Author Topic: Possible infected computer (Read 7687 times)

distrutled · « **on:** June 26, 2011, 04:44:43 PM »

My computer seems to be busy all the time even when I'm not connected to the internet. Do you think my computer is infected?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/26/2011 at 05:27 PM

Application Version : 4.54.1000

Core Rules Database Version : 7287
Trace Rules Database Version: 5099

Scan type : Quick Scan
Total Scan Time : 00:14:23

Memory items scanned : 592
Memory threats detected : 0
Registry items scanned : 1083
Registry threats detected : 0
File items scanned : 18597
File threats detected : 9

Adware.Tracking Cookie
   .doubleclick.net [ C:\Documents and Settings\AIDAN.MICHAEL\Application Data\Mozilla\Firefox\Profiles\8e6n0u4m.default\cookies.sqlite ]
   .dmtracker.com [ C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\uk3k73oz.default\cookies.sqlite ]
   dc.tremormedia.com [ C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\uk3k73oz.default\cookies.sqlite ]
   segment-pixel.invitemedia.com [ C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\uk3k73oz.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\uk3k73oz.default\cookies.sqlite ]
   va.px.invitemedia.com [ C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\uk3k73oz.default\cookies.sqlite ]
   www3.addfreestats.com [ C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\uk3k73oz.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\uk3k73oz.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\uk3k73oz.default\cookies.sqlite ]

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6954

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/26/2011 11:11:50 AM
mbam-log-2011-06-26 (11-11-49).txt

Scan type: Full scan (C:\|)
Objects scanned: 233069
Time elapsed: 31 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:15 PM, on 6/26/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Squeezebox\SqueezeTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRA~1\SQUEEZ~1\server\SQUEEZ~3.EXE
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: Squeezebox Server Tray Tool.lnk = C:\Program Files\Squeezebox\SqueezeTray.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259633329522
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08254751-F0E0-4DC7-9FCA-06A52E8C9869}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE3A5C69-763A-45FF-A999-71154F23952B}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{08254751-F0E0-4DC7-9FCA-06A52E8C9869}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{08254751-F0E0-4DC7-9FCA-06A52E8C9869}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe

--
End of file - 7602 bytes

SuperDave · « **Reply #1 on:** June 26, 2011, 05:51:22 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
**************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

distrutled · « **Reply #2 on:** June 29, 2011, 10:48:06 PM »

I'm sorry I didn't notice your reply sooner. Thanks for responding. Here are the logs you requested.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Mike at 23:30:25 on 2011-06-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.998.447 [GMT -5:00]
.
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Squeezebox\SqueezeTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\mike\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\squeez~1.lnk - c:\program files\squeezebox\SqueezeTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259633329522
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{08254751-F0E0-4DC7-9FCA-06A52E8C9869} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{DE3A5C69-763A-45FF-A999-71154F23952B} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{DE3A5C69-763A-45FF-A999-71154F23952B} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mike\application data\mozilla\firefox\profiles\uk3k73oz.default\
FF - plugin: c:\documents and settings\mike\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-12-29 17416]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-12-29 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-12-29 29400]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-12-29 1779792]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\docume~1\alluse~1\applic~1\squeez~1\cache\my.cnf squeezemysql --> c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\docume~1\alluse~1\applic~1\squeez~1\cache\my.cnf SqueezeMySQL [?]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
.
=============== Created Last 30 ================
.
2011-06-17 08:13:07   --------   d-----w-   c:\windows\SxsCaPendDel
2011-06-02 19:20:03   63488   ----a-w-   c:\windows\system32\E_FD4BGBA.DLL
2011-06-02 19:20:02   93696   ----a-w-   c:\windows\system32\E_FLBGBA.DLL
2011-06-02 19:19:10   128392   ----a-w-   c:\windows\system32\esdevapp.exe
.
==================== Find3M ====================
.
2011-05-29 14:11:30   39984   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11:20   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-13 02:51:07   284744   ----a-w-   c:\windows\system32\guard32.dll
2011-05-13 02:51:05   29400   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2011-05-13 02:51:05   242472   ----a-w-   c:\windows\system32\drivers\cmdGuard.sys
2011-05-13 02:51:05   17416   ----a-w-   c:\windows\system32\drivers\cmderd.sys
2011-05-02 15:31:52   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27   151552   ----a-w-   c:\windows\system32\schannel.dll
2011-04-29 16:19:43   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-04-25 16:11:11   43520   ------w-   c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22   385024   ------w-   c:\windows\system32\html.iec
2011-04-21 13:37:43   105472   ----a-w-   c:\windows\system32\drivers\mup.sys
2011-04-07 15:42:34   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-04-07 15:42:34   472808   ----a-w-   c:\windows\system32\deployJava1.dll
.
============= FINISH: 23:33:57.06 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/30/2009 10:00:06 PM
System Uptime: 6/29/2011 3:20:57 AM (20 hours ago)
.
Motherboard: Intel Corporation | | DQ965MT
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | | 1864/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 73 GiB total, 59.935 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82566DM Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_104A&SUBSYS_0001107B&REV_02\3&61AAA01&0&C8
Manufacturer: Intel
Name: Intel(R) 82566DM Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_104A&SUBSYS_0001107B&REV_02\3&61AAA01&0&C8
Service: e1express
.
==== System Restore Points ===================
.
RP105: 4/12/2011 6:30:40 PM - System Checkpoint
RP106: 4/13/2011 6:59:52 PM - System Checkpoint
RP107: 4/14/2011 7:22:28 PM - System Checkpoint
RP108: 4/15/2011 3:00:22 AM - Software Distribution Service 3.0
RP109: 4/16/2011 3:54:54 AM - System Checkpoint
RP110: 4/17/2011 4:06:20 AM - System Checkpoint
RP111: 4/18/2011 5:13:11 AM - System Checkpoint
RP112: 4/19/2011 5:18:20 AM - System Checkpoint
RP113: 4/20/2011 6:06:20 AM - System Checkpoint
RP114: 4/21/2011 3:00:20 AM - Software Distribution Service 3.0
RP115: 4/22/2011 3:54:57 AM - System Checkpoint
RP116: 4/23/2011 4:18:50 AM - System Checkpoint
RP117: 4/24/2011 5:18:21 AM - System Checkpoint
RP118: 4/25/2011 5:38:48 AM - System Checkpoint
RP119: 4/26/2011 7:15:40 AM - System Checkpoint
RP120: 4/27/2011 7:26:47 AM - System Checkpoint
RP121: 4/28/2011 3:00:25 AM - Software Distribution Service 3.0
RP122: 4/29/2011 3:51:56 AM - System Checkpoint
RP123: 4/30/2011 4:02:48 AM - System Checkpoint
RP124: 5/1/2011 4:38:48 AM - System Checkpoint
RP125: 5/2/2011 5:26:48 AM - System Checkpoint
RP126: 5/3/2011 5:38:48 AM - System Checkpoint
RP127: 5/4/2011 6:29:51 AM - System Checkpoint
RP128: 5/5/2011 6:38:48 AM - System Checkpoint
RP129: 5/6/2011 7:38:48 AM - System Checkpoint
RP130: 5/7/2011 8:38:48 AM - System Checkpoint
RP131: 5/8/2011 10:10:14 AM - System Checkpoint
RP132: 5/9/2011 10:44:48 AM - System Checkpoint
RP133: 5/10/2011 11:54:14 PM - System Checkpoint
RP134: 5/11/2011 3:00:17 AM - Software Distribution Service 3.0
RP135: 5/12/2011 3:00:33 AM - Software Distribution Service 3.0
RP136: 5/13/2011 4:09:36 AM - System Checkpoint
RP137: 5/14/2011 5:09:36 AM - System Checkpoint
RP138: 5/15/2011 5:57:36 AM - System Checkpoint
RP139: 5/16/2011 7:09:36 AM - System Checkpoint
RP140: 5/20/2011 5:52:41 AM - System Checkpoint
RP141: 5/21/2011 5:54:33 AM - System Checkpoint
RP142: 5/22/2011 6:42:32 AM - System Checkpoint
RP143: 5/23/2011 6:54:35 AM - System Checkpoint
RP144: 5/24/2011 7:54:32 AM - System Checkpoint
RP145: 5/25/2011 8:42:33 AM - System Checkpoint
RP146: 5/26/2011 8:54:33 AM - System Checkpoint
RP147: 5/27/2011 9:42:58 AM - System Checkpoint
RP148: 5/28/2011 9:55:09 AM - System Checkpoint
RP149: 5/29/2011 10:43:09 AM - System Checkpoint
RP150: 5/30/2011 10:55:09 AM - System Checkpoint
RP151: 5/31/2011 12:07:39 PM - System Checkpoint
RP152: 6/1/2011 12:43:09 PM - System Checkpoint
RP153: 6/2/2011 1:55:09 PM - System Checkpoint
RP154: 6/2/2011 2:21:12 PM - Installed Epson Event Manager
RP155: 6/2/2011 2:22:14 PM - Installed FAX Utility
RP156: 6/2/2011 2:22:52 PM - Printer Driver EPSON PC-FAX driver Installed
RP157: 6/2/2011 2:23:58 PM - Configured EpsonNet Print
RP158: 6/2/2011 2:24:33 PM - Installed EpsonNet Setup 3.3
RP159: 6/3/2011 2:43:25 PM - System Checkpoint
RP160: 6/4/2011 3:14:10 PM - System Checkpoint
RP161: 6/5/2011 3:30:14 PM - System Checkpoint
RP162: 6/6/2011 4:14:09 PM - System Checkpoint
RP163: 6/7/2011 4:26:09 PM - System Checkpoint
RP164: 6/8/2011 5:14:09 PM - System Checkpoint
RP165: 6/9/2011 5:26:09 PM - System Checkpoint
RP166: 6/10/2011 6:14:09 PM - System Checkpoint
RP167: 6/11/2011 6:59:43 PM - System Checkpoint
RP168: 6/12/2011 7:11:45 PM - System Checkpoint
RP169: 6/13/2011 7:12:13 PM - System Checkpoint
RP170: 6/14/2011 8:11:43 PM - System Checkpoint
RP171: 6/15/2011 9:11:43 PM - System Checkpoint
RP172: 6/16/2011 10:11:42 PM - System Checkpoint
RP173: 6/17/2011 3:00:25 AM - Software Distribution Service 3.0
RP174: 6/18/2011 3:00:15 AM - Software Distribution Service 3.0
RP175: 6/19/2011 3:58:05 AM - System Checkpoint
RP176: 6/20/2011 3:58:34 AM - System Checkpoint
RP177: 6/21/2011 4:10:03 AM - System Checkpoint
RP178: 6/22/2011 5:10:03 AM - System Checkpoint
RP179: 6/23/2011 6:22:06 AM - System Checkpoint
RP180: 6/26/2011 11:26:42 AM - System Checkpoint
RP181: 6/27/2011 11:28:55 AM - System Checkpoint
RP182: 6/28/2011 3:00:18 AM - Software Distribution Service 3.0
RP183: 6/29/2011 3:00:18 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
BeerSmith
BeerTools Pro version 1.5
CCleaner
COMODO Internet Security
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 610 Series Printer Uninstall
EPSON WorkForce 630 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup
EpsonNet Setup 3.3
ESET Online Scanner v3
GIMP 2.6.4
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel Audio Studio 2.0
Intel(R) Active Management Technology LMS Service and SOL Driver
Intel(R) Management Engine Interface
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.6.18)
NETGEAR WG111v3 wireless USB 2.0 adapter
OpenOffice.org 3.0
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SpywareBlaster 4.4
Squeezebox Server 7.5.4
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
6/26/2011 5:12:03 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
.
==== End Of File ===========================

Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 24
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player    10.2.159.1
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

SuperDave · « **Reply #3 on:** June 30, 2011, 04:53:07 PM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**********************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
*******************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

distrutled · « **Reply #4 on:** July 01, 2011, 09:50:03 PM »

Combofix log as requested.ComboFix 11-07-01.01 - Mike 07/01/2011 22:03:10.14.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.998.465 [GMT -5:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2860\20252d6e001ae3774b425e81ba09b666\Fcntl.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2860\2076671ee5d0a5323570c92c74abac6f\Process.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2860\23ae7fb85999872530b5a5d4d67a4f44\Registry.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2860\23fe5d76b9491fa255db2281ac7687d5\Service.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2860\2d2847f7dd2a1fddd0fdb79d9d64ba93\List.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2860\6a834a555edd63cb8706466e7c1666f2\Hostname.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2860\7020d50af327e3fc94b98242c307fc81\Cwd.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2860\7dd16cc839f33995d1a58e2773aa29b8\WinError.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2860\855297e7b4b860331fdbdd53426f5e15\Dumper.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2860\86351894c58e4804ca004825fea78bbb\Encode.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2860\a7c0cce4e1ac2c1f6d3e71bbe3c9bdd3\Socket.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2860\b7b4505cb0a127c242f14d779e410e03\POSIX.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2860\c3da4aa4c02db51c7f94d5eaf2438023\OLE.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2860\f48694173221cfa9bad4275e2389b498\Win32.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2860\perl510.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2860\20252d6e001ae3774b425e81ba09b666\Fcntl.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2860\2076671ee5d0a5323570c92c74abac6f\Process.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2860\23ae7fb85999872530b5a5d4d67a4f44\Registry.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2860\23fe5d76b9491fa255db2281ac7687d5\Service.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2860\2d2847f7dd2a1fddd0fdb79d9d64ba93\List.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2860\6a834a555edd63cb8706466e7c1666f2\Hostname.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2860\7020d50af327e3fc94b98242c307fc81\Cwd.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2860\7dd16cc839f33995d1a58e2773aa29b8\WinError.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2860\855297e7b4b860331fdbdd53426f5e15\Dumper.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2860\86351894c58e4804ca004825fea78bbb\Encode.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2860\a7c0cce4e1ac2c1f6d3e71bbe3c9bdd3\Socket.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2860\b7b4505cb0a127c242f14d779e410e03\POSIX.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2860\c3da4aa4c02db51c7f94d5eaf2438023\OLE.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2860\f48694173221cfa9bad4275e2389b498\Win32.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2860\perl510.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 )))))))))))))))))))))))))))))))
.
.
2011-07-02 02:05 . 2011-07-02 02:05   --------   d-----w-   c:\program files\Common Files\Adobe
2011-07-02 01:47 . 2011-07-02 01:47   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 08:13 . 2011-06-17 09:03   --------   d-----w-   c:\windows\SxsCaPendDel
2011-06-06 17:55 . 2011-06-06 17:55   183696   ----a-w-   c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 17:55 . 2011-06-06 17:55   183696   ----a-w-   c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-06-02 19:20 . 2009-10-01 03:01   63488   ----a-w-   c:\windows\system32\E_FD4BGBA.DLL
2011-06-02 19:20 . 2008-11-12 02:00   93696   ----a-w-   c:\windows\system32\E_FLBGBA.DLL
2011-06-02 19:19 . 2009-05-01 05:00   128392   ----a-w-   c:\windows\system32\esdevapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 14:11 . 2010-07-24 06:09   39984   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2010-07-24 06:09   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-13 02:51 . 2010-12-29 07:42   284744   ----a-w-   c:\windows\system32\guard32.dll
2011-05-13 02:51 . 2010-12-29 07:41   97504   ----a-w-   c:\windows\system32\drivers\inspect.sys
2011-05-13 02:51 . 2010-12-29 07:41   29400   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2011-05-13 02:51 . 2010-12-29 07:41   242472   ----a-w-   c:\windows\system32\drivers\cmdGuard.sys
2011-05-13 02:51 . 2010-12-29 07:41   17416   ----a-w-   c:\windows\system32\drivers\cmderd.sys
2011-05-04 09:52 . 2010-07-25 16:57   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-05-04 07:25 . 2011-04-07 15:42   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2009-09-21 20:41   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2009-09-21 20:29   151552   ----a-w-   c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2009-09-21 20:29   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2009-09-21 20:29   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2009-09-21 20:29   43520   ------w-   c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2009-09-21 20:29   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2009-09-21 20:29   385024   ------w-   c:\windows\system32\html.iec
2011-04-21 13:37 . 2009-09-21 20:29   105472   ----a-w-   c:\windows\system32\drivers\mup.sys
2011-04-17 16:30 . 2011-04-17 16:25   664   ----a-w-   c:\documents and settings\AIDAN.MICHAEL\Local Settings\Application Data\d3d9caps.tmp
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-08_03.35.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 03:51 . 2011-04-19 03:51   51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59   51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51   59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51   42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51   43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51   61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51   62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51   61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51   61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51   53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51   63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51   36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51   35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59   59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59   42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59   43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59   61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59   62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59   61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59   61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59   53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59   63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59   36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59   35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51   59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51   59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59   59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59   59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
