:16 61440 c:\windows\SysWOW64\tcpmonui.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 51200 c:\windows\SysWOW64\takeown.exe
+ 2011-06-20 23:44 . 2010-11-20 12:21 14848 c:\windows\SysWOW64\syssetup.dll
- 2011-03-19 16:07 . 2009-12-11 07:36 96768 c:\windows\SysWOW64\sspicli.dll
+ 2011-06-20 23:44 . 2010-11-20 12:08 96768 c:\windows\SysWOW64\sspicli.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 90112 c:\windows\SysWOW64\srvcli.dll
- 2009-07-13 23:37 . 2009-07-14 01:16 90112 c:\windows\SysWOW64\srvcli.dll
- 2009-07-13 23:17 . 2009-07-14 01:16 19968 c:\windows\SysWOW64\spopk.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 19968 c:\windows\SysWOW64\spopk.dll
- 2009-07-13 23:17 . 2009-07-14 01:16 61952 c:\windows\SysWOW64\spbcd.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 61952 c:\windows\SysWOW64\spbcd.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 14336 c:\windows\SysWOW64\slwga.dll
- 2011-03-19 16:16 . 2010-12-21 05:38 14336 c:\windows\SysWOW64\slwga.dll
- 2009-07-13 23:14 . 2009-07-14 01:16 19456 c:\windows\SysWOW64\sisbkup.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 19456 c:\windows\SysWOW64\sisbkup.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 10752 c:\windows\SysWOW64\shunimpl.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 35840 c:\windows\SysWOW64\shimgvw.dll
- 2009-07-13 23:39 . 2009-07-14 01:16 35840 c:\windows\SysWOW64\shimgvw.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 20992 c:\windows\SysWOW64\shgina.dll
- 2009-07-13 23:40 . 2009-07-14 01:16 20992 c:\windows\SysWOW64\shgina.dll
+ 2011-08-19 17:49 . 2011-07-16 04:25 25600 c:\windows\SysWOW64\setup16.exe
- 2011-03-19 16:16 . 2009-12-22 08:23 25600 c:\windows\SysWOW64\setup16.exe
+ 2011-06-20 23:45 . 2010-11-20 12:20 67584 c:\windows\SysWOW64\Setup\pbkmigr.dll
- 2011-03-19 16:07 . 2009-12-11 07:39 22016 c:\windows\SysWOW64\secur32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 22016 c:\windows\SysWOW64\secur32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 85504 c:\windows\SysWOW64\secproc_ssp_isv.dll
- 2011-03-19 16:16 . 2010-01-18 23:29 85504 c:\windows\SysWOW64\secproc_ssp_isv.dll
- 2011-03-19 16:16 . 2010-01-18 23:29 85504 c:\windows\SysWOW64\secproc_ssp.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 85504 c:\windows\SysWOW64\secproc_ssp.dll
- 2011-06-29 16:04 . 2011-05-04 04:52 86528 c:\windows\SysWOW64\SearchFilterHost.exe
+ 2011-06-29 16:04 . 2011-05-04 04:28 86528 c:\windows\SysWOW64\SearchFilterHost.exe
- 2009-07-13 23:37 . 2009-07-14 01:16 17408 c:\windows\SysWOW64\schedcli.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 17408 c:\windows\SysWOW64\schedcli.dll
+ 2011-06-20 23:45 . 2010-11-20 12:21 51200 c:\windows\SysWOW64\samcli.dll
- 2009-07-13 23:41 . 2009-07-14 01:14 50688 c:\windows\SysWOW64\runonce.exe
+ 2011-06-20 23:44 . 2010-11-20 12:17 50688 c:\windows\SysWOW64\runonce.exe
+ 2011-06-20 23:44 . 2010-11-20 12:21 37376 c:\windows\SysWOW64\rtutils.dll
- 2011-03-19 16:08 . 2010-06-19 06:23 37376 c:\windows\SysWOW64\rtutils.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 46080 c:\windows\SysWOW64\RpcRtRemote.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 98816 c:\windows\SysWOW64\Robocopy.exe
- 2009-07-13 23:21 . 2009-07-14 01:16 71168 c:\windows\SysWOW64\resutils.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 71168 c:\windows\SysWOW64\resutils.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 37888 c:\windows\SysWOW64\relog.exe
- 2009-07-13 23:43 . 2009-07-14 01:14 83968 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2011-06-20 23:44 . 2010-11-20 12:17 83968 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2011-06-20 23:45 . 2010-11-20 12:21 72192 c:\windows\SysWOW64\regapi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 22016 c:\windows\SysWOW64\ReAgentc.exe
+ 2011-06-20 23:44 . 2010-11-20 12:21 21504 c:\windows\SysWOW64\rdprefdrvapi.dll
- 2009-07-14 00:01 . 2009-07-14 01:16 21504 c:\windows\SysWOW64\rdprefdrvapi.dll
- 2009-07-14 00:02 . 2009-07-14 01:16 52224 c:\windows\SysWOW64\rdpd3d.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 52224 c:\windows\SysWOW64\rdpd3d.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 69632 c:\windows\SysWOW64\rastapi.dll
- 2009-07-13 23:54 . 2009-07-14 01:16 69632 c:\windows\SysWOW64\rastapi.dll
- 2009-07-13 23:52 . 2009-07-14 01:16 80896 c:\windows\SysWOW64\QUTIL.DLL
+ 2011-06-20 23:44 . 2010-11-20 12:21 80896 c:\windows\SysWOW64\QUTIL.DLL
+ 2011-06-20 23:44 . 2010-11-20 12:20 99328 c:\windows\SysWOW64\QSVRMGMT.DLL
- 2009-07-13 23:52 . 2009-07-14 01:16 99328 c:\windows\SysWOW64\QSVRMGMT.DLL
+ 2011-06-20 23:44 . 2010-11-20 12:20 71680 c:\windows\SysWOW64\QCLIPROV.DLL
- 2009-07-13 23:52 . 2009-07-14 01:16 71680 c:\windows\SysWOW64\QCLIPROV.DLL
+ 2011-06-20 23:45 . 2010-11-20 12:17 28672 c:\windows\SysWOW64\proquota.exe
+ 2011-04-30 16:19 . 2011-02-18 05:39 31232 c:\windows\SysWOW64\prevhost.exe
- 2011-04-30 16:19 . 2011-02-18 05:33 31232 c:\windows\SysWOW64\prevhost.exe
- 2011-03-19 03:11 . 2009-11-25 19:47 99176 c:\windows\SysWOW64\PresentationHostProxy.dll
+ 2011-06-20 23:45 . 2010-11-05 01:53 99176 c:\windows\SysWOW64\PresentationHostProxy.dll
+ 2011-06-20 23:44 . 2010-11-20 12:05 35328 c:\windows\SysWOW64\pifmgr.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 17408 c:\windows\SysWOW64\perfts.dll
- 2009-07-14 00:02 . 2009-07-14 01:16 17408 c:\windows\SysWOW64\perfts.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 46592 c:\windows\SysWOW64\pdhui.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 77824 c:\windows\SysWOW64\olethk32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 90112 c:\windows\SysWOW64\olepro32.dll
- 2009-07-13 23:43 . 2009-07-14 01:16 90112 c:\windows\SysWOW64\olepro32.dll
+ 2011-08-19 17:49 . 2011-06-15 08:55 86016 c:\windows\SysWOW64\odbccu32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 86016 c:\windows\SysWOW64\odbccu32.dll
+ 2011-08-19 17:49 . 2011-06-15 08:55 81920 c:\windows\SysWOW64\odbccr32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 40960 c:\windows\SysWOW64\odbcconf.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 40960 c:\windows\SysWOW64\odbcconf.dll
+ 2011-08-19 17:49 . 2011-07-16 04:29 14336 c:\windows\SysWOW64\ntvdm64.dll
- 2011-03-19 16:16 . 2009-12-22 08:24 14336 c:\windows\SysWOW64\ntvdm64.dll
- 2009-07-13 23:31 . 2009-07-14 01:16 69120 c:\windows\SysWOW64\ntlanman.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 69120 c:\windows\SysWOW64\ntlanman.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 98304 c:\windows\SysWOW64\nslookup.exe
+ 2011-06-20 23:44 . 2010-11-20 12:06 69120 c:\windows\SysWOW64\nlsbres.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 52224 c:\windows\SysWOW64\nlaapi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 22528 c:\windows\SysWOW64\netutils.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 25600 c:\windows\SysWOW64\netiougc.exe
+ 2011-06-20 23:45 . 2010-11-05 01:58 49488 c:\windows\SysWOW64\netfxperf.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 24064 c:\windows\SysWOW64\netbtugc.exe
- 2009-07-13 23:53 . 2009-07-14 01:14 24064 c:\windows\SysWOW64\netbtugc.exe
- 2009-07-13 23:37 . 2009-07-14 01:16 56832 c:\windows\SysWOW64\netapi32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 56832 c:\windows\SysWOW64\netapi32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 60928 c:\windows\SysWOW64\ncryptui.dll
- 2009-07-13 23:32 . 2009-07-14 01:16 60928 c:\windows\SysWOW64\ncryptui.dll
+ 2011-06-20 23:45 . 2010-11-20 12:20 78848 c:\windows\SysWOW64\nci.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 68096 c:\windows\SysWOW64\napdsnap.dll
- 2009-07-13 23:53 . 2009-07-14 01:22 46080 c:\windows\SysWOW64\NAPCRYPT.DLL
+ 2011-06-20 23:44 . 2010-11-20 12:36 46080 c:\windows\SysWOW64\NAPCRYPT.DLL
+ 2011-06-20 23:44 . 2010-11-20 12:17 70656 c:\windows\SysWOW64\MuiUnattend.exe
- 2009-07-13 23:13 . 2009-07-14 01:14 70656 c:\windows\SysWOW64\MuiUnattend.exe
+ 2011-06-20 23:44 . 2010-11-20 12:19 13312 c:\windows\SysWOW64\muifontsetup.dll
- 2009-07-13 23:25 . 2009-07-14 01:15 13312 c:\windows\SysWOW64\muifontsetup.dll
+ 2011-06-20 23:44 . 2010-11-05 01:58 11600 c:\windows\SysWOW64\MUI\0409\mscorees.dll
- 2011-03-19 03:11 . 2009-11-25 19:47 11600 c:\windows\SysWOW64\MUI\0409\mscorees.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 22528 c:\windows\SysWOW64\msyuv.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 31744 c:\windows\SysWOW64\msvidc32.dll
- 2011-03-19 16:07 . 2009-12-19 09:02 31744 c:\windows\SysWOW64\msvidc32.dll
- 2011-06-29 16:04 . 2011-05-04 04:52 59392 c:\windows\SysWOW64\msscntrs.dll
+ 2011-06-29 16:04 . 2011-05-04 04:32 59392 c:\windows\SysWOW64\msscntrs.dll
- 2011-03-19 16:07 . 2009-12-19 09:02 13312 c:\windows\SysWOW64\msrle32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 13312 c:\windows\SysWOW64\msrle32.dll
+ 2011-10-25 18:39 . 1998-07-06 07:00 23552 c:\windows\SysWOW64\MSMPIDE.DLL
+ 2011-06-20 23:44 . 2010-11-20 12:17 73216 c:\windows\SysWOW64\msiexec.exe
- 2009-07-13 23:31 . 2009-07-14 01:14 73216 c:\windows\SysWOW64\msiexec.exe
- 2011-06-16 18:30 . 2011-04-22 19:31 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-12-14 21:27 . 2011-11-05 04:31 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2011-06-16 18:30 . 2011-04-22 19:30 12800 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-06-20 23:44 . 2010-11-20 12:19 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2011-06-16 18:30 . 2011-04-22 19:31 64512 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 30720 c:\windows\SysWOW64\msdmo.dll
+ 2011-06-20 23:44 . 2010-11-05 01:58 80720 c:\windows\SysWOW64\mscories.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 80720 c:\windows\SysWOW64\mscories.dll
+ 2011-06-20 23:45 . 2010-11-20 12:19 34304 c:\windows\SysWOW64\msasn1.dll
+ 2011-06-20 23:45 . 2010-11-20 12:19 42496 c:\windows\SysWOW64\mimefilt.dll
- 2009-07-13 23:42 . 2009-07-14 01:16 90112 c:\windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-shmig\shmig.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 90112 c:\windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-shmig\shmig.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 90112 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-shmig-DL\shmig.dll
- 2009-07-13 23:42 . 2009-07-14 01:16 90112 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-shmig-DL\shmig.dll
+ 2011-06-20 23:45 . 2010-11-20 12:21 67584 c:\windows\SysWOW64\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasApi-MigPlugin\pbkmigr-Mig.dll
+ 2011-12-14 21:27 . 2011-11-05 04:35 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-06-16 18:30 . 2011-04-22 19:31 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 90112 c:\windows\SysWOW64\migration\shmig.dll
- 2009-07-13 23:41 . 2009-07-14 01:16 90112 c:\windows\SysWOW64\migration\shmig.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 36352 c:\windows\SysWOW64\mciqtz32.dll
- 2009-07-14 00:03 . 2009-07-14 01:15 36352 c:\windows\SysWOW64\mciqtz32.dll
- 2011-03-19 16:07 . 2009-12-19 09:02 84480 c:\windows\SysWOW64\mciavi32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 84480 c:\windows\SysWOW64\mciavi32.dll
- 2009-07-14 00:12 . 2009-07-14 01:15 76800 c:\windows\SysWOW64\mapistub.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 76800 c:\windows\SysWOW64\mapistub.dll
- 2009-07-14 00:12 . 2009-07-14 01:15 76800 c:\windows\SysWOW64\mapi32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 76800 c:\windows\SysWOW64\mapi32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 41984 c:\windows\SysWOW64\luainstall.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 21504 c:\windows\SysWOW64\lsmproxy.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 82944 c:\windows\SysWOW64\logman.exe
+ 2011-06-20 23:44 . 2010-11-20 12:17 95232 c:\windows\SysWOW64\logagent.exe
- 2009-07-14 00:08 . 2009-07-14 01:14 95232 c:\windows\SysWOW64\logagent.exe
- 2011-06-16 18:30 . 2011-04-22 19:31 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 44544 c:\windows\SysWOW64\licmgr10.dll
- 2011-06-16 18:30 . 2011-04-22 19:31 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2011-12-14 21:27 . 2011-11-05 04:30 48128 c:\windows\SysWOW64\jsproxy.dll
- 2011-03-19 16:07 . 2009-12-19 09:02 50176 c:\windows\SysWOW64\iyuv_32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 50176 c:\windows\SysWOW64\iyuv_32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 86528 c:\windows\SysWOW64\isoburn.exe
- 2009-07-13 23:40 . 2009-07-14 01:14 86528 c:\windows\SysWOW64\isoburn.exe
- 2009-07-13 23:46 . 2009-07-14 01:15 28672 c:\windows\SysWOW64\iscsium.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 28672 c:\windows\SysWOW64\iscsium.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 96256 c:\windows\SysWOW64\inseng.dll
- 2009-07-13 23:42 . 2009-07-14 01:15 96256 c:\windows\SysWOW64\inseng.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 52736 c:\windows\SysWOW64\inetmib1.dll
- 2009-07-13 23:42 . 2009-07-14 01:15 34304 c:\windows\SysWOW64\imgutil.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 34304 c:\windows\SysWOW64\imgutil.dll
- 2009-07-13 23:26 . 2009-07-14 01:14 90112 c:\windows\SysWOW64\IME\IMESC5\IMSCPROP.exe
+ 2011-06-20 23:44 . 2010-11-20 12:17 90112 c:\windows\SysWOW64\IME\IMESC5\IMSCPROP.exe
+ 2011-06-20 23:44 . 2010-11-20 12:19 82944 c:\windows\SysWOW64\iccvid.dll
- 2011-03-19 16:08 . 2010-07-29 06:30 82944 c:\windows\SysWOW64\iccvid.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 78848 c:\windows\SysWOW64\iasacct.dll
- 2009-07-13 23:12 . 2009-07-14 01:15 34816 c:\windows\SysWOW64\httpapi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 34816 c:\windows\SysWOW64\httpapi.dll
+ 2011-06-20 23:45 . 2010-11-20 12:19 66560 c:\windows\SysWOW64\hbaapi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 42496 c:\windows\SysWOW64\ftp.exe
- 2009-07-13 23:55 . 2009-07-14 01:14 42496 c:\windows\SysWOW64\ftp.exe
- 2011-04-30 16:19 . 2011-03-11 05:37 74240 c:\windows\SysWOW64\fsutil.exe
+ 2011-04-30 16:19 . 2011-03-11 05:31 74240 c:\windows\SysWOW64\fsutil.exe
+ 2011-06-20 23:44 . 2010-11-20 12:19 98304 c:\windows\SysWOW64\fphc.dll
+ 2011-03-19 16:07 . 2010-09-30 06:47 70656 c:\windows\SysWOW64\fontsub.dll
- 2011-03-19 16:07 . 2009-10-19 14:10 70656 c:\windows\SysWOW64\fontsub.dll
- 2009-07-13 23:25 . 2009-07-14 01:15 93696 c:\windows\SysWOW64\fms.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 93696 c:\windows\SysWOW64\fms.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 62976 c:\windows\SysWOW64\findstr.exe
+ 2011-06-20 23:44 . 2010-11-20 12:19 59904 c:\windows\SysWOW64\fdeploy.dll
- 2009-07-14 05:35 . 2009-07-14 02:11 69632 c:\windows\SysWOW64\en\AuthFWWizFwk.Resources.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 69632 c:\windows\SysWOW64\en\AuthFWWizFwk.Resources.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 22528 c:\windows\SysWOW64\elsTrans.dll
- 2009-07-13 23:56 . 2009-07-14 01:15 94208 c:\windows\SysWOW64\eappgnui.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 94208 c:\windows\SysWOW64\eappgnui.dll
+ 2003-04-02 04:30 . 2003-04-02 04:30 11088 c:\windows\SysWOW64\DWLNdi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 30208 c:\windows\SysWOW64\dsauth.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 82432 c:\windows\SysWOW64\dot3cfg.dll
+ 2011-06-20 23:45 . 2010-11-20 12:18 91136 c:\windows\SysWOW64\dot3api.dll
+ 2011-04-30 16:21 . 2011-03-03 05:36 28672 c:\windows\SysWOW64\dnscacheugc.exe
- 2011-04-30 16:21 . 2011-03-03 05:27 28672 c:\windows\SysWOW64\dnscacheugc.exe
+ 2011-06-20 23:44 . 2010-11-20 12:19 89600 c:\windows\SysWOW64\Dism\LogProvider.dll
- 2009-07-13 23:18 . 2009-07-14 01:15 89600 c:\windows\SysWOW64\Dism\LogProvider.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 49152 c:\windows\SysWOW64\Dism\FolderProvider.dll
- 2009-07-13 23:18 . 2009-07-14 01:15 49152 c:\windows\SysWOW64\Dism\FolderProvider.dll
- 2009-07-13 23:18 . 2009-07-14 01:14 82944 c:\windows\SysWOW64\Dism\DismHost.exe
+ 2011-06-20 23:44 . 2010-11-20 12:17 82944 c:\windows\SysWOW64\Dism\DismHost.exe
+ 2011-06-20 23:44 . 2010-11-20 12:18 50688 c:\windows\SysWOW64\Dism\DismCorePS.dll
- 2011-06-29 16:05 . 2011-05-24 10:34 44544 c:\windows\SysWOW64\devrtl.dll
+ 2011-06-29 16:05 . 2011-05-24 10:40 44544 c:\windows\SysWOW64\devrtl.dll
- 2011-06-29 16:05 . 2011-05-24 10:34 64512 c:\windows\SysWOW64\devobj.dll
+ 2011-06-29 16:05 . 2011-05-24 10:40 64512 c:\windows\SysWOW64\devobj.dll
+ 2011-06-20 23:45 . 2010-11-20 12:18 80384 c:\windows\SysWOW64\davclnt.dll
- 2011-03-19 16:16 . 2010-12-21 05:34 80384 c:\windows\SysWOW64\davclnt.dll
- 2009-07-13 23:14 . 2009-07-14 01:15 23040 c:\windows\SysWOW64\cscdll.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 23040 c:\windows\SysWOW64\cscdll.dll
- 2009-07-13 23:14 . 2009-07-14 01:15 34816 c:\windows\SysWOW64\cscapi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 34816 c:\windows\SysWOW64\cscapi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 17408 c:\windows\SysWOW64\credssp.dll
- 2009-07-14 04:54 . 2011-07-05 17:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-30 19:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-30 19:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-05 17:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-30 19:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-05 17:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-20 23:44 . 2010-11-20 12:17 84992 c:\windows\SysWOW64\cmstp.exe
- 2009-07-13 23:54 . 2009-07-14 01:14 84992 c:\windows\SysWOW64\cmstp.exe
+ 2011-06-20 23:44 . 2010-11-20 12:18 65024 c:\windows\SysWOW64\CertPolEng.dll
- 2009-07-13 23:36 . 2009-07-14 01:15 65024 c:\windows\SysWOW64\CertPolEng.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 66560 c:\windows\SysWOW64\cca.dll
- 2009-07-14 00:05 . 2009-07-14 01:15 66560 c:\windows\SysWOW64\cca.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 73216 c:\windows\SysWOW64\cabinet.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 11264 c:\windows\SysWOW64\C_ISCII.DLL
+ 2011-06-20 23:44 . 2010-11-20 12:18 10752 c:\windows\SysWOW64\browseui.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 41984 c:\windows\SysWOW64\browcli.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 19456 c:\windows\SysWOW64\bitsperf.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 28160 c:\windows\SysWOW64\AzSqlExt.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 91648 c:\windows\SysWOW64\avifil32.dll
- 2011-03-19 16:07 . 2009-12-19 09:02 91648 c:\windows\SysWOW64\avifil32.dll
+ 2011-04-30 16:21 . 2011-02-19 06:30 34304 c:\windows\SysWOW64\atmlib.dll
- 2011-04-30 16:21 . 2011-02-19 05:32 34304 c:\windows\SysWOW64\atmlib.dll
- 2011-03-19 16:15 . 2010-03-05 07:42 67584 c:\windows\SysWOW64\asycfilt.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 67584 c:\windows\SysWOW64\asycfilt.dll
- 2009-07-14 00:03 . 2009-07-14 01:14 70656 c:\windows\SysWOW64\amstream.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 70656 c:\windows\SysWOW64\amstream.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 45568 c:\windows\SysWOW64\acppage.dll
- 2009-07-13 23:26 . 2009-07-14 01:14 45568 c:\windows\SysWOW64\acppage.dll
- 2009-07-14 00:12 . 2009-07-14 01:41 48640 c:\windows\system32\wwanprotdim.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 48640 c:\windows\system32\wwanprotdim.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 37376 c:\windows\system32\wups2.dll
- 2009-07-14 00:34 . 2009-07-14 01:41 37376 c:\windows\system32\wups2.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 33280 c:\windows\system32\wups.dll
- 2009-07-14 00:34 . 2009-07-14 01:41 98304 c:\windows\system32\wudriver.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 98304 c:\windows\system32\wudriver.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 78848 c:\windows\system32\WUDFSvc.dll
- 2009-07-14 00:06 . 2009-07-14 01:41 44544 c:\windows\system32\WUDFCoinstaller.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 44544 c:\windows\system32\WUDFCoinstaller.dll
- 2009-07-14 00:34 . 2009-07-14 01:39 51200 c:\windows\system32\wuauclt.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 51200 c:\windows\system32\wuauclt.exe
- 2009-07-14 00:34 . 2009-07-14 01:39 36864 c:\windows\system32\wuapp.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 36864 c:\windows\system32\wuapp.exe
- 2009-07-14 00:10 . 2009-07-14 01:41 67072 c:\windows\system32\wsnmp32.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 67072 c:\windows\system32\wsnmp32.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 13824 c:\windows\system32\wshirda.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 47104 c:\windows\system32\wshbth.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 26112 c:\windows\system32\wsdchngr.dll
- 2011-03-19 16:16 . 2010-12-21 06:16 97280 c:\windows\system32\wscsvc.dll
+ 2009-07-13 23:48 . 2009-07-14 01:41 97280 c:\windows\system32\wscsvc.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 63488 c:\windows\system32\wscapi.dll
- 2009-07-13 23:26 . 2009-07-14 01:41 13312 c:\windows\system32\wow64cpu.dll
+ 2011-08-19 17:49 . 2011-07-16 05:41 13312 c:\windows\system32\wow64cpu.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 71680 c:\windows\system32\wkscli.dll
- 2009-07-13 23:53 . 2009-07-14 01:41 71680 c:\windows\system32\wkscli.dll
- 2009-07-13 23:40 . 2009-07-14 01:39 26112 c:\windows\system32\WerFaultSecure.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 26112 c:\windows\system32\WerFaultSecure.exe
+ 2011-06-20 23:44 . 2010-11-20 13:27 36352 c:\windows\system32\wdiasqmmodule.dll
+ 2011-03-19 16:13 . 2012-01-24 23:58 40500 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-27 20:36 45380 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-19 15:57 . 2012-01-27 20:36 11988 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3909975552-3371312792-2741729148-1000_UserData.bin
+ 2011-06-20 23:44 . 2010-11-20 13:27 61952 c:\windows\system32\WavDest.dll
- 2009-07-14 00:25 . 2009-07-14 01:41 61952 c:\windows\system32\WavDest.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 61952 c:\windows\system32\vss_ps.dll
- 2009-07-13 23:36 . 2009-07-14 01:41 61952 c:\windows\system32\vss_ps.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 38912 c:\windows\system32\vpnikeapi.dll
- 2009-07-14 00:18 . 2009-07-14 01:41 68096 c:\windows\system32\vfwwdm32.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 68096 c:\windows\system32\vfwwdm32.dll
+ 2011-06-20 23:44 . 2010-11-20 13:25 30720 c:\windows\system32\userinit.exe
+ 2011-06-20 23:44 . 2010-11-20 13:27 84480 c:\windows\system32\UserAccountControlSettings.dll
- 2009-07-14 00:10 . 2009-07-14 01:41 73216 c:\windows\system32\unimdmat.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 73216 c:\windows\system32\unimdmat.dll
- 2009-07-13 23:35 . 2009-07-14 01:41 59904 c:\windows\system32\umb.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 59904 c:\windows\system32\umb.dll
+ 2011-06-20 23:44 . 2010-11-20 13:25 58368 c:\windows\system32\tzutil.exe
+ 2011-06-20 23:46 . 2010-11-20 13:27 12288 c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 40960 c:\windows\system32\TsUsbGDCoInstaller.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 86016 c:\windows\system32\TSpkg.dll
- 2009-07-13 23:50 . 2009-07-14 01:41 86016 c:\windows\system32\TSpkg.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 44032 c:\windows\system32\tsgqec.dll
- 2009-07-14 00:17 . 2009-07-14 01:41 44032 c:\windows\system32\tsgqec.dll
- 2011-03-19 16:07 . 2009-12-19 09:50 14848 c:\windows\system32\tsbyuv.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 14848 c:\windows\system32\tsbyuv.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 21504 c:\windows\system32\TRAPI.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 73728 c:\windows\system32\tlscsp.dll
- 2009-07-14 00:16 . 2009-07-14 01:41 73728 c:\windows\system32\tlscsp.dll
+ 2011-06-20 23:45 . 2010-11-20 13:25 69120 c:\windows\system32\taskhost.exe
- 2009-07-13 23:31 . 2009-07-14 01:39 69120 c:\windows\system32\taskhost.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 63488 c:\windows\system32\takeown.exe
+ 2011-06-20 23:45 . 2010-11-20 13:27 92672 c:\windows\system32\TabSvc.dll
- 2009-07-14 00:03 . 2009-07-14 01:39 78848 c:\windows\system32\tabcal.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 78848 c:\windows\system32\tabcal.exe
+ 2011-06-20 23:44 . 2010-11-20 13:27 17408 c:\windows\system32\syssetup.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 29184 c:\windows\system32\sspisrv.dll
- 2009-07-13 23:53 . 2009-07-14 01:41 13312 c:\windows\system32\sscore.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 13312 c:\windows\system32\sscore.dll
- 2009-07-13 23:29 . 2009-07-14 01:41 18944 c:\windows\system32\spopk.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 18944 c:\windows\system32\spopk.dll
- 2009-07-14 00:39 . 2009-07-14 01:41 39424 c:\windows\system32\spool\prtprocs\x64\winprint.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 39424 c:\windows\system32\spool\prtprocs\x64\winprint.dll
+ 2012-01-01 20:35 . 2009-05-07 11:16 93696 c:\windows\system32\spool\drivers\x64\3\hpfrs092.dll
- 2011-05-02 19:33 . 2009-05-07 11:16 93696 c:\windows\system32\spool\drivers\x64\3\hpfrs092.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 78848 c:\windows\system32\spbcd.dll
- 2009-07-13 23:29 . 2009-07-14 01:41 78848 c:\windows\system32\spbcd.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 15360 c:\windows\system32\slwga.dll
- 2011-03-19 16:16 . 2010-12-21 06:15 15360 c:\windows\system32\slwga.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 24064 c:\windows\system32\sisbkup.dll
- 2009-07-13 23:23 . 2009-07-14 01:41 24064 c:\windows\system32\sisbkup.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 11264 c:\windows\system32\shunimpl.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 37376 c:\windows\system32\shimgvw.dll
- 2009-07-13 23:55 . 2009-07-14 01:41 37376 c:\windows\system32\shimgvw.dll
- 2009-07-13 23:55 . 2009-07-14 01:41 28160 c:\windows\system32\shgina.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 28160 c:\windows\system32\shgina.dll
+ 2011-06-20 23:45 . 2010-11-20 13:25 88576 c:\windows\system32\setupcl.exe
+ 2011-06-20 23:45 . 2010-11-20 13:27 57856 c:\windows\system32\Setup\pbkmigr.dll
+ 2011-04-30 16:21 . 2010-11-20 13:27 63488 c:\windows\system32\setbcdlocale.dll
- 2009-07-13 23:50 . 2009-07-14 01:41 28160 c:\windows\system32\secur32.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 28160 c:\windows\system32\secur32.dll
- 2009-07-13 23:53 . 2009-07-14 01:41 30720 c:\windows\system32\seclogon.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 30720 c:\windows\system32\seclogon.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 24064 c:\windows\system32\schedcli.dll
- 2009-07-13 23:53 . 2009-07-14 01:41 24064 c:\windows\system32\schedcli.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 67584 c:\windows\system32\samcli.dll
- 2009-07-13 23:57 . 2009-07-14 01:39 56832 c:\windows\system32\runonce.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 56832 c:\windows\system32\runonce.exe
- 2011-03-19 16:08 . 2010-06-19 06:53 52224 c:\windows\system32\rtutils.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 52224 c:\windows\system32\rtutils.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 65536 c:\windows\system32\RpcRtRemote.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 10752 c:\windows\system32\riched32.dll
+ 2011-06-20 23:44 . 2010-11-20 13:25 51712 c:\windows\system32\repair-bde.exe
- 2009-07-13 23:22 . 2009-07-14 01:39 51712 c:\windows\system32\repair-bde.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 43008 c:\windows\system32\relog.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 98816 c:\windows\system32\RegisterIEPKEYs.exe
- 2009-07-13 23:58 . 2009-07-14 01:39 98816 c:\windows\system32\RegisterIEPKEYs.exe
+ 2011-06-20 23:45 . 2010-11-20 13:27 95232 c:\windows\system32\regapi.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 77312 c:\windows\system32\rdpwsx.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 23040 c:\windows\system32\rdprefdrvapi.dll
- 2009-07-14 00:16 . 2009-07-14 01:41 23040 c:\windows\system32\rdprefdrvapi.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 68096 c:\windows\system32\rdpd3d.dll
- 2009-07-14 00:17 . 2009-07-14 01:41 68096 c:\windows\system32\rdpd3d.dll
- 2009-07-14 00:17 . 2009-07-14 01:41 10240 c:\windows\system32\rdpcfgex.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 10240 c:\windows\system32\rdpcfgex.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 79872 c:\windows\system32\QCLIPROV.DLL
- 2009-07-14 00:07 . 2009-07-14 01:41 79872 c:\windows\system32\QCLIPROV.DLL
+ 2011-06-20 23:44 . 2010-11-20 13:25 31744 c:\windows\system32\proquota.exe
+ 2011-06-20 23:44 . 2010-11-20 13:27 33792 c:\windows\system32\profprov.dll
- 2009-07-14 00:39 . 2009-07-14 01:41 48128 c:\windows\system32\PrintIsolationProxy.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 48128 c:\windows\system32\PrintIsolationProxy.dll
- 2011-04-30 16:19 . 2011-02-18 06:33 31232 c:\windows\system32\prevhost.exe
+ 2011-04-30 16:19 . 2011-02-18 10:51 31232 c:\windows\system32\prevhost.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 62976 c:\windows\system32\PnPUnattend.exe
+ 2011-06-20 23:44 . 2010-11-20 13:12 35328 c:\windows\system32\pifmgr.dll
+ 2011-10-25 18:39 . 2005-03-12 07:07 87040 c:\windows\system32\pdfcmnnt.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 57856 c:\windows\system32\oobe\spprgrss.dll
- 2009-07-13 23:57 . 2009-07-14 01:39 71168 c:\windows\system32\oobe\msoobe.exe
+ 2011-06-20 23:44 . 2010-11-20 13:24 71168 c:\windows\system32\oobe\msoobe.exe
+ 2011-06-20 23:44 . 2010-11-20 13:27 53248 c:\windows\system32\odbcconf.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 53248 c:\windows\system32\odbcconf.dll
+ 2011-08-19 17:49 . 2011-07-16 05:39 16384 c:\windows\system32\ntvdm64.dll
- 2009-07-13 23:26 . 2009-07-14 01:41 16384 c:\windows\system32\ntvdm64.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 15360 c:\windows\system32\nrpsrv.dll
+ 2011-06-20 23:44 . 2010-11-20 13:13 69120 c:\windows\system32\nlsbres.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 70656 c:\windows\system32\nlaapi.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 29184 c:\windows\system32\netutils.dll
+ 2011-06-20 23:46 . 2010-11-05 01:57 48976 c:\windows\system32\netfxperf.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 72704 c:\windows\system32\netapi32.dll
- 2009-07-13 23:53 . 2009-07-14 01:41 72704 c:\windows\system32\netapi32.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 66048 c:\windows\system32\ncryptui.dll
- 2009-07-13 23:49 . 2009-07-14 01:41 66048 c:\windows\system32\ncryptui.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 90112 c:\windows\system32\nci.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 72192 c:\windows\system32\napdsnap.dll
- 2009-07-14 00:09 . 2009-07-14 01:51 50176 c:\windows\system32\NAPCRYPT.DLL
+ 2011-06-20 23:44 . 2010-11-20 13:44 50176 c:\windows\system32\NAPCRYPT.DLL
+ 2011-06-20 23:44 . 2010-11-20 13:25 51712 c:\windows\system32\MultiDigiMon.exe
- 2009-07-14 00:03 . 2009-07-14 01:39 51712 c:\windows\system32\MultiDigiMon.exe
+ 2011-06-20 23:44 . 2010-11-20 13:27 16896 c:\windows\system32\muifontsetup.dll
-
The whole log didn't post. Please post the other part. You should be able to find it in the C:\ComboFix folder.