+ 2011-05-14 01:17 . 2011-05-14 01:17   65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45   49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45   49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45   61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45   61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45   61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45   57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45   65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45   45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45   40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 06:06 . 2011-05-14 06:06   57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 06:23 . 2011-05-14 06:23   69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 23:37 . 2011-05-13 23:37   97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2009-12-18 04:04 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\local\0C0A\escndvrs.dll
- 2009-12-18 04:04 . 2008-11-30 06:00   32768 c:\windows\twain_32\escndv\local\0C0A\escndvrs.dll
+ 2009-12-18 04:04 . 2009-01-14 05:00   69632 c:\windows\twain_32\escndv\local\0C0A\escfgres.dll
- 2009-12-18 04:04 . 2008-12-17 06:00   69632 c:\windows\twain_32\escndv\local\0C0A\escfgres.dll
+ 2009-12-18 04:04 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\local\0816\escndvrs.dll
- 2009-12-18 04:04 . 2008-11-30 06:00   32768 c:\windows\twain_32\escndv\local\0816\escndvrs.dll
- 2009-12-18 04:04 . 2008-12-17 06:00   69632 c:\windows\twain_32\escndv\local\0816\escfgres.dll
+ 2009-12-18 04:04 . 2009-01-14 05:00   69632 c:\windows\twain_32\escndv\local\0816\escfgres.dll
+ 2009-12-18 04:04 . 2009-01-11 05:00   45056 c:\windows\twain_32\escndv\local\0809\escndvrs.dll
+ 2009-12-18 04:04 . 2009-01-14 05:00   69632 c:\windows\twain_32\escndv\local\0809\escfgres.dll
- 2009-12-18 04:04 . 2008-12-24 06:00   69632 c:\windows\twain_32\escndv\local\0809\escfgres.dll
- 2009-12-18 04:04 . 2008-11-30 06:00   32768 c:\windows\twain_32\escndv\local\0422\escndvrs.dll
+ 2009-12-18 04:04 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\local\0422\escndvrs.dll
+ 2009-12-18 04:04 . 2009-01-14 05:00   69632 c:\windows\twain_32\escndv\local\0422\escfgres.dll
- 2009-12-18 04:04 . 2008-12-17 06:00   69632 c:\windows\twain_32\escndv\local\0422\escfgres.dll
+ 2009-12-18 04:04 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\local\0419\escndvrs.dll
- 2009-12-18 04:04 . 2008-11-30 06:00   32768 c:\windows\twain_32\escndv\local\0419\escndvrs.dll
+ 2009-12-18 04:04 . 2009-01-14 05:00   69632 c:\windows\twain_32\escndv\local\0419\escfgres.dll
- 2009-12-18 04:04 . 2008-12-17 06:00   69632 c:\windows\twain_32\escndv\local\0419\escfgres.dll
- 2009-12-18 04:04 . 2008-11-30 06:00   32768 c:\windows\twain_32\escndv\local\0413\escndvrs.dll
+ 2009-12-18 04:04 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\local\0413\escndvrs.dll
- 2009-12-18 04:04 . 2008-12-17 06:00   69632 c:\windows\twain_32\escndv\local\0413\escfgres.dll
+ 2009-12-18 04:04 . 2009-01-14 05:00   69632 c:\windows\twain_32\escndv\local\0413\escfgres.dll
+ 2009-12-18 04:04 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\local\0410\escndvrs.dll
- 2009-12-18 04:04 . 2008-11-30 06:00   32768 c:\windows\twain_32\escndv\local\0410\escndvrs.dll
+ 2009-12-18 04:04 . 2009-01-14 05:00   69632 c:\windows\twain_32\escndv\local\0410\escfgres.dll
- 2009-12-18 04:04 . 2008-12-17 06:00   69632 c:\windows\twain_32\escndv\local\0410\escfgres.dll
+ 2009-12-18 04:04 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\local\040C\escndvrs.dll
- 2009-12-18 04:04 . 2008-11-30 06:00   32768 c:\windows\twain_32\escndv\local\040C\escndvrs.dll
- 2009-12-18 04:04 . 2008-12-17 06:00   69632 c:\windows\twain_32\escndv\local\040C\escfgres.dll
+ 2009-12-18 04:04 . 2009-01-14 05:00   69632 c:\windows\twain_32\escndv\local\040C\escfgres.dll
- 2009-12-18 04:04 . 2008-11-30 06:00   32768 c:\windows\twain_32\escndv\local\0409\escndvrs.dll
+ 2009-12-18 04:04 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\local\0409\escndvrs.dll
- 2009-12-18 04:04 . 2008-12-24 06:00   69632 c:\windows\twain_32\escndv\local\0409\escfgres.dll
+ 2009-12-18 04:04 . 2009-01-14 05:00   69632 c:\windows\twain_32\escndv\local\0409\escfgres.dll
+ 2009-12-18 04:04 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\local\0407\escndvrs.dll
- 2009-12-18 04:04 . 2008-11-30 06:00   32768 c:\windows\twain_32\escndv\local\0407\escndvrs.dll
+ 2009-12-18 04:04 . 2009-01-14 05:00   69632 c:\windows\twain_32\escndv\local\0407\escfgres.dll
- 2009-12-18 04:04 . 2008-12-17 06:00   69632 c:\windows\twain_32\escndv\local\0407\escfgres.dll
+ 2009-12-18 04:04 . 2009-01-10 05:00   49152 c:\windows\twain_32\escndv\estwm.exe
- 2009-12-18 04:04 . 2008-12-17 06:00   90112 c:\windows\twain_32\escndv\estcfg.exe
+ 2009-12-18 04:04 . 2009-01-14 05:00   90112 c:\windows\twain_32\escndv\estcfg.exe
+ 2011-06-02 19:19 . 2009-01-12 05:00   73728 c:\windows\twain_32\escndv\es00a3\local\0C0A\esmpsres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   73728 c:\windows\twain_32\escndv\es00a3\local\0816\esmpsres.dll
+ 2011-06-02 19:18 . 2009-01-10 05:00   86016 c:\windows\twain_32\escndv\es00a3\local\0809\esmpsres.dll
+ 2011-06-02 19:18 . 2009-01-12 05:00   73728 c:\windows\twain_32\escndv\es00a3\local\0422\esmpsres.dll
+ 2011-06-02 19:18 . 2009-01-12 05:00   73728 c:\windows\twain_32\escndv\es00a3\local\0419\esmpsres.dll
+ 2011-06-02 19:18 . 2009-01-12 05:00   73728 c:\windows\twain_32\escndv\es00a3\local\0413\esmpsres.dll
+ 2011-06-02 19:18 . 2009-01-12 05:00   73728 c:\windows\twain_32\escndv\es00a3\local\0410\esmpsres.dll
+ 2011-06-02 19:18 . 2009-01-12 05:00   73728 c:\windows\twain_32\escndv\es00a3\local\040C\esmpsres.dll
+ 2011-06-02 19:18 . 2009-01-12 05:00   73728 c:\windows\twain_32\escndv\es00a3\local\0409\esmpsres.dll
+ 2011-06-02 19:18 . 2009-01-12 05:00   73728 c:\windows\twain_32\escndv\es00a3\local\0407\esmpsres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0C0A\eptifres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0C0A\eppitres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0C0A\eppijres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   40960 c:\windows\twain_32\escndv\es00a3\ffmt\local\0C0A\eppdfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0C0A\epmtfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0C0A\epjpgres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0C0A\epbmpres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0816\eptifres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0816\eppitres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0816\eppijres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   36864 c:\windows\twain_32\escndv\es00a3\ffmt\local\0816\eppdfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0816\epmtfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0816\epjpgres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0816\epbmpres.dll
+ 2011-06-02 19:19 . 2009-01-10 05:00   45056 c:\windows\twain_32\escndv\es00a3\ffmt\local\0809\eptifres.dll
+ 2011-06-02 19:19 . 2009-01-10 05:00   45056 c:\windows\twain_32\escndv\es00a3\ffmt\local\0809\eppitres.dll
+ 2011-06-02 19:19 . 2009-01-10 05:00   45056 c:\windows\twain_32\escndv\es00a3\ffmt\local\0809\eppijres.dll
+ 2011-06-02 19:19 . 2009-01-10 05:00   49152 c:\windows\twain_32\escndv\es00a3\ffmt\local\0809\eppdfres.dll
+ 2011-06-02 19:19 . 2009-01-10 05:00   45056 c:\windows\twain_32\escndv\es00a3\ffmt\local\0809\epmtfres.dll
+ 2011-06-02 19:19 . 2009-01-10 05:00   45056 c:\windows\twain_32\escndv\es00a3\ffmt\local\0809\epjpgres.dll
+ 2011-06-02 19:19 . 2009-01-10 05:00   45056 c:\windows\twain_32\escndv\es00a3\ffmt\local\0809\epbmpres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0422\eptifres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0422\eppitres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0422\eppijres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   36864 c:\windows\twain_32\escndv\es00a3\ffmt\local\0422\eppdfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0422\epmtfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0422\epjpgres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0422\epbmpres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0419\eptifres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0419\eppitres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0419\eppijres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   36864 c:\windows\twain_32\escndv\es00a3\ffmt\local\0419\eppdfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0419\epmtfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0419\epjpgres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0419\epbmpres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0413\eptifres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0413\eppitres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0413\eppijres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   36864 c:\windows\twain_32\escndv\es00a3\ffmt\local\0413\eppdfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0413\epmtfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0413\epjpgres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0413\epbmpres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0410\eptifres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0410\eppitres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0410\eppijres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   40960 c:\windows\twain_32\escndv\es00a3\ffmt\local\0410\eppdfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0410\epmtfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0410\epjpgres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0410\epbmpres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\040C\eptifres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\040C\eppitres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\040C\eppijres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   40960 c:\windows\twain_32\escndv\es00a3\ffmt\local\040C\eppdfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\040C\epmtfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\040C\epjpgres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\040C\epbmpres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0409\eptifres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0409\eppitres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0409\eppijres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   36864 c:\windows\twain_32\escndv\es00a3\ffmt\local\0409\eppdfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0409\epmtfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0409\epjpgres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0409\epbmpres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0407\eptifres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0407\eppitres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0407\eppijres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   40960 c:\windows\twain_32\escndv\es00a3\ffmt\local\0407\eppdfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0407\epmtfres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0407\epjpgres.dll
+ 2011-06-02 19:19 . 2009-01-12 05:00   32768 c:\windows\twain_32\escndv\es00a3\ffmt\local\0407\epbmpres.dll
+ 2011-06-02 19:18 . 2005-08-29 05:00   98304 c:\windows\twain_32\escndv\es00a3\ffmt\espimtif.dll
+ 2011-06-02 19:18 . 2009-01-10 05:00   90112 c:\windows\twain_32\escndv\es00a3\ffmt\epbmp.dll
+ 2011-06-02 19:18 . 2009-01-10 05:00   49152 c:\windows\twain_32\escndv\es00a3\estwm.exe
+ 2011-06-02 19:18 . 2008-04-11 05:00   53248 c:\windows\twain_32\escndv\es00a3\esicm.dll
+ 2011-06-02 19:18 . 2009-01-14 05:00   36864 c:\windows\twain_32\escndv\es00a3\esdscl.dll
+ 2011-06-02 19:18 . 2008-07-16 05:00   94208 c:\windows\twain_32\escndv\es00a3\esdde.dll
+ 2011-06-02 19:18 . 2006-11-02 05:00   90112 c:\windows\twain_32\escndv\es00a3\esddc.dll
+ 2011-07-02 03:09 . 2011-07-02 03:09   16384 c:\windows\temp\Perflib_Perfdata_740.dat
+ 2011-06-02 19:20 . 2007-12-07 05:06   45056 c:\windows\system32\spool\drivers\w32x86\epsonworkforce_630699d\EBPBIDI.DLL
+ 2011-06-02 19:19 . 2009-09-14 05:00   68096 c:\windows\system32\spool\drivers\w32x86\epsonworkforce_630699d\E_FREDGBA.DLL
+ 2011-06-02 19:20 . 2009-06-18 04:30   53760 c:\windows\system32\spool\drivers\w32x86\epsonworkforce_630699d\E_FMW0GBA.DLL
+ 2011-06-02 19:20 . 2008-12-15 08:37   21826 c:\windows\system32\spool\drivers\w32x86\epsonworkforce_630699d\E_FINSGBA.DAT
+ 2011-06-02 19:20 . 2010-02-03 00:01   32256 c:\windows\system32\spool\drivers\w32x86\epsonworkforce_630699d\E_FHSRGBA.DLL
+ 2011-06-02 19:19 . 2009-08-10 03:07   23040 c:\windows\system32\spool\drivers\w32x86\epsonworkforce_630699d\E_FGRCGBA.DLL
+ 2011-06-02 19:20 . 2009-11-05 00:06   18944 c:\windows\system32\spool\drivers\w32x86\epsonworkforce_630699d\E_FGEPGBA.DLL
+ 2011-06-02 19:20 . 2009-08-24 06:08   47104 c:\windows\system32\spool\drivers\w32x86\epsonworkforce_630699d\E_FBL6GBA.DLL
+ 2011-06-02 19:20 . 2007-12-07 05:03   42496 c:\windows\system32\spool\drivers\w32x86\epsonworkforce_630699d\E_FBA6GBA.DLL
+ 2011-06-02 19:19 . 2010-03-12 00:00   24064 c:\windows\system32\spool\drivers\w32x86\epsonworkforce_630699d\E_FAUDGBA.DLL
+ 2011-06-02 19:20 . 2009-12-09 06:00   64000 c:\windows\system32\spool\drivers\w32x86\epsonworkforce_630699d\E_FASRGBA.DLL
+ 2009-12-18 04:07 . 2010-07-28 15:05   21504 c:\windows\system32\spool\drivers\w32x86\3\EFXGI09A.DLL
- 2006-11-21 18:05 . 2006-11-21 18:05   94208 c:\windows\system32\spool\drivers\w32x86\3\EBPSHRE4.DLL
+ 2006-11-21 18:05 . 2010-07-28 15:04   94208 c:\windows\system32\spool\drivers\w32x86\3\EBPSHRE4.DLL
+ 2008-11-04 19:01 . 2010-07-28 15:04   23048 c:\windows\system32\spool\drivers\w32x86\3\E_SAG4ST.DAT
+ 2011-06-02 19:19 . 2009-09-14 05:00   68096 c:\windows\system32\spool\drivers\w32x86\3\E_FREDGBA.DLL
+ 2011-06-02 19:20 . 2009-06-18 04:30   53760 c:\windows\system32\spool\drivers\w32x86\3\E_FMW0GBA.DLL
+ 2011-06-02 19:20 . 2008-12-15 08:37   21826 c:\windows\system32\spool\drivers\w32x86\3\E_FINSGBA.DAT
+ 2011-06-02 19:20 . 2010-02-03 00:01   32256 c:\windows\system32\spool\drivers\w32x86\3\E_FHSRGBA.DLL
+ 2011-06-02 19:19 . 2009-08-10 03:07   23040 c:\windows\system32\spool\drivers\w32x86\3\E_FGRCGBA.DLL
+ 2011-06-02 19:20 . 2009-11-05 00:06   18944 c:\windows\system32\spool\drivers\w32x86\3\E_FGEPGBA.DLL
+ 2011-06-02 19:20 . 2009-08-24 06:08   47104 c:\windows\system32\spool\drivers\w32x86\3\E_FBL6GBA.DLL
+ 2011-06-02 19:20 . 2007-12-07 05:03   42496 c:\windows\system32\spool\drivers\w32x86\3\E_FBA6GBA.DLL
+ 2011-06-02 19:19 . 2010-03-12 00:00   24064 c:\windows\system32\spool\drivers\w32x86\3\E_FAUDGBA.DLL
+ 2011-06-02 19:20 . 2009-12-09 06:00   64000 c:\windows\system32\spool\drivers\w32x86\3\E_FASRGBA.DLL
+ 2009-09-21 20:29 . 2011-06-28 08:20   78738 c:\windows\system32\perfc009.dat
- 2009-09-21 20:29 . 2010-12-20 23:59   66560 c:\windows\system32\mshtmled.dll