-
OK, I'll try again:
ComboFix 12-01-30.02 - JIM 01/30/2012 12:01:31.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2690 [GMT -7:00]
Running from: c:\users\JIM\Desktop\PCHelpForum.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\program files (x86)\DailyBibleGuideEI
c:\program files (x86)\DictionaryBoss\bar
c:\program files (x86)\DictionaryBoss\bar\Settings\s_pid.dat
c:\program files (x86)\DictionaryBossEI
c:\windows\security\Database\tmp.edb
F:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 19:44 . 2012-01-30 19:44 0 ---ha-w- c:\users\JIM\AppData\Local\BIT7292.tmp
2012-01-30 19:16 . 2012-01-30 19:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C8B97EF-6072-4622-8018-0A71D348CBCA}\offreg.dll
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Terri\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-27 17:17 . 2012-01-27 17:17 -------- d-----w- c:\users\JIM\AppData\Roaming\SUPERAntiSpyware.com
2012-01-27 17:16 . 2012-01-27 17:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-25 19:56 . 2012-01-25 19:58 -------- d-----w- c:\users\JIM\AppData\Roaming\DriverCure
2012-01-25 19:55 . 2012-01-25 19:56 -------- d-----w- c:\programdata\DriverCure
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\programdata\ParetoLogic
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-01-25 19:19 . 2004-10-22 20:42 577536 ----a-w- c:\windows\SysWow64\ANIWZCS2.dll
2012-01-25 19:19 . 2004-10-22 20:42 131072 ----a-w- c:\windows\SysWow64\WlanApp.dll
2012-01-25 19:19 . 2004-10-22 20:42 1163337 ----a-w- c:\windows\SysWow64\odSupp_M.dll
2012-01-25 19:19 . 2004-10-22 20:42 57407 ----a-w- c:\windows\SysWow64\ANICtl.dll
2012-01-25 19:19 . 2004-10-22 20:42 49152 ----a-w- c:\windows\SysWow64\AQCKGen.dll
2012-01-25 19:19 . 2004-10-22 20:42 192512 ----a-w- c:\windows\SysWow64\aIPH.dll
2012-01-25 19:19 . 2012-01-25 19:19 -------- d-----w- c:\program files (x86)\ANI
2012-01-25 19:19 . 2004-07-27 18:20 36864 ----a-w- c:\windows\SysWow64\ANIOApi.dll
2012-01-25 19:19 . 2004-07-27 18:20 28205 ----a-w- c:\windows\SysWow64\ANIO.sys
2012-01-25 19:19 . 2004-07-27 18:20 16997 ----a-w- c:\windows\SysWow64\ANIO.VXD
2012-01-25 19:19 . 2004-07-27 18:20 11904 ----a-w- c:\windows\SysWow64\anio4.sys
2012-01-25 19:19 . 2012-01-25 19:19 -------- d-----w- c:\program files (x86)\D-Link
2012-01-24 23:44 . 2012-01-24 23:44 0 ---ha-w- c:\users\JIM\AppData\Local\BIT1ECD.tmp
2012-01-24 23:42 . 2012-01-24 23:42 0 ---ha-w- c:\users\JIM\AppData\Local\BIT606D.tmp
2012-01-24 23:26 . 2012-01-24 23:26 0 ---ha-w- c:\users\JIM\AppData\Local\BITCBF.tmp
2012-01-24 23:24 . 2012-01-24 23:24 0 ---ha-w- c:\users\JIM\AppData\Local\BIT474E.tmp
2012-01-24 22:57 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C8B97EF-6072-4622-8018-0A71D348CBCA}\mpengine.dll
2012-01-23 23:32 . 2012-01-24 23:37 -------- d-----w- c:\windows\system32\SPReview
2012-01-23 23:32 . 2012-01-23 23:32 -------- d-----w- c:\windows\system32\EventProviders
2012-01-23 23:30 . 2012-01-23 23:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-23 23:30 . 2012-01-23 23:30 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-23 23:30 . 2012-01-23 23:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-23 23:30 . 2012-01-23 23:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-17 16:35 . 2012-01-17 16:35 -------- d-----w- c:\users\JIM\AppData\Roaming\FCTB000060231
2012-01-11 15:09 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 15:09 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 15:09 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 15:09 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 15:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 15:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 15:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 15:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 18:49 . 2012-01-10 18:49 -------- d-----w- c:\program files (x86)\Dogpile Bundle Toolbar
2012-01-10 18:49 . 2012-01-10 18:49 -------- d-----w- c:\users\JIM\AppData\Local\The Weather Channel
2012-01-10 18:48 . 2012-01-27 17:51 -------- d-----w- c:\program files (x86)\EpicPlay
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 19:50 . 2012-01-30 19:50 0 ---ha-w- c:\users\JIM\AppData\Local\BITA6AD.tmp
2012-01-25 18:37 . 2011-02-18 23:38 639 ----a-w- c:\windows\uninstallstickies.bat
2012-01-23 23:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-23 23:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-03 20:16 . 2011-07-09 17:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-03-22 21:03 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-03-22 21:03 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-03-22 21:03 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-03-22 21:03 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-03-22 21:03 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-03-22 21:03 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-03-22 21:03 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-03-22 21:03 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-03-22 21:03 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 04:52 . 2011-12-14 21:27 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 21:29 . 2010-10-20 20:33 270720 ----a-w- c:\windows\system32\MpSigStub.exe
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp3A218.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp00318.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpE6E08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpCCE08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpA1F08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp24018.FOT
2011-11-05 05:41 . 2011-12-14 21:27 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 21:27 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 21:27 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 21:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 21:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 21:27 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-05_17.01.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 00:14 . 2009-07-14 01:16 51200 c:\windows\twain_32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 51200 c:\windows\twain_32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 27648 c:\windows\SysWOW64\wups.dll
- 2009-07-14 00:14 . 2009-07-14 01:16 87552 c:\windows\SysWOW64\wudriver.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 87552 c:\windows\SysWOW64\wudriver.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 33792 c:\windows\SysWOW64\wuapp.exe
- 2009-07-14 00:14 . 2009-07-14 01:14 33792 c:\windows\SysWOW64\wuapp.exe
+ 2011-06-20 23:44 . 2010-11-20 12:21 40448 c:\windows\SysWOW64\wtsapi32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 51712 c:\windows\SysWOW64\wsnmp32.dll
- 2009-07-13 23:55 . 2009-07-14 01:16 51712 c:\windows\SysWOW64\wsnmp32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 11264 c:\windows\SysWOW64\wshirda.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 36352 c:\windows\SysWOW64\wshbth.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 21504 c:\windows\SysWOW64\wsdchngr.dll
+ 2011-06-20 23:45 . 2010-11-20 12:21 51712 c:\windows\SysWOW64\wscapi.dll
- 2009-07-13 23:37 . 2009-07-14 01:16 47104 c:\windows\SysWOW64\wkscli.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 47104 c:\windows\SysWOW64\wkscli.dll
- 2009-07-13 23:27 . 2009-07-14 01:14 28672 c:\windows\SysWOW64\WerFaultSecure.exe
+ 2011-06-20 23:44 . 2010-11-20 12:17 28672 c:\windows\SysWOW64\WerFaultSecure.exe
+ 2011-06-20 23:44 . 2010-11-20 12:21 89600 c:\windows\SysWOW64\wbem\WmiApRpl.dll
- 2009-07-13 23:31 . 2009-07-14 01:16 89600 c:\windows\SysWOW64\wbem\WmiApRpl.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 66048 c:\windows\SysWOW64\w32tm.exe
+ 2011-06-20 23:44 . 2010-11-20 12:21 25600 c:\windows\SysWOW64\vpnikeapi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 56832 c:\windows\SysWOW64\vfwwdm32.dll
- 2009-07-14 00:03 . 2009-07-14 01:16 56832 c:\windows\SysWOW64\vfwwdm32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 31744 c:\windows\SysWOW64\utildll.dll
- 2009-07-14 00:02 . 2009-07-14 01:16 31744 c:\windows\SysWOW64\utildll.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 26624 c:\windows\SysWOW64\userinit.exe
+ 2011-06-20 23:45 . 2010-11-20 12:21 81920 c:\windows\SysWOW64\userenv.dll
- 2009-07-13 23:40 . 2009-07-14 01:16 78848 c:\windows\SysWOW64\UserAccountControlSettings.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 78848 c:\windows\SysWOW64\UserAccountControlSettings.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 34304 c:\windows\SysWOW64\unlodctr.exe
+ 2011-06-20 23:44 . 2010-11-20 12:21 59392 c:\windows\SysWOW64\unimdmat.dll
- 2009-07-13 23:55 . 2009-07-14 01:16 59392 c:\windows\SysWOW64\unimdmat.dll
- 2009-07-13 23:15 . 2009-07-14 01:14 47616 c:\windows\SysWOW64\tzutil.exe
+ 2011-06-20 23:44 . 2010-11-20 12:17 47616 c:\windows\SysWOW64\tzutil.exe
- 2009-07-13 23:34 . 2009-07-14 01:16 65024 c:\windows\SysWOW64\TSpkg.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 65024 c:\windows\SysWOW64\TSpkg.dll
- 2009-07-14 00:02 . 2009-07-14 01:16 36864 c:\windows\SysWOW64\tsgqec.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 36864 c:\windows\SysWOW64\tsgqec.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 12288 c:\windows\SysWOW64\tsbyuv.dll
- 2011-03-19 16:07 . 2009-12-19 09:02 12288 c:\windows\SysWOW64\tsbyuv.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 21504 c:\windows\SysWOW64\TRAPI.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 69632 c:\windows\SysWOW64\tlscsp.dll
- 2009-07-13 23:40 . 2009-07-14 01:16 82944 c:\windows\SysWOW64\thumbcache.dll
+ 2011-06-20 23:45 . 2010-11-20 12:21 82944 c:\windows\SysWOW64\thumbcache.dll
+ 2011-06-20 23:45 . 2009-07-14 01:16 61440 c:\windows\SysWOW64\tcpmonui.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 51200 c:\windows\SysWOW64\takeown.exe
+ 2011-06-20 23:44 . 2010-11-20 12:21 14848 c:\windows\SysWOW64\syssetup.dll
- 2011-03-19 16:07 . 2009-12-11 07:36 96768 c:\windows\SysWOW64\sspicli.dll
+ 2011-06-20 23:44 . 2010-11-20 12:08 96768 c:\windows\SysWOW64\sspicli.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 90112 c:\windows\SysWOW64\srvcli.dll
- 2009-07-13 23:37 . 2009-07-14 01:16 90112 c:\windows\SysWOW64\srvcli.dll
- 2009-07-13 23:17 . 2009-07-14 01:16 19968 c:\windows\SysWOW64\spopk.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 19968 c:\windows\SysWOW64\spopk.dll
- 2009-07-13 23:17 . 2009-07-14 01:16 61952 c:\windows\SysWOW64\spbcd.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 61952 c:\windows\SysWOW64\spbcd.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 14336 c:\windows\SysWOW64\slwga.dll
- 2011-03-19 16:16 . 2010-12-21 05:38 14336 c:\windows\SysWOW64\slwga.dll
- 2009-07-13 23:14 . 2009-07-14 01:16 19456 c:\windows\SysWOW64\sisbkup.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 19456 c:\windows\SysWOW64\sisbkup.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 10752 c:\windows\SysWOW64\shunimpl.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 35840 c:\windows\SysWOW64\shimgvw.dll
- 2009-07-13 23:39 . 2009-07-14 01:16 35840 c:\windows\SysWOW64\shimgvw.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 20992 c:\windows\SysWOW64\shgina.dll
- 2009-07-13 23:40 . 2009-07-14 01:16 20992 c:\windows\SysWOW64\shgina.dll
+ 2011-08-19 17:49 . 2011-07-16 04:25 25600 c:\windows\SysWOW64\setup16.exe
- 2011-03-19 16:16 . 2009-12-22 08:23 25600 c:\windows\SysWOW64\setup16.exe
+ 2011-06-20 23:45 . 2010-11-20 12:20 67584 c:\windows\SysWOW64\Setup\pbkmigr.dll
- 2011-03-19 16:07 . 2009-12-11 07:39 22016 c:\windows\SysWOW64\secur32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 22016 c:\windows\SysWOW64\secur32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 85504 c:\windows\SysWOW64\secproc_ssp_isv.dll
- 2011-03-19 16:16 . 2010-01-18 23:29 85504 c:\windows\SysWOW64\secproc_ssp_isv.dll
- 2011-03-19 16:16 . 2010-01-18 23:29 85504 c:\windows\SysWOW64\secproc_ssp.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 85504 c:\windows\SysWOW64\secproc_ssp.dll
- 2011-06-29 16:04 . 2011-05-04 04:52 86528 c:\windows\SysWOW64\SearchFilterHost.exe
+ 2011-06-29 16:04 . 2011-05-04 04:28 86528 c:\windows\SysWOW64\SearchFilterHost.exe
- 2009-07-13 23:37 . 2009-07-14 01:16 17408 c:\windows\SysWOW64\schedcli.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 17408 c:\windows\SysWOW64\schedcli.dll
+ 2011-06-20 23:45 . 2010-11-20 12:21 51200 c:\windows\SysWOW64\samcli.dll
- 2009-07-13 23:41 . 2009-07-14 01:14 50688 c:\windows\SysWOW64\runonce.exe
+ 2011-06-20 23:44 . 2010-11-20 12:17 50688 c:\windows\SysWOW64\runonce.exe
+ 2011-06-20 23:44 . 2010-11-20 12:21 37376 c:\windows\SysWOW64\rtutils.dll
- 2011-03-19 16:08 . 2010-06-19 06:23 37376 c:\windows\SysWOW64\rtutils.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 46080 c:\windows\SysWOW64\RpcRtRemote.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 98816 c:\windows\SysWOW64\Robocopy.exe
- 2009-07-13 23:21 . 2009-07-14 01:16 71168 c:\windows\SysWOW64\resutils.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 71168 c:\windows\SysWOW64\resutils.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 37888 c:\windows\SysWOW64\relog.exe
- 2009-07-13 23:43 . 2009-07-14 01:14 83968 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2011-06-20 23:44 . 2010-11-20 12:17 83968 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2011-06-20 23:45 . 2010-11-20 12:21 72192 c:\windows\SysWOW64\regapi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 22016 c:\windows\SysWOW64\ReAgentc.exe
+ 2011-06-20 23:44 . 2010-11-20 12:21 21504 c:\windows\SysWOW64\rdprefdrvapi.dll
- 2009-07-14 00:01 . 2009-07-14 01:16 21504 c:\windows\SysWOW64\rdprefdrvapi.dll
- 2009-07-14 00:02 . 2009-07-14 01:16 52224 c:\windows\SysWOW64\rdpd3d.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 52224 c:\windows\SysWOW64\rdpd3d.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 69632 c:\windows\SysWOW64\rastapi.dll
- 2009-07-13 23:54 . 2009-07-14 01:16 69632 c:\windows\SysWOW64\rastapi.dll
- 2009-07-13 23:52 . 2009-07-14 01:16 80896 c:\windows\SysWOW64\QUTIL.DLL
+ 2011-06-20 23:44 . 2010-11-20 12:21 80896 c:\windows\SysWOW64\QUTIL.DLL
+ 2011-06-20 23:44 . 2010-11-20 12:20 99328 c:\windows\SysWOW64\QSVRMGMT.DLL
- 2009-07-13 23:52 . 2009-07-14 01:16 99328 c:\windows\SysWOW64\QSVRMGMT.DLL
+ 2011-06-20 23:44 . 2010-11-20 12:20 71680 c:\windows\SysWOW64\QCLIPROV.DLL
- 2009-07-13 23:52 . 2009-07-14 01:16 71680 c:\windows\SysWOW64\QCLIPROV.DLL
+ 2011-06-20 23:45 . 2010-11-20 12:17 28672 c:\windows\SysWOW64\proquota.exe
+ 2011-04-30 16:19 . 2011-02-18 05:39 31232 c:\windows\SysWOW64\prevhost.exe
- 2011-04-30 16:19 . 2011-02-18 05:33 31232 c:\windows\SysWOW64\prevhost.exe
- 2011-03-19 03:11 . 2009-11-25 19:47 99176 c:\windows\SysWOW64\PresentationHostProxy.dll
+ 2011-06-20 23:45 . 2010-11-05 01:53 99176 c:\windows\SysWOW64\PresentationHostProxy.dll
+ 2011-06-20 23:44 . 2010-11-20 12:05 35328 c:\windows\SysWOW64\pifmgr.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 17408 c:\windows\SysWOW64\perfts.dll
- 2009-07-14 00:02 . 2009-07-14 01:16 17408 c:\windows\SysWOW64\perfts.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 46592 c:\windows\SysWOW64\pdhui.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 77824 c:\windows\SysWOW64\olethk32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 90112 c:\windows\SysWOW64\olepro32.dll
- 2009-07-13 23:43 . 2009-07-14 01:16 90112 c:\windows\SysWOW64\olepro32.dll
+ 2011-08-19 17:49 . 2011-06-15 08:55 86016 c:\windows\SysWOW64\odbccu32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 86016 c:\windows\SysWOW64\odbccu32.dll
+ 2011-08-19 17:49 . 2011-06-15 08:55 81920 c:\windows\SysWOW64\odbccr32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 40960 c:\windows\SysWOW64\odbcconf.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 40960 c:\windows\SysWOW64\odbcconf.dll
+ 2011-08-19 17:49 . 2011-07-16 04:29 14336 c:\windows\SysWOW64\ntvdm64.dll
- 2011-03-19 16:16 . 2009-12-22 08:24 14336 c:\windows\SysWOW64\ntvdm64.dll
- 2009-07-13 23:31 . 2009-07-14 01:16 69120 c:\windows\SysWOW64\ntlanman.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 69120 c:\windows\SysWOW64\ntlanman.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 98304 c:\windows\SysWOW64\nslookup.exe
+ 2011-06-20 23:44 . 2010-11-20 12:06 69120 c:\windows\SysWOW64\nlsbres.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 52224 c:\windows\SysWOW64\nlaapi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 22528 c:\windows\SysWOW64\netutils.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 25600 c:\windows\SysWOW64\netiougc.exe
+ 2011-06-20 23:45 . 2010-11-05 01:58 49488 c:\windows\SysWOW64\netfxperf.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 24064 c:\windows\SysWOW64\netbtugc.exe
- 2009-07-13 23:53 . 2009-07-14 01:14 24064 c:\windows\SysWOW64\netbtugc.exe
- 2009-07-13 23:37 . 2009-07-14 01:16 56832 c:\windows\SysWOW64\netapi32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 56832 c:\windows\SysWOW64\netapi32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 60928 c:\windows\SysWOW64\ncryptui.dll
- 2009-07-13 23:32 . 2009-07-14 01:16 60928 c:\windows\SysWOW64\ncryptui.dll
+ 2011-06-20 23:45 . 2010-11-20 12:20 78848 c:\windows\SysWOW64\nci.dll
+ 2011-06-20 23:44 . 2010-11-20 12:20 68096 c:\windows\SysWOW64\napdsnap.dll
- 2009-07-13 23:53 . 2009-07-14 01:22 46080 c:\windows\SysWOW64\NAPCRYPT.DLL
+ 2011-06-20 23:44 . 2010-11-20 12:36 46080 c:\windows\SysWOW64\NAPCRYPT.DLL
+ 2011-06-20 23:44 . 2010-11-20 12:17 70656 c:\windows\SysWOW64\MuiUnattend.exe
- 2009-07-13 23:13 . 2009-07-14 01:14 70656 c:\windows\SysWOW64\MuiUnattend.exe
+ 2011-06-20 23:44 . 2010-11-20 12:19 13312 c:\windows\SysWOW64\muifontsetup.dll
- 2009-07-13 23:25 . 2009-07-14 01:15 13312 c:\windows\SysWOW64\muifontsetup.dll
+ 2011-06-20 23:44 . 2010-11-05 01:58 11600 c:\windows\SysWOW64\MUI\0409\mscorees.dll
- 2011-03-19 03:11 . 2009-11-25 19:47 11600 c:\windows\SysWOW64\MUI\0409\mscorees.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 22528 c:\windows\SysWOW64\msyuv.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 31744 c:\windows\SysWOW64\msvidc32.dll
- 2011-03-19 16:07 . 2009-12-19 09:02 31744 c:\windows\SysWOW64\msvidc32.dll
- 2011-06-29 16:04 . 2011-05-04 04:52 59392 c:\windows\SysWOW64\msscntrs.dll
+ 2011-06-29 16:04 . 2011-05-04 04:32 59392 c:\windows\SysWOW64\msscntrs.dll
- 2011-03-19 16:07 . 2009-12-19 09:02 13312 c:\windows\SysWOW64\msrle32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 13312 c:\windows\SysWOW64\msrle32.dll
+ 2011-10-25 18:39 . 1998-07-06 07:00 23552 c:\windows\SysWOW64\MSMPIDE.DLL
+ 2011-06-20 23:44 . 2010-11-20 12:17 73216 c:\windows\SysWOW64\msiexec.exe
- 2009-07-13 23:31 . 2009-07-14 01:14 73216 c:\windows\SysWOW64\msiexec.exe
- 2011-06-16 18:30 . 2011-04-22 19:31 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-12-14 21:27 . 2011-11-05 04:31 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2011-06-16 18:30 . 2011-04-22 19:30 12800 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-06-20 23:44 . 2010-11-20 12:19 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2011-06-16 18:30 . 2011-04-22 19:31 64512 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 30720 c:\windows\SysWOW64\msdmo.dll
+ 2011-06-20 23:44 . 2010-11-05 01:58 80720 c:\windows\SysWOW64\mscories.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 80720 c:\windows\SysWOW64\mscories.dll
+ 2011-06-20 23:45 . 2010-11-20 12:19 34304 c:\windows\SysWOW64\msasn1.dll
+ 2011-06-20 23:45 . 2010-11-20 12:19 42496 c:\windows\SysWOW64\mimefilt.dll
- 2009-07-13 23:42 . 2009-07-14 01:16 90112 c:\windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-shmig\shmig.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 90112 c:\windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-shmig\shmig.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 90112 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-shmig-DL\shmig.dll
- 2009-07-13 23:42 . 2009-07-14 01:16 90112 c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-shmig-DL\shmig.dll
+ 2011-06-20 23:45 . 2010-11-20 12:21 67584 c:\windows\SysWOW64\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasApi-MigPlugin\pbkmigr-Mig.dll
+ 2011-12-14 21:27 . 2011-11-05 04:35 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-06-16 18:30 . 2011-04-22 19:31 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-06-20 23:44 . 2010-11-20 12:21 90112 c:\windows\SysWOW64\migration\shmig.dll