+ 2009-09-21 20:29 . 2011-04-25 16:11   66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 10:31 . 2011-04-25 16:11   55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 10:31 . 2010-12-20 23:59   55296 c:\windows\system32\msfeedsbs.dll
+ 2009-09-21 20:29 . 2011-04-25 16:11   25600 c:\windows\system32\jsproxy.dll
- 2009-09-21 20:29 . 2010-12-20 23:59   25600 c:\windows\system32\jsproxy.dll
+ 2009-12-18 04:04 . 2009-05-01 05:00   15872 c:\windows\system32\escdev.dll
+ 2011-06-02 19:19 . 2007-11-28 00:15   58285 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\SAGENT4.EXE
+ 2011-06-02 19:19 . 2010-02-03 10:02   65091 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\EPUTY297.EXE
+ 2011-06-02 19:19 . 2009-08-10 03:07   11345 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\EPIPGI20.DLL
+ 2011-06-02 19:19 . 2009-10-01 03:01   33743 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\ECBTEGB.DLL
+ 2011-06-02 19:19 . 2008-11-12 02:00   29590 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\ECBTEG.DLL
+ 2011-06-02 19:19 . 2006-11-22 00:05   37624 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\EBPSHRE4.DLL
+ 2011-06-02 19:19 . 2008-11-12 02:00   41143 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\EBPMONB.DLL
+ 2011-06-02 19:19 . 2010-04-14 06:02   47434 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\EBPMON25.DLL
+ 2011-06-02 19:19 . 2000-06-07 01:01   13417 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\EBPCHP.DLL
+ 2011-06-02 19:19 . 2009-08-24 06:08   24352 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\EBPBIDI6.DLL
+ 2011-06-02 19:19 . 2007-12-07 05:06   23214 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\EBPBIDI.DLL
+ 2011-06-02 19:19 . 2007-12-07 05:03   20200 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\EBAPI6.DLL
+ 2011-06-02 19:19 . 2007-11-28 04:15   78160 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\EBAPI5.DLL
+ 2011-06-02 19:19 . 2007-11-28 04:15   78160 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\EBAPI4.DLL
+ 2011-06-02 19:19 . 2008-09-12 05:02   68830 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_SKU327.DLL
+ 2011-06-02 19:19 . 2009-12-09 06:00   12735 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_SCE0A7.DLL
+ 2011-06-02 19:19 . 2009-12-09 06:00   87346 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_SCB0B5.DLL
+ 2011-06-02 19:19 . 2006-04-24 02:00   49752 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_SAGSET.DLL
+ 2011-06-02 19:19 . 2009-09-14 02:00   83356 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_SACS27.EXE
+ 2011-06-02 19:19 . 2009-09-14 05:00   78376 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_S50ST7.EXE
+ 2011-06-02 19:19 . 2009-09-14 05:00   62873 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_S50RP7.EXE
+ 2011-06-02 19:19 . 2009-11-20 00:01   90046 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_H6UIR7.DLL
+ 2011-06-02 19:19 . 2009-09-14 05:00   46589 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_DRED10.DLL
+ 2011-06-02 19:19 . 2009-12-10 04:00   94507 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_DMAI30.DLL
+ 2011-06-02 19:19 . 2008-09-29 01:00   68364 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_DLMW01.DLL
+ 2011-06-02 19:19 . 2009-08-06 08:01   70501 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_DIX0RA.DLL
+ 2011-06-02 19:19 . 2009-06-18 04:30   30998 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_DIRCG5.DLL
+ 2011-06-02 19:19 . 2010-03-24 08:01   31889 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_DI0GAA.DLL
+ 2011-06-02 19:19 . 2008-10-27 04:30   62879 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_DHB750.DLL
+ 2011-06-02 19:19 . 2009-12-10 04:00   56251 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_DDSP30.DLL
+ 2011-06-02 19:19 . 2010-03-12 00:00   12572 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_DAUDF1.DLL
- 2009-09-21 20:29 . 2008-08-21 12:00   45568 c:\windows\system32\dnsrslvr.dll
+ 2009-09-21 20:29 . 2009-04-20 17:17   45568 c:\windows\system32\dnsrslvr.dll
+ 2011-01-03 13:29 . 2011-04-25 16:11   12800 c:\windows\system32\dllcache\xpshims.dll
- 2011-01-03 13:29 . 2010-12-20 23:59   12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-09-21 20:29 . 2010-12-20 23:59   66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-09-21 20:29 . 2011-04-25 16:11   66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-01-03 13:29 . 2011-04-25 16:11   55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2011-01-03 13:29 . 2010-12-20 23:59   55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-21 20:29 . 2011-04-25 16:11   43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-09-21 20:29 . 2010-12-20 23:59   43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-09-21 20:29 . 2010-12-20 23:59   25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-09-21 20:29 . 2011-04-25 16:11   25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-09-21 20:29 . 2008-08-21 12:00   45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2009-09-21 20:29 . 2009-04-20 17:17   45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2011-07-02 01:57 . 2011-07-02 01:57   28160 c:\windows\Installer\474db.msi
+ 2011-04-07 16:05 . 2011-06-17 08:31   49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2011-04-07 16:05 . 2011-04-07 16:05   49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-06-17 08:19 . 2011-02-22 23:06   12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll
+ 2011-06-17 08:18 . 2011-02-22 23:06   66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll
+ 2011-06-17 08:18 . 2011-02-22 23:06   55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll
+ 2011-06-17 08:18 . 2011-02-22 23:06   43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll
+ 2011-06-17 08:18 . 2011-02-22 23:06   25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll
+ 2011-04-15 08:39 . 2010-12-20 23:59   12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
+ 2011-04-15 08:39 . 2010-12-20 23:59   66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
+ 2011-04-15 08:39 . 2010-12-20 23:59   55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
+ 2011-04-15 08:39 . 2010-12-20 23:59   43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
+ 2011-04-15 08:39 . 2010-12-20 23:59   25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
+ 2011-06-28 08:31 . 2011-06-28 08:31   60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
+ 2011-06-28 08:48 . 2011-06-28 08:48   37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\61c3b1e170de97a8d418b610bd9b0c77\System.Windows.Presentation.ni.dll
+ 2011-06-28 08:46 . 2011-06-28 08:46   36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a4173f12a0fea30f95bc56ab04f64cae\System.Web.DynamicData.Design.ni.dll
+ 2011-06-28 08:38 . 2011-06-28 08:38   94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ab5802527ce15dbcc25e301dbbb4d666\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-06-28 08:38 . 2011-06-28 08:38   82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
+ 2011-06-28 08:26 . 2011-06-28 08:26   47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e9bb32c656a2f80b629f129d738c392b\PresentationFontCache.ni.exe
+ 2011-06-28 08:25 . 2011-06-28 08:25   39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\d54d318ae1eb0667badea576d0534f9d\PresentationCFFRasterizer.ni.dll
+ 2011-06-28 08:42 . 2011-06-28 08:42   55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\87fe1d01b568b3bc9c750b7cf7802516\Microsoft.Vsa.ni.dll