- 2009-07-13 23:41 . 2009-07-14 01:16 90112 c:\windows\SysWOW64\migration\shmig.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 36352 c:\windows\SysWOW64\mciqtz32.dll
- 2009-07-14 00:03 . 2009-07-14 01:15 36352 c:\windows\SysWOW64\mciqtz32.dll
- 2011-03-19 16:07 . 2009-12-19 09:02 84480 c:\windows\SysWOW64\mciavi32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 84480 c:\windows\SysWOW64\mciavi32.dll
- 2009-07-14 00:12 . 2009-07-14 01:15 76800 c:\windows\SysWOW64\mapistub.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 76800 c:\windows\SysWOW64\mapistub.dll
- 2009-07-14 00:12 . 2009-07-14 01:15 76800 c:\windows\SysWOW64\mapi32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 76800 c:\windows\SysWOW64\mapi32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 41984 c:\windows\SysWOW64\luainstall.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 21504 c:\windows\SysWOW64\lsmproxy.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 82944 c:\windows\SysWOW64\logman.exe
+ 2011-06-20 23:44 . 2010-11-20 12:17 95232 c:\windows\SysWOW64\logagent.exe
- 2009-07-14 00:08 . 2009-07-14 01:14 95232 c:\windows\SysWOW64\logagent.exe
- 2011-06-16 18:30 . 2011-04-22 19:31 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 44544 c:\windows\SysWOW64\licmgr10.dll
- 2011-06-16 18:30 . 2011-04-22 19:31 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2011-12-14 21:27 . 2011-11-05 04:30 48128 c:\windows\SysWOW64\jsproxy.dll
- 2011-03-19 16:07 . 2009-12-19 09:02 50176 c:\windows\SysWOW64\iyuv_32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 50176 c:\windows\SysWOW64\iyuv_32.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 86528 c:\windows\SysWOW64\isoburn.exe
- 2009-07-13 23:40 . 2009-07-14 01:14 86528 c:\windows\SysWOW64\isoburn.exe
- 2009-07-13 23:46 . 2009-07-14 01:15 28672 c:\windows\SysWOW64\iscsium.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 28672 c:\windows\SysWOW64\iscsium.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 96256 c:\windows\SysWOW64\inseng.dll
- 2009-07-13 23:42 . 2009-07-14 01:15 96256 c:\windows\SysWOW64\inseng.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 52736 c:\windows\SysWOW64\inetmib1.dll
- 2009-07-13 23:42 . 2009-07-14 01:15 34304 c:\windows\SysWOW64\imgutil.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 34304 c:\windows\SysWOW64\imgutil.dll
- 2009-07-13 23:26 . 2009-07-14 01:14 90112 c:\windows\SysWOW64\IME\IMESC5\IMSCPROP.exe
+ 2011-06-20 23:44 . 2010-11-20 12:17 90112 c:\windows\SysWOW64\IME\IMESC5\IMSCPROP.exe
+ 2011-06-20 23:44 . 2010-11-20 12:19 82944 c:\windows\SysWOW64\iccvid.dll
- 2011-03-19 16:08 . 2010-07-29 06:30 82944 c:\windows\SysWOW64\iccvid.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 78848 c:\windows\SysWOW64\iasacct.dll
- 2009-07-13 23:12 . 2009-07-14 01:15 34816 c:\windows\SysWOW64\httpapi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 34816 c:\windows\SysWOW64\httpapi.dll
+ 2011-06-20 23:45 . 2010-11-20 12:19 66560 c:\windows\SysWOW64\hbaapi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 42496 c:\windows\SysWOW64\ftp.exe
- 2009-07-13 23:55 . 2009-07-14 01:14 42496 c:\windows\SysWOW64\ftp.exe
- 2011-04-30 16:19 . 2011-03-11 05:37 74240 c:\windows\SysWOW64\fsutil.exe
+ 2011-04-30 16:19 . 2011-03-11 05:31 74240 c:\windows\SysWOW64\fsutil.exe
+ 2011-06-20 23:44 . 2010-11-20 12:19 98304 c:\windows\SysWOW64\fphc.dll
+ 2011-03-19 16:07 . 2010-09-30 06:47 70656 c:\windows\SysWOW64\fontsub.dll
- 2011-03-19 16:07 . 2009-10-19 14:10 70656 c:\windows\SysWOW64\fontsub.dll
- 2009-07-13 23:25 . 2009-07-14 01:15 93696 c:\windows\SysWOW64\fms.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 93696 c:\windows\SysWOW64\fms.dll
+ 2011-06-20 23:44 . 2010-11-20 12:17 62976 c:\windows\SysWOW64\findstr.exe
+ 2011-06-20 23:44 . 2010-11-20 12:19 59904 c:\windows\SysWOW64\fdeploy.dll
- 2009-07-14 05:35 . 2009-07-14 02:11 69632 c:\windows\SysWOW64\en\AuthFWWizFwk.Resources.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 69632 c:\windows\SysWOW64\en\AuthFWWizFwk.Resources.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 22528 c:\windows\SysWOW64\elsTrans.dll
- 2009-07-13 23:56 . 2009-07-14 01:15 94208 c:\windows\SysWOW64\eappgnui.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 94208 c:\windows\SysWOW64\eappgnui.dll
+ 2003-04-02 04:30 . 2003-04-02 04:30 11088 c:\windows\SysWOW64\DWLNdi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 30208 c:\windows\SysWOW64\dsauth.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 82432 c:\windows\SysWOW64\dot3cfg.dll
+ 2011-06-20 23:45 . 2010-11-20 12:18 91136 c:\windows\SysWOW64\dot3api.dll
+ 2011-04-30 16:21 . 2011-03-03 05:36 28672 c:\windows\SysWOW64\dnscacheugc.exe
- 2011-04-30 16:21 . 2011-03-03 05:27 28672 c:\windows\SysWOW64\dnscacheugc.exe
+ 2011-06-20 23:44 . 2010-11-20 12:19 89600 c:\windows\SysWOW64\Dism\LogProvider.dll
- 2009-07-13 23:18 . 2009-07-14 01:15 89600 c:\windows\SysWOW64\Dism\LogProvider.dll
+ 2011-06-20 23:44 . 2010-11-20 12:19 49152 c:\windows\SysWOW64\Dism\FolderProvider.dll
- 2009-07-13 23:18 . 2009-07-14 01:15 49152 c:\windows\SysWOW64\Dism\FolderProvider.dll
- 2009-07-13 23:18 . 2009-07-14 01:14 82944 c:\windows\SysWOW64\Dism\DismHost.exe
+ 2011-06-20 23:44 . 2010-11-20 12:17 82944 c:\windows\SysWOW64\Dism\DismHost.exe
+ 2011-06-20 23:44 . 2010-11-20 12:18 50688 c:\windows\SysWOW64\Dism\DismCorePS.dll
- 2011-06-29 16:05 . 2011-05-24 10:34 44544 c:\windows\SysWOW64\devrtl.dll
+ 2011-06-29 16:05 . 2011-05-24 10:40 44544 c:\windows\SysWOW64\devrtl.dll
- 2011-06-29 16:05 . 2011-05-24 10:34 64512 c:\windows\SysWOW64\devobj.dll
+ 2011-06-29 16:05 . 2011-05-24 10:40 64512 c:\windows\SysWOW64\devobj.dll
+ 2011-06-20 23:45 . 2010-11-20 12:18 80384 c:\windows\SysWOW64\davclnt.dll
- 2011-03-19 16:16 . 2010-12-21 05:34 80384 c:\windows\SysWOW64\davclnt.dll
- 2009-07-13 23:14 . 2009-07-14 01:15 23040 c:\windows\SysWOW64\cscdll.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 23040 c:\windows\SysWOW64\cscdll.dll
- 2009-07-13 23:14 . 2009-07-14 01:15 34816 c:\windows\SysWOW64\cscapi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 34816 c:\windows\SysWOW64\cscapi.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 17408 c:\windows\SysWOW64\credssp.dll
- 2009-07-14 04:54 . 2011-07-05 17:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-30 19:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-30 19:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-05 17:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-30 19:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-05 17:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-20 23:44 . 2010-11-20 12:17 84992 c:\windows\SysWOW64\cmstp.exe
- 2009-07-13 23:54 . 2009-07-14 01:14 84992 c:\windows\SysWOW64\cmstp.exe
+ 2011-06-20 23:44 . 2010-11-20 12:18 65024 c:\windows\SysWOW64\CertPolEng.dll
- 2009-07-13 23:36 . 2009-07-14 01:15 65024 c:\windows\SysWOW64\CertPolEng.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 66560 c:\windows\SysWOW64\cca.dll
- 2009-07-14 00:05 . 2009-07-14 01:15 66560 c:\windows\SysWOW64\cca.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 73216 c:\windows\SysWOW64\cabinet.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 11264 c:\windows\SysWOW64\C_ISCII.DLL
+ 2011-06-20 23:44 . 2010-11-20 12:18 10752 c:\windows\SysWOW64\browseui.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 41984 c:\windows\SysWOW64\browcli.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 19456 c:\windows\SysWOW64\bitsperf.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 28160 c:\windows\SysWOW64\AzSqlExt.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 91648 c:\windows\SysWOW64\avifil32.dll
- 2011-03-19 16:07 . 2009-12-19 09:02 91648 c:\windows\SysWOW64\avifil32.dll
+ 2011-04-30 16:21 . 2011-02-19 06:30 34304 c:\windows\SysWOW64\atmlib.dll
- 2011-04-30 16:21 . 2011-02-19 05:32 34304 c:\windows\SysWOW64\atmlib.dll
- 2011-03-19 16:15 . 2010-03-05 07:42 67584 c:\windows\SysWOW64\asycfilt.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 67584 c:\windows\SysWOW64\asycfilt.dll
- 2009-07-14 00:03 . 2009-07-14 01:14 70656 c:\windows\SysWOW64\amstream.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 70656 c:\windows\SysWOW64\amstream.dll
+ 2011-06-20 23:44 . 2010-11-20 12:18 45568 c:\windows\SysWOW64\acppage.dll
- 2009-07-13 23:26 . 2009-07-14 01:14 45568 c:\windows\SysWOW64\acppage.dll
- 2009-07-14 00:12 . 2009-07-14 01:41 48640 c:\windows\system32\wwanprotdim.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 48640 c:\windows\system32\wwanprotdim.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 37376 c:\windows\system32\wups2.dll
- 2009-07-14 00:34 . 2009-07-14 01:41 37376 c:\windows\system32\wups2.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 33280 c:\windows\system32\wups.dll
- 2009-07-14 00:34 . 2009-07-14 01:41 98304 c:\windows\system32\wudriver.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 98304 c:\windows\system32\wudriver.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 78848 c:\windows\system32\WUDFSvc.dll
- 2009-07-14 00:06 . 2009-07-14 01:41 44544 c:\windows\system32\WUDFCoinstaller.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 44544 c:\windows\system32\WUDFCoinstaller.dll
- 2009-07-14 00:34 . 2009-07-14 01:39 51200 c:\windows\system32\wuauclt.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 51200 c:\windows\system32\wuauclt.exe
- 2009-07-14 00:34 . 2009-07-14 01:39 36864 c:\windows\system32\wuapp.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 36864 c:\windows\system32\wuapp.exe
- 2009-07-14 00:10 . 2009-07-14 01:41 67072 c:\windows\system32\wsnmp32.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 67072 c:\windows\system32\wsnmp32.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 13824 c:\windows\system32\wshirda.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 47104 c:\windows\system32\wshbth.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 26112 c:\windows\system32\wsdchngr.dll
- 2011-03-19 16:16 . 2010-12-21 06:16 97280 c:\windows\system32\wscsvc.dll
+ 2009-07-13 23:48 . 2009-07-14 01:41 97280 c:\windows\system32\wscsvc.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 63488 c:\windows\system32\wscapi.dll
- 2009-07-13 23:26 . 2009-07-14 01:41 13312 c:\windows\system32\wow64cpu.dll
+ 2011-08-19 17:49 . 2011-07-16 05:41 13312 c:\windows\system32\wow64cpu.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 71680 c:\windows\system32\wkscli.dll
- 2009-07-13 23:53 . 2009-07-14 01:41 71680 c:\windows\system32\wkscli.dll
- 2009-07-13 23:40 . 2009-07-14 01:39 26112 c:\windows\system32\WerFaultSecure.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 26112 c:\windows\system32\WerFaultSecure.exe
+ 2011-06-20 23:44 . 2010-11-20 13:27 36352 c:\windows\system32\wdiasqmmodule.dll
+ 2011-03-19 16:13 . 2012-01-24 23:58 40500 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-27 20:36 45380 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-19 15:57 . 2012-01-27 20:36 11988 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3909975552-3371312792-2741729148-1000_UserData.bin
+ 2011-06-20 23:44 . 2010-11-20 13:27 61952 c:\windows\system32\WavDest.dll
- 2009-07-14 00:25 . 2009-07-14 01:41 61952 c:\windows\system32\WavDest.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 61952 c:\windows\system32\vss_ps.dll
- 2009-07-13 23:36 . 2009-07-14 01:41 61952 c:\windows\system32\vss_ps.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 38912 c:\windows\system32\vpnikeapi.dll
- 2009-07-14 00:18 . 2009-07-14 01:41 68096 c:\windows\system32\vfwwdm32.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 68096 c:\windows\system32\vfwwdm32.dll
+ 2011-06-20 23:44 . 2010-11-20 13:25 30720 c:\windows\system32\userinit.exe
+ 2011-06-20 23:44 . 2010-11-20 13:27 84480 c:\windows\system32\UserAccountControlSettings.dll
- 2009-07-14 00:10 . 2009-07-14 01:41 73216 c:\windows\system32\unimdmat.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 73216 c:\windows\system32\unimdmat.dll
- 2009-07-13 23:35 . 2009-07-14 01:41 59904 c:\windows\system32\umb.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 59904 c:\windows\system32\umb.dll
+ 2011-06-20 23:44 . 2010-11-20 13:25 58368 c:\windows\system32\tzutil.exe
+ 2011-06-20 23:46 . 2010-11-20 13:27 12288 c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 40960 c:\windows\system32\TsUsbGDCoInstaller.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 86016 c:\windows\system32\TSpkg.dll
- 2009-07-13 23:50 . 2009-07-14 01:41 86016 c:\windows\system32\TSpkg.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 44032 c:\windows\system32\tsgqec.dll
- 2009-07-14 00:17 . 2009-07-14 01:41 44032 c:\windows\system32\tsgqec.dll
- 2011-03-19 16:07 . 2009-12-19 09:50 14848 c:\windows\system32\tsbyuv.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 14848 c:\windows\system32\tsbyuv.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 21504 c:\windows\system32\TRAPI.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 73728 c:\windows\system32\tlscsp.dll
- 2009-07-14 00:16 . 2009-07-14 01:41 73728 c:\windows\system32\tlscsp.dll
+ 2011-06-20 23:45 . 2010-11-20 13:25 69120 c:\windows\system32\taskhost.exe
- 2009-07-13 23:31 . 2009-07-14 01:39 69120 c:\windows\system32\taskhost.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 63488 c:\windows\system32\takeown.exe
+ 2011-06-20 23:45 . 2010-11-20 13:27 92672 c:\windows\system32\TabSvc.dll
- 2009-07-14 00:03 . 2009-07-14 01:39 78848 c:\windows\system32\tabcal.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 78848 c:\windows\system32\tabcal.exe
+ 2011-06-20 23:44 . 2010-11-20 13:27 17408 c:\windows\system32\syssetup.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 29184 c:\windows\system32\sspisrv.dll
- 2009-07-13 23:53 . 2009-07-14 01:41 13312 c:\windows\system32\sscore.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 13312 c:\windows\system32\sscore.dll
- 2009-07-13 23:29 . 2009-07-14 01:41 18944 c:\windows\system32\spopk.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 18944 c:\windows\system32\spopk.dll
- 2009-07-14 00:39 . 2009-07-14 01:41 39424 c:\windows\system32\spool\prtprocs\x64\winprint.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 39424 c:\windows\system32\spool\prtprocs\x64\winprint.dll
+ 2012-01-01 20:35 . 2009-05-07 11:16 93696 c:\windows\system32\spool\drivers\x64\3\hpfrs092.dll
- 2011-05-02 19:33 . 2009-05-07 11:16 93696 c:\windows\system32\spool\drivers\x64\3\hpfrs092.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 78848 c:\windows\system32\spbcd.dll
- 2009-07-13 23:29 . 2009-07-14 01:41 78848 c:\windows\system32\spbcd.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 15360 c:\windows\system32\slwga.dll
- 2011-03-19 16:16 . 2010-12-21 06:15 15360 c:\windows\system32\slwga.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 24064 c:\windows\system32\sisbkup.dll
- 2009-07-13 23:23 . 2009-07-14 01:41 24064 c:\windows\system32\sisbkup.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 11264 c:\windows\system32\shunimpl.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 37376 c:\windows\system32\shimgvw.dll
- 2009-07-13 23:55 . 2009-07-14 01:41 37376 c:\windows\system32\shimgvw.dll
- 2009-07-13 23:55 . 2009-07-14 01:41 28160 c:\windows\system32\shgina.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 28160 c:\windows\system32\shgina.dll
+ 2011-06-20 23:45 . 2010-11-20 13:25 88576 c:\windows\system32\setupcl.exe
+ 2011-06-20 23:45 . 2010-11-20 13:27 57856 c:\windows\system32\Setup\pbkmigr.dll
+ 2011-04-30 16:21 . 2010-11-20 13:27 63488 c:\windows\system32\setbcdlocale.dll
- 2009-07-13 23:50 . 2009-07-14 01:41 28160 c:\windows\system32\secur32.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 28160 c:\windows\system32\secur32.dll
- 2009-07-13 23:53 . 2009-07-14 01:41 30720 c:\windows\system32\seclogon.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 30720 c:\windows\system32\seclogon.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 24064 c:\windows\system32\schedcli.dll
- 2009-07-13 23:53 . 2009-07-14 01:41 24064 c:\windows\system32\schedcli.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 67584 c:\windows\system32\samcli.dll
- 2009-07-13 23:57 . 2009-07-14 01:39 56832 c:\windows\system32\runonce.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 56832 c:\windows\system32\runonce.exe
- 2011-03-19 16:08 . 2010-06-19 06:53 52224 c:\windows\system32\rtutils.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 52224 c:\windows\system32\rtutils.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 65536 c:\windows\system32\RpcRtRemote.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 10752 c:\windows\system32\riched32.dll
+ 2011-06-20 23:44 . 2010-11-20 13:25 51712 c:\windows\system32\repair-bde.exe
- 2009-07-13 23:22 . 2009-07-14 01:39 51712 c:\windows\system32\repair-bde.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 43008 c:\windows\system32\relog.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 98816 c:\windows\system32\RegisterIEPKEYs.exe
- 2009-07-13 23:58 . 2009-07-14 01:39 98816 c:\windows\system32\RegisterIEPKEYs.exe
+ 2011-06-20 23:45 . 2010-11-20 13:27 95232 c:\windows\system32\regapi.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 77312 c:\windows\system32\rdpwsx.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 23040 c:\windows\system32\rdprefdrvapi.dll
- 2009-07-14 00:16 . 2009-07-14 01:41 23040 c:\windows\system32\rdprefdrvapi.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 68096 c:\windows\system32\rdpd3d.dll
- 2009-07-14 00:17 . 2009-07-14 01:41 68096 c:\windows\system32\rdpd3d.dll
- 2009-07-14 00:17 . 2009-07-14 01:41 10240 c:\windows\system32\rdpcfgex.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 10240 c:\windows\system32\rdpcfgex.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 79872 c:\windows\system32\QCLIPROV.DLL
- 2009-07-14 00:07 . 2009-07-14 01:41 79872 c:\windows\system32\QCLIPROV.DLL
+ 2011-06-20 23:44 . 2010-11-20 13:25 31744 c:\windows\system32\proquota.exe
+ 2011-06-20 23:44 . 2010-11-20 13:27 33792 c:\windows\system32\profprov.dll
- 2009-07-14 00:39 . 2009-07-14 01:41 48128 c:\windows\system32\PrintIsolationProxy.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 48128 c:\windows\system32\PrintIsolationProxy.dll
- 2011-04-30 16:19 . 2011-02-18 06:33 31232 c:\windows\system32\prevhost.exe
+ 2011-04-30 16:19 . 2011-02-18 10:51 31232 c:\windows\system32\prevhost.exe
+ 2011-06-20 23:44 . 2010-11-20 13:25 62976 c:\windows\system32\PnPUnattend.exe
+ 2011-06-20 23:44 . 2010-11-20 13:12 35328 c:\windows\system32\pifmgr.dll
+ 2011-10-25 18:39 . 2005-03-12 07:07 87040 c:\windows\system32\pdfcmnnt.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 57856 c:\windows\system32\oobe\spprgrss.dll
- 2009-07-13 23:57 . 2009-07-14 01:39 71168 c:\windows\system32\oobe\msoobe.exe
+ 2011-06-20 23:44 . 2010-11-20 13:24 71168 c:\windows\system32\oobe\msoobe.exe
+ 2011-06-20 23:44 . 2010-11-20 13:27 53248 c:\windows\system32\odbcconf.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 53248 c:\windows\system32\odbcconf.dll
+ 2011-08-19 17:49 . 2011-07-16 05:39 16384 c:\windows\system32\ntvdm64.dll
- 2009-07-13 23:26 . 2009-07-14 01:41 16384 c:\windows\system32\ntvdm64.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 15360 c:\windows\system32\nrpsrv.dll
+ 2011-06-20 23:44 . 2010-11-20 13:13 69120 c:\windows\system32\nlsbres.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 70656 c:\windows\system32\nlaapi.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 29184 c:\windows\system32\netutils.dll
+ 2011-06-20 23:46 . 2010-11-05 01:57 48976 c:\windows\system32\netfxperf.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 72704 c:\windows\system32\netapi32.dll
- 2009-07-13 23:53 . 2009-07-14 01:41 72704 c:\windows\system32\netapi32.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 66048 c:\windows\system32\ncryptui.dll
- 2009-07-13 23:49 . 2009-07-14 01:41 66048 c:\windows\system32\ncryptui.dll
+ 2011-06-20 23:45 . 2010-11-20 13:27 90112 c:\windows\system32\nci.dll
+ 2011-06-20 23:44 . 2010-11-20 13:27 72192 c:\windows\system32\napdsnap.dll
- 2009-07-14 00:09 . 2009-07-14 01:51 50176 c:\windows\system32\NAPCRYPT.DLL
+ 2011-06-20 23:44 . 2010-11-20 13:44 50176 c:\windows\system32\NAPCRYPT.DLL
+ 2011-06-20 23:44 . 2010-11-20 13:25 51712 c:\windows\system32\MultiDigiMon.exe
- 2009-07-14 00:03 . 2009-07-14 01:39 51712 c:\windows\system32\MultiDigiMon.exe
+ 2011-06-20 23:44 . 2010-11-20 13:27 16896 c:\windows\system32\muifontsetup.dll
+ 2011-06-20 23:44 . 2010-11-05 01:57 11600  
-
Evidently it is too big. I'm going to break it up into smaller pieces.
-
It looks like I will have ot post about 10% of the total each time. I can do that but ist will take some time. Unless you have a better method. What say you??
-
Remove the Snapshot part. I don't need to see it.
-
Thanks SuperDave: OKAY here goes. I think it's all on there this time..
ComboFix 12-01-30.02 - JIM 01/30/2012 12:01:31.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2690 [GMT -7:00]
Running from: c:\users\JIM\Desktop\PCHelpForum.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\program files (x86)\DailyBibleGuideEI
c:\program files (x86)\DictionaryBoss\bar
c:\program files (x86)\DictionaryBoss\bar\Settings\s_pid.dat
c:\program files (x86)\DictionaryBossEI
c:\windows\security\Database\tmp.edb
F:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 19:44 . 2012-01-30 19:44 0 ---ha-w- c:\users\JIM\AppData\Local\BIT7292.tmp
2012-01-30 19:16 . 2012-01-30 19:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C8B97EF-6072-4622-8018-0A71D348CBCA}\offreg.dll
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Terri\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-27 17:17 . 2012-01-27 17:17 -------- d-----w- c:\users\JIM\AppData\Roaming\SUPERAntiSpyware.com
2012-01-27 17:16 . 2012-01-27 17:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-25 19:56 . 2012-01-25 19:58 -------- d-----w- c:\users\JIM\AppData\Roaming\DriverCure
2012-01-25 19:55 . 2012-01-25 19:56 -------- d-----w- c:\programdata\DriverCure
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\programdata\ParetoLogic
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-01-25 19:19 . 2004-10-22 20:42 577536 ----a-w- c:\windows\SysWow64\ANIWZCS2.dll
2012-01-25 19:19 . 2004-10-22 20:42 131072 ----a-w- c:\windows\SysWow64\WlanApp.dll
2012-01-25 19:19 . 2004-10-22 20:42 1163337 ----a-w- c:\windows\SysWow64\odSupp_M.dll
2012-01-25 19:19 . 2004-10-22 20:42 57407 ----a-w- c:\windows\SysWow64\ANICtl.dll
2012-01-25 19:19 . 2004-10-22 20:42 49152 ----a-w- c:\windows\SysWow64\AQCKGen.dll
2012-01-25 19:19 . 2004-10-22 20:42 192512 ----a-w- c:\windows\SysWow64\aIPH.dll
2012-01-25 19:19 . 2012-01-25 19:19 -------- d-----w- c:\program files (x86)\ANI
2012-01-25 19:19 . 2004-07-27 18:20 36864 ----a-w- c:\windows\SysWow64\ANIOApi.dll
2012-01-25 19:19 . 2004-07-27 18:20 28205 ----a-w- c:\windows\SysWow64\ANIO.sys
2012-01-25 19:19 . 2004-07-27 18:20 16997 ----a-w- c:\windows\SysWow64\ANIO.VXD
2012-01-25 19:19 . 2004-07-27 18:20 11904 ----a-w- c:\windows\SysWow64\anio4.sys
2012-01-25 19:19 . 2012-01-25 19:19 -------- d-----w- c:\program files (x86)\D-Link
2012-01-24 23:44 . 2012-01-24 23:44 0 ---ha-w- c:\users\JIM\AppData\Local\BIT1ECD.tmp
2012-01-24 23:42 . 2012-01-24 23:42 0 ---ha-w- c:\users\JIM\AppData\Local\BIT606D.tmp
2012-01-24 23:26 . 2012-01-24 23:26 0 ---ha-w- c:\users\JIM\AppData\Local\BITCBF.tmp
2012-01-24 23:24 . 2012-01-24 23:24 0 ---ha-w- c:\users\JIM\AppData\Local\BIT474E.tmp
2012-01-24 22:57 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C8B97EF-6072-4622-8018-0A71D348CBCA}\mpengine.dll
2012-01-23 23:32 . 2012-01-24 23:37 -------- d-----w- c:\windows\system32\SPReview
2012-01-23 23:32 . 2012-01-23 23:32 -------- d-----w- c:\windows\system32\EventProviders
2012-01-23 23:30 . 2012-01-23 23:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-23 23:30 . 2012-01-23 23:30 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-23 23:30 . 2012-01-23 23:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-23 23:30 . 2012-01-23 23:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-17 16:35 . 2012-01-17 16:35 -------- d-----w- c:\users\JIM\AppData\Roaming\FCTB000060231
2012-01-11 15:09 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 15:09 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 15:09 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 15:09 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 15:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 15:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 15:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 15:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 18:49 . 2012-01-10 18:49 -------- d-----w- c:\program files (x86)\Dogpile Bundle Toolbar
2012-01-10 18:49 . 2012-01-10 18:49 -------- d-----w- c:\users\JIM\AppData\Local\The Weather Channel
2012-01-10 18:48 . 2012-01-27 17:51 -------- d-----w- c:\program files (x86)\EpicPlay
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 19:50 . 2012-01-30 19:50 0 ---ha-w- c:\users\JIM\AppData\Local\BITA6AD.tmp
2012-01-25 18:37 . 2011-02-18 23:38 639 ----a-w- c:\windows\uninstallstickies.bat
2012-01-23 23:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-23 23:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-03 20:16 . 2011-07-09 17:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-03-22 21:03 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-03-22 21:03 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-03-22 21:03 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-03-22 21:03 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-03-22 21:03 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-03-22 21:03 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-03-22 21:03 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-03-22 21:03 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-03-22 21:03 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 04:52 . 2011-12-14 21:27 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 21:29 . 2010-10-20 20:33 270720 ----a-w- c:\windows\system32\MpSigStub.exe
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp3A218.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp00318.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpE6E08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpCCE08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpA1F08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp24018.FOT
2011-11-05 05:41 . 2011-12-14 21:27 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 21:27 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 21:27 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 21:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 21:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 21:27 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-05_17.01.08 ))))))))))))))))))))
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Helper.dll" [2012-01-10 361984]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2012-01-10 18:49 1612800 ----a-w- c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
2010-10-18 19:26 3908192 ----a-w- c:\program files (x86)\NCH\tbNCH.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files (x86)\NCH\tbNCH.dll" [2010-10-18 3908192]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll" [2012-01-10 1612800]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverCure"="c:\program files (x86)\ParetoLogic\DriverCure\DriverCure.exe" [2009-08-07 3993368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Share-to-Web Namespace Daemon"="c:\program files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-10-22 45056]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\users\JIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2011-2-18 1101824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6D4.tmp
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - AVGIDSDriver
*Deregistered* - AVGIDSEH
*Deregistered* - AVGIDSFilter
*Deregistered* - Avgrkx64
*Deregistered* - Avgtdia
*Deregistered* - pctESPInject
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\DriverCure.job
- c:\program files (x86)\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]
.
2012-01-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000Core.job
- c:\users\JIM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-09 16:33]
.
2012-01-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000UA.job
- c:\users\JIM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-09 16:33]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 16:45]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 16:45]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000Core.job
- c:\users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 15:07]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000UA.job
- c:\users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 15:07]
.
2012-01-30 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-01-30 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/MAIL
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{B9B97401-98E1-4942-930D-C36652DAB7F2} - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)
AddRemove-EpicPlay - c:\program files (x86)\EpicPlay\epicRemoval.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6D4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\PC Tools Firewall Plus\FWService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-01-30 12:59:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-30 19:59
ComboFix2.txt 2011-07-05 17:05
.
Pre-Run: 209,405,624,320 bytes free
Post-Run: 209,444,007,936 bytes free
.
- - End Of File - - 9A372D23AE8E57D88EF51D64F0FC4557
ComboFix 12-01-30.02 - JIM 01/30/2012 12:01:31.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2690 [GMT -7:00]
Running from: c:\users\JIM\Desktop\PCHelpForum.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\program files (x86)\DailyBibleGuideEI
c:\program files (x86)\DictionaryBoss\bar
c:\program files (x86)\DictionaryBoss\bar\Settings\s_pid.dat
c:\program files (x86)\DictionaryBossEI
c:\windows\security\Database\tmp.edb
F:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 19:44 . 2012-01-30 19:44 0 ---ha-w- c:\users\JIM\AppData\Local\BIT7292.tmp
2012-01-30 19:16 . 2012-01-30 19:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C8B97EF-6072-4622-8018-0A71D348CBCA}\offreg.dll
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Terri\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-27 17:17 . 2012-01-27 17:17 -------- d-----w- c:\users\JIM\AppData\Roaming\SUPERAntiSpyware.com
2012-01-27 17:16 . 2012-01-27 17:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-25 19:56 . 2012-01-25 19:58 -------- d-----w- c:\users\JIM\AppData\Roaming\DriverCure
2012-01-25 19:55 . 2012-01-25 19:56 -------- d-----w- c:\programdata\DriverCure
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\programdata\ParetoLogic
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-01-25 19:19 . 2004-10-22 20:42 577536 ----a-w- c:\windows\SysWow64\ANIWZCS2.dll
2012-01-25 19:19 . 2004-10-22 20:42 131072 ----a-w- c:\windows\SysWow64\WlanApp.dll
2012-01-25 19:19 . 2004-10-22 20:42 1163337 ----a-w- c:\windows\SysWow64\odSupp_M.dll
2012-01-25 19:19 . 2004-10-22 20:42 57407 ----a-w- c:\windows\SysWow64\ANICtl.dll
2012-01-25 19:19 . 2004-10-22 20:42 49152 ----a-w- c:\windows\SysWow64\AQCKGen.dll
2012-01-25 19:19 . 2004-10-22 20:42 192512 ----a-w- c:\windows\SysWow64\aIPH.dll
2012-01-25 19:19 . 2012-01-25 19:19 -------- d-----w- c:\program files (x86)\ANI
2012-01-25 19:19 . 2004-07-27 18:20 36864 ----a-w- c:\windows\SysWow64\ANIOApi.dll
2012-01-25 19:19 . 2004-07-27 18:20 28205 ----a-w- c:\windows\SysWow64\ANIO.sys
2012-01-25 19:19 . 2004-07-27 18:20 16997 ----a-w- c:\windows\SysWow64\ANIO.VXD
2012-01-25 19:19 . 2004-07-27 18:20 11904 ----a-w- c:\windows\SysWow64\anio4.sys
2012-01-25 19:19 . 2012-01-25 19:19 -------- d-----w- c:\program files (x86)\D-Link
2012-01-24 23:44 . 2012-01-24 23:44 0 ---ha-w- c:\users\JIM\AppData\Local\BIT1ECD.tmp
2012-01-24 23:42 . 2012-01-24 23:42 0 ---ha-w- c:\users\JIM\AppData\Local\BIT606D.tmp
2012-01-24 23:26 . 2012-01-24 23:26 0 ---ha-w- c:\users\JIM\AppData\Local\BITCBF.tmp
2012-01-24 23:24 . 2012-01-24 23:24 0 ---ha-w- c:\users\JIM\AppData\Local\BIT474E.tmp
2012-01-24 22:57 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C8B97EF-6072-4622-8018-0A71D348CBCA}\mpengine.dll
2012-01-23 23:32 . 2012-01-24 23:37 -------- d-----w- c:\windows\system32\SPReview
2012-01-23 23:32 . 2012-01-23 23:32 -------- d-----w- c:\windows\system32\EventProviders
2012-01-23 23:30 . 2012-01-23 23:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-23 23:30 . 2012-01-23 23:30 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-23 23:30 . 2012-01-23 23:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-23 23:30 . 2012-01-23 23:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-17 16:35 . 2012-01-17 16:35 -------- d-----w- c:\users\JIM\AppData\Roaming\FCTB000060231
2012-01-11 15:09 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 15:09 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 15:09 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 15:09 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 15:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 15:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 15:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 15:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 18:49 . 2012-01-10 18:49 -------- d-----w- c:\program files (x86)\Dogpile Bundle Toolbar
2012-01-10 18:49 . 2012-01-10 18:49 -------- d-----w- c:\users\JIM\AppData\Local\The Weather Channel
2012-01-10 18:48 . 2012-01-27 17:51 -------- d-----w- c:\program files (x86)\EpicPlay
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 19:50 . 2012-01-30 19:50 0 ---ha-w- c:\users\JIM\AppData\Local\BITA6AD.tmp
2012-01-25 18:37 . 2011-02-18 23:38 639 ----a-w- c:\windows\uninstallstickies.bat
2012-01-23 23:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-23 23:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-03 20:16 . 2011-07-09 17:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-03-22 21:03 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-03-22 21:03 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-03-22 21:03 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-03-22 21:03 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-03-22 21:03 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-03-22 21:03 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-03-22 21:03 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-03-22 21:03 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-03-22 21:03 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 04:52 . 2011-12-14 21:27 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 21:29 . 2010-10-20 20:33 270720 ----a-w- c:\windows\system32\MpSigStub.exe
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp3A218.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp00318.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpE6E08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpCCE08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpA1F08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp24018.FOT
2011-11-05 05:41 . 2011-12-14 21:27 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 21:27 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 21:27 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 21:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 21:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 21:27 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-05_17.01.08 ))))))))))))))))))))
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Helper.dll" [2012-01-10 361984]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2012-01-10 18:49 1612800 ----a-w- c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
2010-10-18 19:26 3908192 ----a-w- c:\program files (x86)\NCH\tbNCH.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files (x86)\NCH\tbNCH.dll" [2010-10-18 3908192]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll" [2012-01-10 1612800]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverCure"="c:\program files (x86)\ParetoLogic\DriverCure\DriverCure.exe" [2009-08-07 3993368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Share-to-Web Namespace Daemon"="c:\program files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-10-22 45056]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\users\JIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2011-2-18 1101824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6D4.tmp
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - AVGIDSDriver
*Deregistered* - AVGIDSEH
*Deregistered* - AVGIDSFilter
*Deregistered* - Avgrkx64
*Deregistered* - Avgtdia
*Deregistered* - pctESPInject
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\DriverCure.job
- c:\program files (x86)\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]
.