+ 2011-06-28 08:37 . 2011-06-28 08:37   65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
+ 2011-06-28 08:36 . 2011-06-28 08:36   74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
+ 2011-06-28 08:36 . 2011-06-28 08:36   14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
+ 2011-06-28 08:33 . 2011-06-28 08:33   25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
- 2010-10-06 08:02 . 2010-10-06 08:02   77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-06-28 08:18 . 2011-06-28 08:18   77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-10-06 08:02 . 2010-10-06 08:02   81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-06-28 08:18 . 2011-06-28 08:18   81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-06-28 08:19 . 2011-06-28 08:19   81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-10-06 08:03 . 2010-10-06 08:03   81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-06-28 08:18 . 2011-06-28 08:18   32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-06 08:02 . 2010-10-06 08:02   32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-06 08:02 . 2010-10-06 08:02   12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-06-28 08:18 . 2011-06-28 08:18   12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-06 08:02 . 2010-10-06 08:02   28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-06-28 08:18 . 2011-06-28 08:18   28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-06-28 08:19 . 2011-06-28 08:19   77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-06 08:03 . 2010-10-06 08:03   77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-06-28 08:19 . 2011-06-28 08:19   36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-06 08:03 . 2010-10-06 08:03   36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-06 08:02 . 2010-10-06 08:02   77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-06-28 08:18 . 2011-06-28 08:18   77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-06 08:02 . 2010-10-06 08:02   13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-06-28 08:18 . 2011-06-28 08:18   13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-06-28 08:18 . 2011-06-28 08:18   10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-06 08:02 . 2010-10-06 08:02   10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-06 08:02 . 2010-10-06 08:02   72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-06-28 08:18 . 2011-06-28 08:18   72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-06-28 08:18 . 2011-06-28 08:18   69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-06 08:02 . 2010-10-06 08:02   69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-04-15 08:06 . 2008-08-21 12:00   45568 c:\windows\$NtUninstallKB2509553$\dnsrslvr.dll
+ 2011-04-15 08:17 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2511455\update\spcustom.dll
+ 2011-04-15 08:17 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2511455\spmsg.dll
+ 2011-04-15 08:05 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2510531-IE8\update\spcustom.dll
+ 2011-04-15 08:05 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2510531-IE8\spmsg.dll
+ 2011-04-15 08:06 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2509553\update\spcustom.dll
+ 2011-04-15 08:06 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2509553\spmsg.dll
+ 2009-04-20 17:06 . 2009-04-20 17:06   45568 c:\windows\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll
+ 2011-04-15 08:18 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2508429\update\spcustom.dll
+ 2011-04-15 08:18 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2508429\spmsg.dll
+ 2011-04-15 08:19 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2508272\update\spcustom.dll
+ 2011-04-15 08:19 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2508272\spmsg.dll
+ 2011-04-15 08:18 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2507618\update\spcustom.dll
+ 2011-04-15 08:18 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2507618\spmsg.dll
+ 2011-04-15 08:43 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2506223\update\spcustom.dll
+ 2011-04-15 08:43 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2506223\spmsg.dll
+ 2011-04-15 08:16 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2506212\update\spcustom.dll
+ 2011-04-15 08:16 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2506212\spmsg.dll
+ 2011-04-15 08:18 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2503658\update\spcustom.dll
+ 2011-04-15 08:18 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2503658\spmsg.dll
+ 2011-04-15 08:40 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2497640-IE8\update\spcustom.dll
+ 2011-04-15 08:40 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2497640-IE8\spmsg.dll
+ 2011-04-14 19:41 . 2011-02-22 23:27   12800 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\xpshims.dll
+ 2011-04-14 19:42 . 2011-02-22 23:27   66560 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtmled.dll
+ 2011-04-14 19:42 . 2011-02-22 23:27   55296 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\msfeedsbs.dll
+ 2011-04-14 19:42 . 2011-02-22 23:27   43520 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\licmgr10.dll
+ 2011-04-14 19:42 . 2011-02-22 23:27   25600 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\jsproxy.dll
+ 2011-04-15 08:45 . 2010-07-05 13:15   26488 c:\windows\$hf_mig$\KB2485663\update\spcustom.dll
+ 2011-04-15 08:45 . 2010-07-05 13:15   17272 c:\windows\$hf_mig$\KB2485663\spmsg.dll
- 2010-10-06 08:02 . 2010-10-06 08:02   8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-06-28 08:18 . 2011-06-28 08:18   8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-12-01 02:19 . 2010-08-26 12:52   5120 c:\windows\system32\xpsp4res.dll
+ 2009-12-01 02:19 . 2011-02-17 12:32   5120 c:\windows\system32\xpsp4res.dll
+ 2011-06-02 19:20 . 2009-10-14 07:00   3818 c:\windows\system32\spool\drivers\w32x86\epsonworkforce_630699d\E_FAIFGBA.DAT
+ 2011-06-02 19:20 . 2008-10-15 03:02   7168 c:\windows\system32\spool\drivers\w32x86\epsonworkforce_630699d\E_DUPA3E.DLL
+ 2011-06-02 19:20 . 2009-10-14 07:00   3818 c:\windows\system32\spool\drivers\w32x86\3\E_FAIFGBA.DAT
+ 2009-12-18 04:04 . 2008-10-15 03:02   7168 c:\windows\system32\spool\drivers\w32x86\3\E_DUPA3E.DLL
- 2009-12-18 04:04 . 2008-10-15 03:02   7168 c:\windows\system32\spool\drivers\w32x86\3\E_DUPA3E.DLL
+ 2011-06-02 19:19 . 2008-12-15 08:37   4068 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\EPUPDATE.DAT
+ 2011-06-02 19:19 . 2010-02-03 00:01   6196 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_HCE0B7.DLL
+ 2011-06-02 19:19 . 2008-10-15 03:02   1959 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_DUPA3E.DLL
+ 2011-06-02 19:19 . 2009-11-05 00:06   8920 c:\windows\system32\DRVSTORE\E_DF1GBA_24B880757BB145483C2D2989FD6004009A7D6A31\WINX86\E_DGE321.DLL
- 2010-10-06 08:02 . 2010-10-06 08:02   7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-06-28 08:18 . 2011-06-28 08:18   7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-06 08:03 . 2010-10-06 08:03   5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-06-28 08:19 . 2011-06-28 08:19   5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-06-28 08:18 . 2011-06-28 08:18   6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-10-06 08:02 . 2010-10-06 08:02   6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-06-28 08:18 . 2011-06-28 08:18   8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-06 08:02 . 2010-10-06 08:02   8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-04-15 08:18 . 2010-08-26 12:52   5120 &