2012-01-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000Core.job
- c:\users\JIM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-09 16:33]
.
2012-01-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000UA.job
- c:\users\JIM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-09 16:33]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 16:45]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 16:45]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000Core.job
- c:\users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 15:07]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000UA.job
- c:\users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 15:07]
.
2012-01-30 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-01-30 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/MAIL
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{B9B97401-98E1-4942-930D-C36652DAB7F2} - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)
AddRemove-EpicPlay - c:\program files (x86)\EpicPlay\epicRemoval.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6D4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\PC Tools Firewall Plus\FWService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-01-30 12:59:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-30 19:59
ComboFix2.txt 2011-07-05 17:05
.
Pre-Run: 209,405,624,320 bytes free
Post-Run: 209,444,007,936 bytes free
.
- - End Of File - - 9A372D23AE8E57D88EF51D64F0FC4557
-
AVENGER
- Download The Avenger by Swandog46 from here (http://swandog46.geekstogo.com/avenger2/download.php).
- Unzip/extract it to a folder on your desktop.
- Double click on avenger.exe to run The Avenger.
- Click OK.
- Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
- Click the Execute button.
- You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
- Click Yes.
- You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
- Click Yes.
- Your PC will now be rebooted.
- After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
- Please post this log in your next reply.
-
SuperDave: When I try to run "avenger" I fet the message:
"Illegal operation attempted on a registry key that has been marked for deletion"
This same thing happens if I try to open a file or game.
-
Ok. Please try this:
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
-
SuperDave: Sorry, when I tried to run ROOTER.exe from the flash drive, I got the same message:
"Illegal operation attempted on a registry key that has been marked for deletion". I moved it into my "downloads" file. Same results.
-
However, I if I try to play music with .wav, .wma,.or .mp3 formats out of my hard drive, the music comes through OK. My sound board works. I can transfer files around etc. I just can't seem to open any apps withsout getting that message.
-
when I tried to run ROOTER.exe from the flash drive
Don't try to run it from the flash drive. Transfer the program to your desktop and run it from there.
Now download and Run exeHelper
•Please download exeHelper (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.
•Double-click on exeHelper.com to run the fix.
•A black window should pop up, press any key to close once the fix is completed.
•Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
.
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file)
-
SuperDave: It's no use. I can't run either "ROOTER.exe" or "exeHelper.com". I just keep getting this message;
"Illegal operation attempted on a registry key that has been marked for deletion".
-
Save these instructions so you can have access to them while in Safe Mode.
Please click here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to download AVP Tool by Kaspersky.
- Save it to your desktop.
- Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
- Double click the setup file to run it.
- Click Next to continue.
- Accept the License agreement and click on next.
- It will, by default, install it to your desktop folder. Click Next.
- It will then open a box There will be a tab that says Automatic scan.
- Under Automatic scan make sure these are checked.
- Hidden Startup Objects
- System Memory
- Disk Boot Sectors.
- My Computer.
- Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
-
The program looked a lot different than what you described but I did the scan, took an hour and 20 mins. Found some Trojans. I think this is the report that you wanted.... The other one was enormous and was listed chronologically.
Status: Disinfected (events: 5)
2/3/2012 1:56:42 PM Disinfected Trojan program Trojan.Win32.VB.anbr D:\JIM-PC\Backup Set 2008-09-26 080602\Backup Files 2008-09-26 080602\Backup files 4.zip/I\downloads PC fix\aboutbuster.zip/AboutBuster.exe High
2/3/2012 1:56:54 PM Disinfected Trojan program Trojan.Win32.VB.anbr D:\JIM-PC\Backup Set 2008-09-26 080602\Backup Files 2008-09-26 080602\Backup files 4.zip/I\downloads PC fix\aboutbuster.zip High
2/3/2012 1:56:54 PM Disinfected Trojan program Trojan.Win32.VB.anbr D:\JIM-PC\Backup Set 2008-09-26 080602\Backup Files 2008-09-26 080602\Backup files 4.zip High
2/3/2012 1:57:58 PM Disinfected Trojan program Trojan.Win32.VB.anbr E:\downloads PC fix\aboutbuster.zip/AboutBuster.exe High
2/3/2012 1:57:58 PM Disinfected Trojan program Trojan.Win32.VB.anbr E:\downloads PC fix\aboutbuster.zip High
Status: Deleted (events: 4)
2/3/2012 2:11:45 PM Deleted Trojan program Trojan-Clicker.Win32.Agent.wdi E:\trans prog files\PestPatrol\Quarantine\1309 High
2/3/2012 2:11:46 PM Deleted Trojan program Trojan-Clicker.Win32.Agent.wdh E:\trans prog files\PestPatrol\Quarantine\2128 High
2/3/2012 2:11:48 PM Deleted Trojan program Trojan-Clicker.Win32.Agent.wdg E:\trans prog files\PestPatrol\Quarantine\2730 High
2/3/2012 2:11:52 PM Deleted Trojan program Trojan-Clicker.Win32.Agent.wdk E:\trans prog files\PestPatrol\Quarantine\3424 High
-
The program looked a lot different than what you described but I did the scan,
Sorry, I'll have to update my speech.
Are you still having problems connecting to the internet?
Do you still receive that message after you re-start your computer?
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.
There are 7 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
* Rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
* Rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
* Rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
* WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
* uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
* iExplore.exe (http://download.bleepingcomputer.com/grinler/iExplore.exe)
* eXplorer.exe (http://download.bleepingcomputer.com/grinler/eXplorer.exe)
Once you've gotten one of them to run then try to immediately run the following.
-
SuperDave: ... Now the machine is operating much like it did in the beginning.
YES I still have problems connecting to the internet
NO I do not get the same message. Now i get a different one . . ."the procedure entry point . . . "apsGetready" . . could not be located in the data link library "wlanapi.dll""
This occurs only at startup. All of my other programs seem to run OKAY... It's only when I open a browser, ie Exprorer, Firefox, or Chrome that it tries but cannot connect. It will try for several minutes then (Firefox or chrome) will time out. ie Explorer seems to go on trying forever.
Should I still run Rkill ??
What should I try to immediately run ? ?
-
Should I still run Rkill ??
What should I try to immediately run ? ?
Please download Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe) and run it on the computer with the issue.
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
**************************************************
Let's run a few more scans to see what turns up.
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
First the rkill log
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 02/04/2012 at 13:25:55.
Operating System: Windows 7 Home Premium
Second The FSS logFarbar Service Scanner Version: 04-02-2012 01
Ran by JIM (administrator) on 04-02-2012 at 13:34:37
Running from "J:\"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Third MBR logaswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-04 13:29:44
-----------------------------
13:29:44.962 OS Version: Windows x64 6.1.7601 Service Pack 1
13:29:44.962 Number of processors: 4 586 0x503
13:29:44.962 ComputerName: ROSIE UserName: JIM
13:29:53.011 Initialize success
13:29:53.105 AVAST engine defs: 12020401
13:30:04.119 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:30:04.119 Disk 0 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610480MB BusType: 3
13:30:04.119 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-7
13:30:04.119 Disk 1 Vendor: DIAMOND__080G_2F5400 RAMB1TU0 Size: 78167MB BusType: 3
13:30:04.134 Disk 0 MBR read successfully
13:30:04.134 Disk 0 MBR scan
13:30:04.134 Disk 0 Windows 7 default MBR code
13:30:04.134 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:30:04.150 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 249900 MB offset 206848
13:30:04.165 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 360477 MB offset 512002048
13:30:04.165 Service scanning
13:30:05.601 Modules scanning
13:30:05.601 Disk 0 trace - called modules:
13:30:05.601 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:30:05.601 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a3c060]
13:30:05.616 3 CLASSPNP.SYS[fffff8800199643f] -> nt!IofCallDriver -> [0xfffffa8003957d50]
13:30:05.616 5 ACPI.sys[fffff88000ec27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004476060]
13:30:06.162 AVAST engine scan C:\Windows
13:30:08.034 AVAST engine scan C:\Windows\system32
13:31:12.930 AVAST engine scan C:\Windows\system32\drivers
13:31:18.297 AVAST engine scan C:\Users\JIM
13:32:25.018 AVAST engine scan C:\ProgramData
13:33:05.952 Scan finished successfully
13:33:50.787 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
13:33:50.818 The log file has been saved successfully to "J:\aswMBR.txt"
Processes terminated by Rkill or while it was running:
Rkill completed on 02/04/2012 at 13:26:21.
I hope that is what you want
-
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Everything looks good for the internet connection.
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe)
Link 2 (http://ad13.geekstogo.com/MBRCheck.exe)
Link 3 (http://www.kernelmode.info/MBRCheck.exe)
•Double-click on MBRCheck.exe to run it.
•It will open a black window...please do not fix anything (if it gives you an option).
•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.
-
SuperDave, thanks for the comeback. Don't give up on me yet please. I still can't access the internet with ie,, firefoox, or chrome....
OKAY, here goes:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MSI
System Product Name: MS-7599
Logical Drives Mask: 0x000003fc
Kernel Drivers (total 197):
0x02C4D000 \SystemRoot\system32\ntoskrnl.exe
0x02C04000 \SystemRoot\system32\hal.dll
0x00BC1000 \SystemRoot\system32\kdcom.dll
0x00C25000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C32000 \SystemRoot\system32\PSHED.dll
0x00C46000 \SystemRoot\system32\CLFS.SYS
0x00CA4000 \SystemRoot\system32\CI.dll
0x00EE8000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F8C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F9B000 \SystemRoot\system32\drivers\ACPI.sys
0x00FF2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E00000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E0A000 \SystemRoot\system32\drivers\pci.sys
0x00E3D000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E4A000 \SystemRoot\System32\drivers\partmgr.sys
0x00E5F000 \SystemRoot\system32\drivers\volmgr.sys
0x00E74000 \SystemRoot\System32\drivers\volmgrx.sys
0x00ED0000 \SystemRoot\system32\drivers\pciide.sys
0x00ED7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00D64000 \SystemRoot\System32\drivers\mountmgr.sys
0x00D7E000 \SystemRoot\system32\drivers\atapi.sys
0x00D87000 \SystemRoot\system32\drivers\ataport.SYS
0x00DB1000 \SystemRoot\system32\drivers\amdxata.sys
0x010AA000 \SystemRoot\system32\drivers\fltmgr.sys
0x010F6000 \SystemRoot\system32\drivers\fileinfo.sys
0x01241000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0110A000 \SystemRoot\System32\Drivers\msrpc.sys
0x013E4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01168000 \SystemRoot\System32\Drivers\cng.sys
0x01200000 \SystemRoot\System32\drivers\pcw.sys
0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014E5000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0166B000 \SystemRoot\System32\drivers\tcpip.sys
0x0186F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x018B9000 \SystemRoot\system32\drivers\volsnap.sys
0x01905000 \SystemRoot\System32\Drivers\spldr.sys
0x0190D000 \SystemRoot\System32\drivers\rdyboost.sys
0x01947000 \SystemRoot\System32\Drivers\mup.sys
0x01959000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01962000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0199C000 \SystemRoot\system32\DRIVERS\disk.sys
0x019B2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0161C000 \SystemRoot\system32\drivers\cdrom.sys
0x01000000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x01646000 \SystemRoot\System32\Drivers\Null.SYS
0x0164F000 \SystemRoot\System32\Drivers\Beep.SYS
0x01656000 \SystemRoot\System32\drivers\vga.sys
0x0148B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x014B0000 \SystemRoot\System32\drivers\watchdog.sys
0x014C0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x014C9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x014D2000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015D8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015E3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0121B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01096000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x011DA000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x04099000 \??\C:\Windows\System32\drivers\pctgntdi64.sys
0x040EF000 \Device\Harddisk0\Partition2\Windows\system32\drivers\PctWfpFilter64.sys
0x04114000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04159000 \SystemRoot\system32\drivers\afd.sys
0x041E2000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x041EF000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x04000000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04009000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0402F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0403E000 \SystemRoot\system32\DRIVERS\serial.sys
0x0405B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04076000 \SystemRoot\system32\drivers\termdd.sys
0x0408A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x015F4000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03ED2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03F23000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03F2F000 \SystemRoot\system32\drivers\mssmbios.sys
0x03F3A000 \SystemRoot\System32\drivers\discache.sys
0x03F49000 \SystemRoot\System32\Drivers\dfsc.sys
0x03F67000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03F78000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03FC9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03E00000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x04829000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0427A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0436E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x043B4000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x043C9000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04256000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x043D4000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04267000 \SystemRoot\system32\DRIVERS\serenum.sys
0x05331000 \SystemRoot\system32\drivers\i8042prt.sys
0x0534F000 \SystemRoot\system32\drivers\kbdclass.sys
0x0535E000 \SystemRoot\system32\drivers\mouclass.sys
0x0536D000 \SystemRoot\system32\drivers\wmiacpi.sys
0x05376000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04273000 \SystemRoot\system32\drivers\ksthunk.sys
0x05386000 \SystemRoot\system32\drivers\ks.sys
0x053C9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x053DF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03E15000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E44000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03E5F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03E80000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03E9A000 \SystemRoot\system32\DRIVERS\pctNdis64.sys
0x053EB000 \SystemRoot\system32\drivers\swenum.sys
0x053ED000 \SystemRoot\system32\drivers\umbus.sys
0x058AF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05909000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06026000 \SystemRoot\system32\drivers\viahduaa.sys
0x0591E000 \SystemRoot\system32\drivers\portcls.sys
0x061DD000 \SystemRoot\system32\drivers\drmk.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x06000000 \SystemRoot\System32\drivers\Dxapi.sys
0x0600C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0601A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0595B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05964000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05992000 \SystemRoot\system32\drivers\USBD.SYS
0x05994000 \SystemRoot\system32\DRIVERS\monitor.sys
0x059A2000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x00690000 \SystemRoot\System32\cdd.dll
0x059B3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x059D0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x059DC000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x05800000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x05828000 \SystemRoot\system32\drivers\Dot4Prt.sys
0x05832000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05860000 \SystemRoot\system32\drivers\luafv.sys
0x00DBC000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x05883000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x0588C000 \SystemRoot\system32\drivers\WudfPf.sys
0x03EB0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x019E2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07455000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0748B000 \SystemRoot\system32\drivers\HTTP.sys
0x07554000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07572000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0758A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x075B7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07C5E000 \SystemRoot\system32\drivers\peauth.sys
0x07D04000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07D0F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07D40000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07D52000 \??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys
0x07D72000 \??\C:\Windows\System32\drivers\pctplfw64.sys
0x08252000 \SystemRoot\System32\DRIVERS\srv2.sys
0x082BB000 \SystemRoot\System32\DRIVERS\srv.sys
0x08353000 \??\C:\Program Files (x86)\Common Files\PC Tools\KDS\pctESPInject.sys
0x08390000 \??\C:\Windows\system32\drivers\mbam.sys
0x0AD46000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0AD81000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x0AD9C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0ADCD000 \SystemRoot\system32\DRIVERS\serscan.sys
0x77380000 \Windows\System32\ntdll.dll
0x47DE0000 \Windows\System32\smss.exe
0xFF6A0000 \Windows\System32\apisetschema.dll
0xFFF30000 \Windows\System32\autochk.exe
0xFF630000 \Windows\System32\Wldap32.dll
0xFF610000 \Windows\System32\imagehlp.dll
0xFF600000 \Windows\System32\nsi.dll
0xFF4D0000 \Windows\System32\wininet.dll
0x77550000 \Windows\System32\normaliz.dll
0xFF350000 \Windows\System32\urlmon.dll
0xFF170000 \Windows\System32\setupapi.dll
0xFF090000 \Windows\System32\advapi32.dll
0xFEFC0000 \Windows\System32\usp10.dll
0xFEF40000 \Windows\System32\difxapi.dll
0xFEE60000 \Windows\System32\oleaut32.dll
0xFEE50000 \Windows\System32\lpk.dll
0xFEDE0000 \Windows\System32\gdi32.dll
0xFED60000 \Windows\System32\shlwapi.dll
0xFEC30000 \Windows\System32\rpcrt4.dll
0xFEB90000 \Windows\System32\clbcatq.dll
0xFEAF0000 \Windows\System32\msvcrt.dll
0xFDD60000 \Windows\System32\shell32.dll
0x77260000 \Windows\System32\kernel32.dll
0xFDC50000 \Windows\System32\msctf.dll
0xFDC20000 \Windows\System32\imm32.dll
0xFDC00000 \Windows\System32\sechost.dll
0xFD9A0000 \Windows\System32\iertutil.dll
0xFD790000 \Windows\System32\ole32.dll
0x77160000 \Windows\System32\user32.dll
0xFD6F0000 \Windows\System32\comdlg32.dll
0xFD6A0000 \Windows\System32\ws2_32.dll
0x77540000 \Windows\System32\psapi.dll
0xFD530000 \Windows\System32\crypt32.dll
0xFD4C0000 \Windows\System32\KernelBase.dll
0xFD4A0000 \Windows\System32\devobj.dll
0xFD460000 \Windows\System32\wintrust.dll
0xFD3C0000 \Windows\System32\comctl32.dll
0xFD380000 \Windows\System32\cfgmgr32.dll
0xFD370000 \Windows\System32\msasn1.dll
0x77530000 \Windows\SysWOW64\normaliz.dll
Processes (total 75):
0 System Idle Process
4 System
332 C:\Windows\System32\smss.exe
432 C:\Windows\System32\csrss.exe
492 C:\Windows\System32\wininit.exe
512 C:\Windows\System32\csrss.exe
548 C:\Windows\System32\services.exe
564 C:\Windows\System32\lsass.exe
572 C:\Windows\System32\lsm.exe
640 C:\Windows\System32\winlogon.exe
724 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
568 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1168 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1600 C:\Windows\System32\spoolsv.exe
1636 C:\Windows\System32\svchost.exe
1796 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1840 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1868 C:\Windows\SysWOW64\svchost.exe
1896 C:\Windows\System32\svchost.exe
1936 C:\Windows\SysWOW64\svchost.exe
1964 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1040 C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
1756 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
2124 C:\Windows\System32\svchost.exe
2184 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2248 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2916 C:\Windows\System32\taskhost.exe
2996 C:\Windows\System32\dwm.exe
3020 C:\Windows\explorer.exe
3136 C:\Windows\System32\svchost.exe
3196 C:\Windows\System32\SearchIndexer.exe
3364 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3524 C:\Program Files (x86)\Stickies\stickies.exe
3952 C:\Windows\System32\svchost.exe
4016 C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
4044 C:\Program Files\AVAST Software\Avast\AvastUI.exe
4076 C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
4092 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3104 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3192 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3880 C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
4200 C:\Program Files\Windows Media Player\wmpnetwk.exe
4548 C:\Windows\System32\svchost.exe
4184 C:\Windows\System32\dllhost.exe
5068 C:\Windows\System32\taskeng.exe
4068 C:\Users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe
4072 C:\Users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe
3804 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
1516 C:\Windows\System32\svchost.exe
3564 C:\Windows\System32\taskeng.exe
4140 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
852 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2420 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
4616 C:\Users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe
3764 C:\Program Files\Windows Defender\MpCmdRun.exe
1656 C:\Program Files\Windows Defender\MpCmdRun.exe
5728 C:\Windows\System32\conhost.exe
3228 C:\Windows\servicing\TrustedInstaller.exe
4880 C:\Windows\System32\audiodg.exe
4436 C:\Windows\System32\WUDFHost.exe
5332 C:\Windows\System32\wuauclt.exe
2956 C:\Windows\System32\SearchProtocolHost.exe
1808 C:\Windows\System32\SearchFilterHost.exe
2612 C:\Windows\System32\SearchProtocolHost.exe
5940 C:\Windows\System32\wbem\WMIADAP.exe
5216 C:\Windows\System32\wbem\WmiPrvSE.exe
3456 J:\MBRCheck.exe
4936 C:\Windows\System32\conhost.exe
848 C:\Windows\System32\dllhost.exe
4428 C:\Program Files\Windows Defender\MpCmdRun.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003d`09100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x0000000f`de900000 (NTFS)
PhysicalDrive0 Model Number: WDCWD6401AALS-00L3B2, Rev: 01.03B01
PhysicalDrive1 Model Number: DIAMOND080G2F5400, Rev: RAMB1TU0
Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB7 9
76 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: BB91F7E34FF3754A41F2830964B0DA1B003BCA7 3
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
-
Please download Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe) and run it on the computer with the issue.