SuperDave · « **Reply #5 on:** July 02, 2011, 05:45:43 PM »

It appears that you didn't send me the whole log from ComboFix. Could you please send it again in its entirety?

distrutled · « **Reply #6 on:** July 06, 2011, 04:23:16 PM »

I'm sorry, and I misread your request, so I actually reran combo fix and here is the new log.

ComboFix 11-07-06.03 - Mike 07/06/2011 17:05:46.15.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.998.592 [GMT -5:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2760\20252d6e001ae3774b425e81ba09b666\Fcntl.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2760\2076671ee5d0a5323570c92c74abac6f\Process.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2760\23ae7fb85999872530b5a5d4d67a4f44\Registry.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2760\23fe5d76b9491fa255db2281ac7687d5\Service.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2760\2d2847f7dd2a1fddd0fdb79d9d64ba93\List.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2760\6a834a555edd63cb8706466e7c1666f2\Hostname.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2760\7020d50af327e3fc94b98242c307fc81\Cwd.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2760\7dd16cc839f33995d1a58e2773aa29b8\WinError.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2760\855297e7b4b860331fdbdd53426f5e15\Dumper.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2760\86351894c58e4804ca004825fea78bbb\Encode.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2760\a7c0cce4e1ac2c1f6d3e71bbe3c9bdd3\Socket.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2760\b7b4505cb0a127c242f14d779e410e03\POSIX.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2760\c3da4aa4c02db51c7f94d5eaf2438023\OLE.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2760\f48694173221cfa9bad4275e2389b498\Win32.dll
c:\docume~1\Mike\LOCALS~1\Temp\pdk-Mike-2760\perl510.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2760\20252d6e001ae3774b425e81ba09b666\Fcntl.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2760\2076671ee5d0a5323570c92c74abac6f\Process.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2760\23ae7fb85999872530b5a5d4d67a4f44\Registry.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2760\23fe5d76b9491fa255db2281ac7687d5\Service.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2760\2d2847f7dd2a1fddd0fdb79d9d64ba93\List.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2760\6a834a555edd63cb8706466e7c1666f2\Hostname.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2760\7020d50af327e3fc94b98242c307fc81\Cwd.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2760\7dd16cc839f33995d1a58e2773aa29b8\WinError.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2760\855297e7b4b860331fdbdd53426f5e15\Dumper.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2760\86351894c58e4804ca004825fea78bbb\Encode.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2760\a7c0cce4e1ac2c1f6d3e71bbe3c9bdd3\Socket.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2760\b7b4505cb0a127c242f14d779e410e03\POSIX.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2760\c3da4aa4c02db51c7f94d5eaf2438023\OLE.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2760\f48694173221cfa9bad4275e2389b498\Win32.dll
c:\documents and settings\Mike\Local Settings\temp\pdk-Mike-2760\perl510.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-07-02 02:05 . 2011-07-02 02:05   --------   d-----w-   c:\program files\Common Files\Adobe
2011-07-02 01:47 . 2011-07-02 01:47   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 08:13 . 2011-06-17 09:03   --------   d-----w-   c:\windows\SxsCaPendDel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 14:11 . 2010-07-24 06:09   39984   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2010-07-24 06:09   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-13 02:51 . 2010-12-29 07:42   284744   ----a-w-   c:\windows\system32\guard32.dll
2011-05-13 02:51 . 2010-12-29 07:41   97504   ----a-w-   c:\windows\system32\drivers\inspect.sys
2011-05-13 02:51 . 2010-12-29 07:41   29400   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2011-05-13 02:51 . 2010-12-29 07:41   242472   ----a-w-   c:\windows\system32\drivers\cmdGuard.sys
2011-05-13 02:51 . 2010-12-29 07:41   17416   ----a-w-   c:\windows\system32\drivers\cmderd.sys
2011-05-04 09:52 . 2010-07-25 16:57   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-05-04 07:25 . 2011-04-07 15:42   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2009-09-21 20:41   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2009-09-21 20:29   151552   ----a-w-   c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2009-09-21 20:29   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2009-09-21 20:29   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2009-09-21 20:29   43520   ------w-   c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2009-09-21 20:29   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2009-09-21 20:29   385024   ------w-   c:\windows\system32\html.iec
2011-04-21 13:37 . 2009-09-21 20:29   105472   ----a-w-   c:\windows\system32\drivers\mup.sys
2011-04-17 16:30 . 2011-04-17 16:25   664   ----a-w-   c:\documents and settings\AIDAN.MICHAEL\Local Settings\Application Data\d3d9caps.tmp
.
.
((((((((((((((((((((((((((((( SnapShot_2011-07-02_03.43.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-06 22:11 . 2011-07-06 22:11   16384 c:\windows\temp\Perflib_Perfdata_748.dat
+ 2010-12-31 02:34 . 2011-07-03 04:18   1474832 c:\windows\system32\drivers\sfi.dat
- 2010-12-31 02:34 . 2011-07-02 02:59   1474832 c:\windows\system32\drivers\sfi.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-29 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-29 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-29 81920]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-07-13 9134080]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-13 2552648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\Mike\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2004-10-15 65588]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]
Squeezebox Server Tray Tool.lnk - c:\program files\Squeezebox\SqueezeTray.exe [2010-10-20 2351191]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:Squeezebox Server 9000 tcp (UI)
"9001:TCP"= 9001:TCP:Squeezebox Server 9001 tcp (UI)
"9002:TCP"= 9002:TCP:Squeezebox Server 9002 tcp (UI)
"9003:TCP"= 9003:TCP:Squeezebox Server 9003 tcp (UI)
"9004:TCP"= 9004:TCP:Squeezebox Server 9004 tcp (UI)
"9005:TCP"= 9005:TCP:Squeezebox Server 9005 tcp (UI)
"9006:TCP"= 9006:TCP:Squeezebox Server 9006 tcp (UI)
"9007:TCP"= 9007:TCP:Squeezebox Server 9007 tcp (UI)
"9008:TCP"= 9008:TCP:Squeezebox Server 9008 tcp (UI)
"9009:TCP"= 9009:TCP:Squeezebox Server 9009 tcp (UI)
"9010:TCP"= 9010:TCP:Squeezebox Server 9010 tcp (UI)
"9100:TCP"= 9100:TCP:Squeezebox Server 9100 tcp (UI)
"8000:TCP"= 8000:TCP:Squeezebox Server 8000 tcp (UI)
"10000:TCP"= 10000:TCP:Squeezebox Server 10000 tcp (UI)
"9090:TCP"= 9090:TCP:Squeezebox Server 9090 tcp (UI)
"3483:UDP"= 3483:UDP:Squeezebox Server 3483 udp
"3483:TCP"= 3483:TCP:Squeezebox Server 3483 tcp
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [12/29/2010 2:41 AM 17416]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [12/29/2010 2:41 AM 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/29/2010 2:41 AM 29400]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 4:13 PM 38144]
R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~1\Cache\my.cnf SqueezeMySQL --> c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~1\Cache\my.cnf SqueezeMySQL [?]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 6:02 PM 287232]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{08254751-F0E0-4DC7-9FCA-06A52E8C9869}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{DE3A5C69-763A-45FF-A999-71154F23952B}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\uk3k73oz.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-06 17:12
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3524)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2011-07-06 17:16:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-06 22:16
ComboFix2.txt 2011-07-02 03:47
ComboFix3.txt 2011-04-08 03:38
.
Pre-Run: 63,948,562,432 bytes free
Post-Run: 63,935,053,824 bytes free
.
- - End Of File - - F432139739C8EE3DEEA5278871760EDC