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
-
OKAY HERE IT IS
Farbar Service Scanner Version: 05-02-2012
Ran by JIM (administrator) on 06-02-2012 at 14:00:23
Running from "J:\"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
-
Can you access the internet in Safe Mode with NetWorking?
Please download SystemLook from one of the links below and save it to your desktop.
Link # 1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Link # 2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
Double-click SystemLook.exe to run it.
Copy the contents of the following codebox into the main textfield.
:filefind
wlanapi.dll
Click the Look button to start the scan.
Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).
When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
-
SuperDave: Something new has happened. This AM when I turned on the machine it refused to operate any programs. It would open files but that is all. NO documents, spreadsheets, music etc.... So, indesperation, I ran system restore using a restore point that I had tried to use before without success. Viola, the machine seems to be working alright. Almost.. I can now access the internet but I get unfamiliar error messages once in a while... I had to uninstall Malwarebytes, Paratologic Driver Cure, and Superantispyware at the suggestion of the system restore program.
I will insert the SystemLock.txt log next posting.
-
SystemLook.txt log
SystemLook 30.07.11 by jpshortstuff
Log created at 11:48 on 07/02/2012 by JIM
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== filefind ==========
Searching for "wlanapi.dll"
C:\Windows\System32\wlanapi.dll --a---- 81408 bytes [23:51 13/07/2009] [01:16 14/07/2009] B010CF886420EE29C2C276646721D255
C:\Windows\SysWOW64\wlanapi.dll --a---- 81408 bytes [23:51 13/07/2009] [01:16 14/07/2009] B010CF886420EE29C2C276646721D255
C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.1.7600.16385_none_f83933fa1e9727df\wlanapi.dll --a---- 114176 bytes [00:07 14/07/2009] [01:41 14/07/2009] 357BE883C5236BFC7341CB9E82308908
C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.1.7601.17514_none_fa6a47c21b85ab79\wlanapi.dll --a---- 114176 bytes [00:07 14/07/2009] [01:41 14/07/2009] 357BE883C5236BFC7341CB9E82308908
C:\Windows\winsxs\wow64_microsoft-windows-wlansvc_31bf3856ad364e35_6.1.7600.16385_none_028dde4c52f7e9da\wlanapi.dll --a---- 81408 bytes [23:51 13/07/2009] [01:16 14/07/2009] B010CF886420EE29C2C276646721D255
C:\Windows\winsxs\wow64_microsoft-windows-wlansvc_31bf3856ad364e35_6.1.7601.17514_none_04bef2144fe66d74\wlanapi.dll --a---- 81408 bytes [23:51 13/07/2009] [01:16 14/07/2009] B010CF886420EE29C2C276646721D255
-= EOF =-
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
ESTscan log
C:\Program Files (x86)\EpicPlay\epicPlayGames.dll a variant of Win32/Adware.Gamevance.BI application cleaned by deleting (after the next restart) - quarantined
C:\Users\JIM\AppData\Local\Temp\NODC07B.tmp a variant of Win32/Adware.Gamevance.BI application cleaned by deleting (after the next restart) - quarantined
C:\Users\JIM\Downloads\freeripmp3-setup.exe multiple threats deleted - quarantined
================================================================================
On line scanner log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
-
Ok. Try that for a few days and report any unusual occurences.
-
OK, thank you a bunch. Everything seems to be working alright.. I'll get back to you if anything unusual shows up. Thanks again. You guys do a great job and I, for one, appreciate it.
-
OK here it is several hours later. All day I have been getting messages encouraging me down download some windows updates. I kept stalling the procedure by clicking on "Postpone". Finally at about noon (Arizona USA time) I left the machine on and went to lunch. A couple of hours later I came back and found the machine in exactly the same condition that it was when we started this project. I could not access Yahoo, Google, or facebook with any of my browsers EXCEPT facebook on chrome. I switched to a different user logon and when I tried to bring up Internet Explorer, I got Bing.
I immediatley went to sysem restore and resostored it to point that I created yesterday when the machine seemed to be working. In retrospect, this machine started acting up when I responded to a promo to update with SP1. After the computer had supposedly udated itself it started acting up.
It seems to be working now but not as fast as before, especially with certain web sites. ie Google, yahoo etc. I am going to shut it down now for the day. Hope this is informative, JIM
-
Ok. Please try this: Go directly to MS to check for your updates.
Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
-
This AM my computer is telling me that it wants to do some more updating. This is what was going on the last two times it fouled up. Meanwhile I went to check my updates and found two failed updates occurring about the time I started having trouble.
1)
Windows Internet Explorer 9 for Windows 7 for x64-based Systems
Installation date: 1/23/2012 5:42 PM
Installation status: Failed
Error details: Code C355
Update type: Important
Windows Internet Explorer 9 delivers web sites and applications that look and perform like native PC applications through the power of Windows.
Fast: Internet Explorer 9 is all-around fast. Designed to take full advantage of your PC’s hardware through Windows, Internet Explorer 9 delivers graphically rich and immersive experiences that are as fast and responsive as native applications installed on your PC.
Clean: Internet Explorer puts the focus on the Web sites you love with a clean look and increased viewing area that makes your Web sites shine. Intuitive and seamless integration with Windows 7 provides one-click access to Web applications pinned directly to your Taskbar.
Trusted: Internet Explorer is the trusted way to the Web because it has a robust set of built-in security, privacy and reliability technologies that keep you safer and your browsing experience uninterrupted.
Interoperable: Support for HTML5 and modern Web standards architected to take advantage of the GPU means that the same mark-up not only works across the Web, but runs faster and delivers a richer experience through Windows and Internet Explorer 9.
More information:
http://go.microsoft.com/fwlink/?LinkId=71727
Help and Support:
http://go.microsoft.com/fwlink/?LinkId=71719
and 2)
Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2572077)
Installation date: 1/24/2012 5:34 PM
Installation status: Failed
Error details: Code 8024200D
Update type: Important
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.
More information:
http://go.microsoft.com/fwlink/?LinkID=225499
Help and Support:
http://support.microsoft.com
QUESTION: How do I stop the persistant requests to update Windows ? ?
Ok. Please try this: Go directly to MS to check for your updates.
Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
Do you want me to post all of the update info back to Jan 23 ? ?
-
Do you want me to post all of the update info back to Jan 23 ? ?
No, not necessary. I suspect that your computer has become infected again. Please update and run SAS and MBAM again and post the logs.
-
OKAY here are the logs:
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.01.13.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
JIM :: ROSIE [administrator]
Protection: Disabled
2/15/2012 12:46:34 PM
mbam-log-2012-02-15 (12-46-34).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 447092
Time elapsed: 42 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
============================================================
2012/02/15 11:06:44 -0700 ROSIE JIM MESSAGE Starting protection
2012/02/15 11:06:46 -0700 ROSIE JIM MESSAGE Protection started successfully
2012/02/15 11:06:49 -0700 ROSIE JIM MESSAGE Starting IP protection
2012/02/15 11:06:52 -0700 ROSIE JIM MESSAGE IP Protection started successfully
2012/02/15 11:11:56 -0700 ROSIE JIM MESSAGE Executing scheduled update: Daily
2012/02/15 11:24:03 -0700 ROSIE JIM ERROR Scheduled update failed: Timeout failed with error code 0
2012/02/15 12:40:16 -0700 ROSIE JIM MESSAGE Stopping IP protection
2012/02/15 12:41:48 -0700 ROSIE JIM MESSAGE IP Protection stopped
2012/02/15 14:38:54 -0700 ROSIE JIM MESSAGE Starting protection
2012/02/15 14:38:56 -0700 ROSIE JIM MESSAGE Protection started successfully
2012/02/15 14:38:59 -0700 ROSIE JIM MESSAGE Starting IP protection
2012/02/15 14:39:02 -0700 ROSIE JIM MESSAGE IP Protection started successfully
2012/02/15 14:48:20 -0700 ROSIE JIM MESSAGE Executing scheduled update: Daily
2012/02/15 15:00:27 -0700 ROSIE JIM ERROR Scheduled update failed: Timeout failed with error code 0
==================================================
UPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/15/2012 at 02:02 PM
Application Version : 4.46.1000
Core Rules Database Version : 5907
Trace Rules Database Version: 3719
Scan type : Quick Scan
Total Scan Time : 00:19:03
Memory items scanned : 596
Memory threats detected : 0
Registry items scanned : 2818
Registry threats detected : 1
File items scanned : 23278
File threats detected : 30
Malware.Trace
(x86) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon#Taskman
Trojan.Dropper/SVCHost-Fake
C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\CHAMELEON\SVCHOST.EXE
Adware.Tracking Cookie
.bizrate.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bizrate.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bizrate.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bizrate.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.backingtracksonline.co.uk [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.backingtracksonline.co.uk [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.backingtracksonline.co.uk [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\JIM\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
-
Ok. Let's try ComboFix again. Delete the version you have on your desktop and download a new version.Instructions in Reply #20
-
Thanks SuperDave: OK, Here is the ComboFix log MIS the snapshot data.
ComboFix 12-02-17.02 - JIM 02/17/2012 9:26.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2568 [GMT -7:00]
Running from: J:\PCHelpForum.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-17 16:35 . 2012-02-17 16:35 -------- d-----w- c:\users\vue 3\AppData\Local\temp
2012-02-17 16:35 . 2012-02-17 16:35 -------- d-----w- c:\users\Terri\AppData\Local\temp
2012-02-17 16:35 . 2012-02-17 16:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-17 16:35 . 2012-02-17 16:35 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-17 16:35 . 2012-02-17 16:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-17 16:24 . 2012-01-17 11:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CA369CB-150D-494C-BC67-D65B62A2B1EF}\mpengine.dll
2012-02-15 20:31 . 2012-02-15 20:31 -------- d-----w- c:\users\JIM\AppData\Roaming\SUPERAntiSpyware.com
2012-02-15 20:31 . 2012-02-15 20:31 -------- d-----w- c:\programdata\!SASCORE
2012-02-15 20:31 . 2012-02-16 19:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-10 01:12 . 2012-02-10 01:12 -------- d-----w- c:\users\Terri\AppData\Roaming\Share-to-Web Upload Folder
2012-02-03 19:50 . 2012-02-03 19:50 -------- d-----w- c:\programdata\Kaspersky Lab
2012-01-25 19:56 . 2012-01-25 19:58 -------- d-----w- c:\users\JIM\AppData\Roaming\DriverCure
2012-01-25 19:55 . 2012-02-16 19:13 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2012-01-25 19:55 . 2012-02-06 15:29 -------- d-----w- c:\programdata\DriverCure
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\programdata\ParetoLogic
2012-01-25 19:55 . 2012-02-16 19:13 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-01-25 19:19 . 2004-10-22 20:42 577536 ----a-w- c:\windows\SysWow64\ANIWZCS2.dll
2012-01-25 19:19 . 2004-10-22 20:42 131072 ----a-w- c:\windows\SysWow64\WlanApp.dll
2012-01-25 19:19 . 2004-10-22 20:42 1163337 ----a-w- c:\windows\SysWow64\odSupp_M.dll
2012-01-25 19:19 . 2004-10-22 20:42 57407 ----a-w- c:\windows\SysWow64\ANICtl.dll
2012-01-25 19:19 . 2004-10-22 20:42 49152 ----a-w- c:\windows\SysWow64\AQCKGen.dll
2012-01-25 19:19 . 2004-10-22 20:42 192512 ----a-w- c:\windows\SysWow64\aIPH.dll
2012-01-25 19:19 . 2012-01-25 19:19 -------- d-----w- c:\program files (x86)\ANI
2012-01-25 19:19 . 2004-07-27 18:20 36864 ----a-w- c:\windows\SysWow64\ANIOApi.dll
2012-01-25 19:19 . 2004-07-27 18:20 28205 ----a-w- c:\windows\SysWow64\ANIO.sys
2012-01-25 19:19 . 2004-07-27 18:20 16997 ----a-w- c:\windows\SysWow64\ANIO.VXD
2012-01-25 19:19 . 2004-07-27 18:20 11904 ----a-w- c:\windows\SysWow64\anio4.sys
2012-01-25 19:19 . 2012-01-25 19:19 -------- d-----w- c:\program files (x86)\D-Link
2012-01-24 23:44 . 2012-01-24 23:44 0 ---ha-w- c:\users\JIM\AppData\Local\BIT1ECD.tmp
2012-01-24 23:42 . 2012-01-24 23:42 0 ---ha-w- c:\users\JIM\AppData\Local\BIT606D.tmp
2012-01-24 23:26 . 2012-01-24 23:26 0 ---ha-w- c:\users\JIM\AppData\Local\BITCBF.tmp
2012-01-24 23:24 . 2012-01-24 23:24 0 ---ha-w- c:\users\JIM\AppData\Local\BIT474E.tmp
2012-01-23 23:32 . 2012-01-24 23:37 -------- d-----w- c:\windows\system32\SPReview
2012-01-23 23:32 . 2012-01-23 23:32 -------- d-----w- c:\windows\system32\EventProviders
2012-01-23 23:30 . 2012-01-23 23:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-23 23:30 . 2012-01-23 23:30 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-23 23:30 . 2012-01-23 23:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-23 23:30 . 2012-01-23 23:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 12:10 . 2010-10-20 20:33 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 18:37 . 2011-02-18 23:38 639 ----a-w- c:\windows\uninstallstickies.bat
2012-01-23 23:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-23 23:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-03 20:16 . 2011-07-09 17:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-03-22 21:03 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-03-22 21:03 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-03-22 21:03 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-03-22 21:03 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-03-22 21:03 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-03-22 21:03 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-03-22 21:03 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-03-22 21:03 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-03-22 21:03 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 04:52 . 2011-12-14 21:27 3145216 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-05_17.01.08 )))))))))))))))))))))))))))))))))))))))))
DELETED
.
- Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Helper.dll" [2012-01-10 361984]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2012-01-10 18:49 1612800 ----a-w- c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
2010-10-18 19:26 3908192 ----a-w- c:\program files (x86)\NCH\tbNCH.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 23:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files (x86)\NCH\tbNCH.dll" [2010-10-18 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll" [2012-01-10 1612800]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverCure"="c:\program files (x86)\ParetoLogic\DriverCure\DriverCure.exe" [2009-08-07 3993368]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Share-to-Web Namespace Daemon"="c:\program files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-10-22 45056]
.
c:\users\JIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2011-2-18 1101824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6D4.tmp
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - AVGIDSDriver
*Deregistered* - AVGIDSEH
*Deregistered* - AVGIDSFilter
*Deregistered* - Avgrkx64
*Deregistered* - Avgtdia
*Deregistered* - pctESPInject
*Deregistered* - SASDIFSV
*Deregistered* - SASKUTIL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\DriverCure.job
- c:\program files (x86)\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]
.
2012-02-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000Core.job
- c:\users\JIM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-09 16:33]
.
2012-02-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000UA.job
- c:\users\JIM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-09 16:33]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 16:45]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 16:45]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000Core.job
- c:\users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 15:07]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000UA.job
- c:\users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 15:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{B9B97401-98E1-4942-930D-C36652DAB7F2} - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6D4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\PC Tools Firewall Plus\FWService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-02-17 09:54:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-17 16:54
ComboFix2.txt 2012-01-30 19:59
ComboFix3.txt 2011-07-05 17:05
.
Pre-Run: 200,615,768,064 bytes free
Post-Run: 200,118,099,968 bytes free
.
- - End Of File - - EEDAA5B51DE05D84269BAA2B05A05AA5
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
I have the log in its entirety if you need it. JIM
-
And now a few more scans.
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
*******************************************
AVENGER
- Download The Avenger by Swandog46 from here (http://swandog46.geekstogo.com/avenger2/download.php).
- Unzip/extract it to a folder on your desktop.
- Double click on avenger.exe to run The Avenger.
- Click OK.
- Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
- Click the Execute button.
- You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
- Click Yes.
- You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
- Click Yes.
- Your PC will now be rebooted.
- After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
- Please post this log in your next reply.
-
Her ie the ROOT log:
Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.7601.17514
Mozilla Firefox 4.0.1 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:244 Go - Free:186 Go )
D:\ [Fixed-NTFS] .. ( Total:352 Go - Free:264 Go )
E:\ [Fixed-NTFS] .. ( Total:63 Go - Free:36 Go )
F:\ [Fixed-NTFS] .. ( Total:12 Go - Free:8 Go )
G:\ [CD_Rom]
H:\ [CD_Rom]
I:\ [CD_Rom]
J:\ [Removable]
.
Scan : 08:38.14
Path : C:\Users\JIM\Downloads\Rooter.exe
User : JIM ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe???ô (336)
Locked csrss.ex???ô (432)
Locked wininit.???ô (496)
Locked csrss.ex???ô (516)
Locked winlogon???ô (560)
Locked services???ô (604)
Locked lsass.ex???ô (620)
Locked lsm.exe (628)
Locked svchost.???ô (728)
Locked svchost.???ô (828)
Locked svchost.???ô (904)
Locked svchost.???ô (968)
Locked svchost.???ô (1012)
Locked svchost.???ô (476)
Locked svchost.???ô (1160)
Locked AvastSvc???ô (1220)
Locked spoolsv.???ô (1596)
Locked svchost.???ô (1636)
Locked armsvc.e???ô (1800)
Locked svchost.???ô (1844)
Locked svchost.???ô (1872)
Locked svchost.???ô (1904)
Locked LSSrvc.e???ô (2040)
Locked FWServic???ô (1048)
Locked SeaPort.???ô (1020)
Locked svchost.???ô (2116)
Locked svchost.???ô (2172)
Locked WLIDSVC.???ô (2208)
Locked YahooAUS???ô (2256)
Locked WLIDSVCM???ô (2900)
Locked SearchIn???ô (2992)
Locked svchost.???ô (2676)
Locked svchost.???ô (3128)
______ ?????????? (3784)
______ ?????????? (3856)
______ ?????????? (3908)
______ C:\Program Files (x86)\Stickies\stickies.exe (3580)
______ C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (3504)
______ C:\Program Files\AVAST Software\Avast\AvastUI.exe (3768)
______ C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (3660)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3636)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3924)
______ C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe (4080)
Locked wmpnetwk???ô (4680)
Locked svchost.???ô (5088)
Locked dllhost.???ô (4728)
Locked taskeng.???ô (4992)
Locked NMIndexi???ô (4596)
______ ?????????? (2308)
______ C:\Users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe (3276)
______ C:\Users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe (1088)
______ C:\Users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe (4676)
Locked audiodg.???ô (4024)
Locked WUDFHost???ô (3424)
Locked WmiPrvSE???ô (4420)
Locked SearchPr???ô (5132)
Locked SearchFi???ô (2132)
______ C:\Users\JIM\Downloads\Rooter.exe (2332)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:104857600)
\Device\Harddisk0\Partition2 (Start_Offset:105906176 | Length:262039142400)
\Device\Harddisk0\Partition3 (Start_Offset:262145048576 | Length:377987530752)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\DriverCure.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000Core.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000UA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 08:38.17
.
C:\Rooter$\Rooter_1.txt - (20/02/2012 | 08:38.17)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
I could not find C:\avenger.txt
Instead I got the following message:
WXCSLDR2.exe Entry point not found[/b].
The procedure entry point "apsGetReady" could not be found in the dynamic link library "wlanapi.dll"
-
Please update me on the functioning of your computer.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Everything s, eems to be working allright with my computer EXCEPT I still cannot access the internet with Internet explorer, chrome, or firefox... Avast claims to have updated everytime I boot so evidenlty it is able to access the net, but my browsers are not....
Therefore I cannot scan my machine with Eset online...
-
Ok, let's try this:
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.
(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)
Checkmark the following boxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List content of Hosts
- List IP Configuration
- Lst Last 10 Event Viewer Errors
- List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
****************************************************************
Please download Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe) and run it on the computer with the issue.
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
-
Thanks SuperDave: Logs follow;
MiniToolBox by Farbar Version: 18-01-2012
Ran by JIM (administrator) on 21-02-2012 at 12:05:35
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Atheros AR8131 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Rosie
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 6C-62-6D-7B-E8-97
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ac85:8b9d:d728:28b6%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, February 21, 2012 11:32:30 AM
Lease Expires . . . . . . . . . . : Wednesday, February 22, 2012 11:32:30 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 241984109
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-51-00-58-6C-62-6D-7B-E8-97
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{9F8D9178-14EC-465A-9768-9E35F078DAD7}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 10:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4a:2505:b3a6:cf5a(Preferred)
Link-local IPv6 Address . . . . . : fe80::4a:2505:b3a6:cf5a%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1
Name: google.com
Addresses: 74.125.224.199
74.125.224.200
74.125.224.201
74.125.224.202
74.125.224.203
74.125.224.204
74.125.224.205
74.125.224.206
74.125.224.207
74.125.224.192
74.125.224.193
74.125.224.194
74.125.224.195
74.125.224.196
74.125.224.197
74.125.224.198
Pinging google.com [74.125.224.198] with 32 bytes of data:
Request timed out.
Reply from 74.125.224.198: bytes=32 time=1321ms TTL=53
Ping statistics for 74.125.224.198:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 1321ms, Maximum = 1321ms, Average = 1321ms
Server: UnKnown
Address: 192.168.1.1
Name: yahoo.com
Addresses: 209.191.122.70
98.139.127.62
98.139.183.24
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=136ms TTL=46
Reply from 98.139.183.24: bytes=32 time=136ms TTL=48
Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 136ms, Maximum = 136ms, Average = 136ms
Server: UnKnown
Address: 192.168.1.1
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
===========================================================================
Interface List
9...6c 62 6d 7b e8 97 ......Atheros AR8131 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.69 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.69 276
192.168.1.69 255.255.255.255 On-link 192.168.1.69 276
192.168.1.255 255.255.255.255 On-link 192.168.1.69 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.69 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.69 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:4137:9e76:4a:2505:b3a6:cf5a/128
On-link
9 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::4a:2505:b3a6:cf5a/128
On-link
9 276 fe80::ac85:8b9d:d728:28b6/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
9 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Event log errors: ===============================
Application errors:
==================
Error: (02/20/2012 00:20:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/20/2012 10:13:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/17/2012 10:16:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/16/2012 00:24:06 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b9531256-9652-472f-94b3-1e5f569ba6ff}
Error: (02/16/2012 11:07:33 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/15/2012 00:45:45 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.60.0.61 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: c0c
Start Time: 01ccec1a5759afb7
Termination Time: 16
Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Report Id: a2f1a68f-580d-11e1-9697-6c626d7be897
Error: (02/15/2012 11:47:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/15/2012 11:12:58 AM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.60.0.61 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1194
Start Time: 01ccec0d3feba506
Termination Time: 15
Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Report Id: ac2d6108-5800-11e1-9a13-6c626d7be897
Error: (02/13/2012 05:01:44 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.60.0.61 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1210
Start Time: 01cceaabc8d2fb12
Termination Time: 0
Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Report Id: 0fa36e9f-569f-11e1-8943-6c626d7be897
Error: (02/13/2012 04:57:28 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.60.0.61 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1340
Start Time: 01cceaaaf4bdbf69
Termination Time: 15
Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Report Id: 761b6c06-569e-11e1-8943-6c626d7be897
System errors:
=============
Error: (02/21/2012 00:03:49 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.
Error: (02/21/2012 00:03:49 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.
Error: (02/21/2012 00:03:48 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.
Error: (02/21/2012 00:01:58 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.
Error: (02/21/2012 00:01:57 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.
Error: (02/21/2012 00:01:57 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.
Error: (02/21/2012 00:01:56 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.
Error: (02/21/2012 00:01:55 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.
Error: (02/21/2012 00:01:55 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.
Error: (02/21/2012 00:01:54 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.
Microsoft Office Sessions:
=========================
Error: (02/20/2012 00:20:50 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (02/20/2012 10:13:32 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (02/17/2012 10:16:36 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (02/16/2012 00:24:06 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b9531256-9652-472f-94b3-1e5f569ba6ff}
Error: (02/16/2012 11:07:33 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (02/15/2012 00:45:45 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.60.0.61c0c01ccec1a5759afb716C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exea2f1a68f-580d-11e1-9697-6c626d7be897
Error: (02/15/2012 11:47:03 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (02/15/2012 11:12:58 AM) (Source: Application Hang)(User: )
Description: mbam.exe1.60.0.61119401ccec0d3feba50615 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeac2d6108-5800-11e1-9a13-6c626d7be897
Error: (02/13/2012 05:01:44 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.60.0.61121001cceaabc8d2fb120C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe0fa36e9f-569f-11e1-8943-6c626d7be897
Error: (02/13/2012 04:57:28 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.60.0.61134001cceaaaf4bdbf6915 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe761b6c06-569e-11e1-8943-6c626d7be897
========================= Memory info: ===================================
Percentage of memory in use: 27%
Total physical RAM: 4095.18 MB
Available physical RAM: 2969.04 MB
Total Pagefile: 8188.55 MB
Available Pagefile: 6760.45 MB
Total Virtual: 4095.88 MB
Available Virtual: 3948.44 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:244.04 GB) (Free:185.56 GB) NTFS
2 Drive d: (Music) (Fixed) (Total:352.03 GB) (Free:264.64 GB) NTFS
3 Drive e: (Pers data) (Fixed) (Total:63.48 GB) (Free:36.73 GB) NTFS
4 Drive f: (Windows 7) (Fixed) (Total:12.86 GB) (Free:8.23 GB) NTFS
8 Drive j: (Cruzer) (Removable) (Total:3.74 GB) (Free:0.38 GB) FAT32
========================= Users: ========================================
User accounts for \\ROSIE
Administrator Guest JIM
Terri
**** End of log ****
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Farbar Service Scanner Version: 14-02-2012
Ran by JIM (administrator) on 21-02-2012 at 12:41:27
Running from "C:\Users\JIM\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-17 09:24] - [2011-12-27 20:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
-
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).
At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.
Restart computer.
-
OKAY, I have done that. The machine is still acting the same way and I am still getting the message:
WXCSLDR2.exe Entry point not found [/b].
The procedure entry point "apsGetReady" could not be found in the dynamic link library "wlanapi.dll"
when I boot.
-
The machine is still acting the same way and I am still getting the message:
You still can't connect to the internet?
WXCSLDR2.exe Entry point not found [/b].
The procedure entry point "apsGetReady" could not be found in the dynamic link library "wlanapi.dll"
WZCSLDR3.exe is part of the drivers for various wireless networking cards made by Alpha Networks. This is an OEM manufacturer of wireless logic (as opposed to a company that makes end products), so your system may be using their products even if there's nothing in it with that label. Should be considered part of your drivers and left alone, or your wireless connection won't work.
Does the above make any sense to you?
-
Thanks SuperDave, Well it sounds to me like that may be my problem. I still cannot connect to internet altho everything else seems to be OK. I checked my device manager and it does no show any non working drivers. Is this a hardware or software problem? Do I need a new mother board? What do you think? How serious is this ? JIM
-
jim.mar and SuperDave...
If I may interject...
Check to see if Windows 7 Wired AutoConfig is running. Do the following:
- Click Start and in the Search Box type services.msc and hit the Enter key on your keyboard.
- When the Services window opens...scroll down to see if Wired AutoConfig is set to "Manual", or "Automatic". Make sure it is set to "Automatic" and save that setting.
- Check to see if the Wired AutoConfig has started. If not...make sure it is...save this setting and re-boot the computer.
If this does not work...or, if no changes needed to be made...try re-starting this service and then re-boot the computer.
If the above doesn't work...try visiting the computer manufacturer's website for an updated driver. In this case...I would assume it is a D-Link wireless adapter...correct?
Keep us posted...
-
GlitchPC: Thanks for your interest. I checked "Wired AutoConfig" and it was Set to manual and was not started. so I changed it to Automatic and started it and rebooted. Did not work. I still cannot access the internet via my browsers. Something is working tho because everytime I boot, I get the message that Avast was updated. Also, when this problem started, I was using Chrome and it would access my facebook but nothing else. Now it doesn't even do that.
NO, I am not using a D-link adapter. Although, I did try that when the problem first started but my old D-link software that I used with Windows XP on my old machine was not compatible with Windows 7. So I took it out
My machine is home built as of Oct. 2010. You can check the specs on my profile. It has been working very well up until about Jan 23rd when it downloaded and installed some windows updates. That is when my problem started.
Question; Should I leave "Wired Autoconfig" set on Auto or should I set it back to Manual? I don't want to foul up SuperDave's procedure.
Thanks again for your input. JIM
-
You can leave it as is...it will be fine...and "no"...it will not cause any issues with what SuperDave has already done. However, was Avast updating before you made the change I suggested or, afterwards?
Edit...
Jim,
Can you do me a favor, please? Check the LAN Settings in Internet Options. Can you tell me what your settings are in that window?
-
Avast has been updating since I started using it months ago. It does it each time I fire up the computer. I usually put Windows on "Hibernate" when I shut it down and turn off the power so I am not sure if it does a complete reboot each time I turn it on or not.
Thanks again, JIM
-
You're welcome, Jim...check my post above your last post...I edited it.
-
LAN settings: Only the "Automatically detect settings" box is checked.
Come to think of it, Avast has not updated since I turned the machine on this AM. I have rebooted atleast twice since then.
JIM
-
If that is the only thing checked...uncheck it and save that setting. Reboot for kicks and giggles...and then let me know if the browsers work.
-
OKAY I did that. No change. Browsers still won't surf. JIM
-
Okay...
One last thing to check. Does your network connection show you are connected? If not...have you tried rebooting the modem and the router?
-
YES, my network connections show that I am connected. I havae tried restarting the modem and the router twice in the past few days. JIM
-
Have you checked your Internet Options "Connections" for those settings?
-
Internet Options "Connections" show that I am connected. If I click "setup" > "Browse the internet now" the browser indicaatees that it is "connecting" indefinately. Task Manager (applications) shows http://www.yahoo.com/ -windows Internet Explorer running.
Task manager (performances) shows the CPU is idle (2%). and this goes on and on........
-
The image I'm posting is an XP image...but, it's basically the same as Windows 7. Take a look at it and let me know your settings, okay?
[year+ old attachment deleted by admin]
-
Nothing in the upper area. The first item ""never dial a connection" in the lower BUT it is faded out and so is "SETTINGS" button
-
Did you ever have Norton on this computer? Also...what firewall are you using? Windows Firewall, or something else?
-
No I have never had Norton on this machine. Windows firewall is OFF. I am using PC Tools Firewall Plus...
-
Did you download it from PC Tools or, some other location? Also...have you tried disabling the firewall, temporarily, to see if this helps to resolve the issue?
-
jim.mar,
I have read this entire thread and don't believe I've seen anything related to what I'm about to ask...but, have you tried a straight connection through the modem only...instead of the router? Meaning the ethernet cable should run directly from the modem to the network card on the PC. Try that to see if any of your browsers work.
In addition...now, this is just me. If you're going to use the router...then that acts as a hardware firewall in itself. I would uninstall PC Tools' Firewall Plus and use Windows Firewall as my software firewall. However, you may want to wait to see what SuperDave recommends.
@SuperDave...at no time did I intend to step on your toes. I will leave this, now, in your capapble hands...
Keep us posted, Jim!
-
YAHOO ! ! Thank you guys. My machine is now working better than before the problem arose.
Thank you SuperDave for all of your time and patience and sticking with me. Especially in view of all the other stuff you must be dealing with. I have always been appreciative and supportive for all the help that I get from Computer Hope forums. I hope that I can continue to count on Computer Hope for help in the future if I should need it..
Thank you GlitchPC for your inputs... Evidently the last bug involved was with PCtools Firewall plus. After I uninstalled it I was again able to access internet... I say "last" because something else must have been infecting my machine because it now runs better that before.. Thanks again.
So, with deep appreciation, I will sign off and go surfing... (for now at least) JIM
-
You're welcome, Jim. Excellent news. SuperDave should get all the credit, though. He was with you from the start and hung in there with you.
Happy surfing!
P.S. If you're no longer using PC Tools Firewall Plus...make sure the Windows Firewall is running...okay?
-
I would still like to see the ESET scan log before we cleanup.
-
OK I will run the Eset scan as requested in Reply #61... Meanwhile here is the Eset log from Feb 8 2012.
C:\Program Files (x86)\EpicPlay\epicPlayGames.dll a variant of Win32/Adware.Gamevance.BI application cleaned by deleting (after the next restart) - quarantined
C:\Users\JIM\AppData\Local\Temp\NODC07B.tmp a variant of Win32/Adware.Gamevance.BI application cleaned by deleting (after the next restart) - quarantined
C:\Users\JIM\Downloads\freeripmp3-setup.exe multiple threats deleted - quarantined
-
SuperDAve: Hey hey, got it this time. Scan took almost two hours, found one infected file.. Report follows:
Esets scan log done on Feb 28 20121
C:\Users\JIM\Downloads\freeripmp3-setup.exe multiple threats deleted - quarantined
That "C:\Users\JIM\Downloads\freeripmp3-setup.exe" found on Feb 8 shows up again. Could I have somehow inherited that again?/
What do you think??
-
Could I have somehow inherited that again?/
What do you think??
We thought that you may have been re-infected. That's why we ran most of the scans the second time. Let's do some cleanup. You may keep SAS and MBAM on your computer. Update them and run them on a regular basis.
You should get rid of this: C:\Users\JIM\Downloads\freeripmp3-setup.exe
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
- Click the CleanUp button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
************************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
******************************************************
To set a new Restore Point.
Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
********************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
SuperDave: OK done. The machine is running well. I want to thank you again for all your help and patience.
I have one problem tho. Everytime I boot up I get the message
"WZFSLDR2.exe - Entry point not found .
The procedure entry point - spdGetReady - - could not be located in the dynamic link library wlanapi.dll"
I understand that it is a registry problem and I am afraid to try to fix it with some recommendations on the net. Do you have any ideas or is this another subjectfor another area??
Thanks again JIM
-
Let's check out that file.
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and links posted for each one)
* Copy the file path in the below Code box:
WZFSLDR2.exe
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
-
I tried that. Got the JOTTI web site but was unable to copy (or type) anything into the browse window. HOwever, I mis-typed . . . the entry point should have read WZCSLDR2.exe
-
I tried that. Got the JOTTI web site but was unable to copy (or type) anything into the browse window. HOwever, I mis-typed . . . the entry point should have read WZCSLDR2.exe
That file belongs to this program: Program Files\ANI\ANIWZCS2 Service. Do you have that program on your computer?
-
YES, I have it in C:\ProgramFiles(x86) but not in C:\Program Files. I do not know why I have both Program Files and Program Files(x86).
-
WZCSLDR3.exe is part of the drivers for various wireless networking cards made by Alpha Networks. This is an OEM manufacturer of wireless logic (as opposed to a company that makes end products), so your system may be using their products even if there's nothing in it with that label. Should be considered part of your drivers and left alone, or your wireless connection won't work.
-
SuperDave: Sorry I took so long getting back. OK, as I said, it is in C:\ProgramFiles(x86) but not in C:\ProgramFiles. Should I copy it from one to the other via Windows Explorer? The error message still pops up on a fresh boot after complete shut down but not after restoring coming out of "hibernate". Or should I just lie with it? The machine seems to be working just fine.
-
C:\ProgramFiles(x86)
This means that your computer is a l4 bit computer as opposed to 32 bit. Most newer computers are 64 bit.
Or should I just live with it? The machine seems to be working just fine.
I'm pleased that the computer is running well but I can't help you much more with that error problem. Perhaps you could start a new thread in a different forum on this site.
-
Jim,
Read this: WZCSLDR2.exe-Entry Point Not Found. (http://answers.microsoft.com/en-us/windows/forum/windows_vista-networking/wzcsldr2exe-entry-point-not-found/14cdf632-c6a3-41aa-8ab2-0e88729116e9)
-
SuperDave: OK, thank you again so much for your time and patience on this problem. You guys do a terific job helping us out. Bless you, JIM
-
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.