SuperDave · « **Reply #7 on:** July 06, 2011, 04:26:47 PM »

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

distrutled · « **Reply #8 on:** July 06, 2011, 07:19:05 PM »

Okay that took a while because I was trying to run it without extracting the file and it was getting hung up. Anyway, here is the log.

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: Combo-Fix.sys
Service Name: ---
Module Base: F7556000
Module End: F7565000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AA2CA000
Module End: AA2E2000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7A36000
Module End: F7A38000
Hidden: Yes

Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: F78FE000
Module End: F7906000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: F7A68000
Module End: F7A6A000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAdjustPrivilegesToken
Address: AA53C8B2
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwConnectPort
Address: AA53BE48
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateFile
Address: AA53C518
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateKey
Address: AA53D126
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreatePort
Address: AA53BD28
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSection
Address: AA53F1E0
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSymbolicLinkObject
Address: AA53F568
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateThread
Address: AA53B714
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteKey
Address: AA53CA9E
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteValueKey
Address: AA53CC9E
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDuplicateObject
Address: AA53B51A
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwEnumerateKey
Address: AA53D864
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwEnumerateValueKey
Address: AA53DABA
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwLoadDriver
Address: AA53EBF0
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwMakeTemporaryObject
Address: AA53C110
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenFile
Address: AA53C6F4
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenKey
Address: AA53D116
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenProcess
Address: AA53B148
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenSection
Address: AA53C3B4
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenThread
Address: AA53B34C
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryKey
Address: AA53DCC8
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryMultipleValueKey
Address: AA53E11C
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryValueKey
Address: AA53DEDA
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRenameKey
Address: AA53D67C
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRequestWaitReplyPort
Address: AA53E68C
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSecureConnectPort
Address: AA53E940
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSecurityObject
Address: AA53CEEE
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSystemInformation
Address: AA53EEE8
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetValueKey
Address: AA53D3F4
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwShutdownSystem
Address: AA53C07A
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSystemDebugControl
Address: AA53C2A0
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateProcess
Address: AA53BB2A
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateThread
Address: AA53B918
Driver Base: AA532000
Driver End: AA56B000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

SuperDave · « **Reply #9 on:** July 07, 2011, 04:41:57 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

distrutled · « **Reply #10 on:** July 07, 2011, 08:06:45 PM »

I ran the ESET scan but I didn't see a button for list threats or a button for export to text. I may have hit the finished button too soon. The weird thing is my machine won't let me see files under my computer. Every time I go to "my computer", I get a not responding message...

distrutled · « **Reply #11 on:** July 07, 2011, 09:41:22 PM »

Okay, it took a little while, but now I am able to see my program files. Here is the log that was in the ESET online scanner folder.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=17e1e7d750000e45a6e1160e9aef7e3e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-08 01:46:34
# local_time=2011-07-07 08:46:34 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 49528104 49528104 0 0
# compatibility_mode=768 16777215 100 0 28955044 28955044 0 0
# compatibility_mode=1024 16777215 100 0 21543643 21543643 0 0
# compatibility_mode=3073 16777189 80 75 0 3910911 0 0
# compatibility_mode=8192 67108863 100 0 16171081 16171081 0 0
# scanned=53719
# found=0
# cleaned=0
# scan_time=2092
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=17e1e7d750000e45a6e1160e9aef7e3e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-08 03:18:28
# local_time=2011-07-07 10:18:28 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 49533624 49533624 0 0
# compatibility_mode=768 16777215 100 0 28960564 28960564 0 0
# compatibility_mode=1024 16777215 100 0 21549163 21549163 0 0
# compatibility_mode=3073 16777189 80 75 0 3916431 0 0
# compatibility_mode=8192 67108863 100 0 16176601 16176601 0 0
# scanned=53754
# found=0
# cleaned=0
# scan_time=2085

SuperDave · « **Reply #12 on:** July 08, 2011, 04:28:08 PM »

Ok. That looks good. If there are no other issues, we can do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

************************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

distrutled · « **Reply #13 on:** July 08, 2011, 06:21:55 PM »

Thanks for everything.

SuperDave · « **Reply #14 on:** July 09, 2011, 12:45:56 PM »

Quote from: distrutled on July 08, 2011, 06:21:55 PM

Thanks for everything.

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Computer Hope Forum

News:

Author Topic: Possible infected computer (Read 7687 times)

distrutled

Possible infected computer

SuperDave

Re: Possible infected computer

distrutled

Re: Possible infected computer

SuperDave

Re: Possible infected computer

distrutled

Re: Possible infected computer

SuperDave

Re: Possible infected computer

distrutled

Re: Possible infected computer

SuperDave

Re: Possible infected computer

distrutled

Re: Possible infected computer

SuperDave

Re: Possible infected computer

distrutled

Re: Possible infected computer

distrutled

Re: Possible infected computer

SuperDave

Re: Possible infected computer

distrutled

Re: Possible infected computer

SuperDave

Re: Possible infected computer