Removing AV Security Suite after-effects

View previous topic View next topic Go down

Removing AV Security Suite after-effects

Post by bobo337 on Sun Jun 13, 2010 9:17 am

Hi I've gotten help from here before and recently I was infected with the dreaded AV security suite and I found a guide on this site on how to remove and I removed it, but it is still affecting me with the other viruses that it has installed mainly a fake search engine on firefox. It's in the top-right hand of firefox where the search engine usually is but instead of it being google, it it wish-search.com. I was wondering how do I fix this and if there are any other known effects of AV security suite that I should get rid of, I've run Malwarebytes' anti malware 5 times since I was originally infected but it seems that there are new infections every time I get rid of the old ones. Thank you for any help and the HijackThis log is as follows:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:33 AM, on 6/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1048
F1 - win.ini: run=C:\RECYCLER\lsass.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Knelu] rundll32.exe "C:\WINDOWS\sdbdepi.dll",Startup
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\MSTask.exe (file missing)

--
End of file - 5774 bytes

bobo337
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-01-30
OS : Windows XP

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by bobo337 on Sun Jun 13, 2010 9:43 am

As I re-read the *READ THIS POST* post it seems you want an oldtimer log, the OTL.txt is as follows:

OTL logfile created on: 6/13/2010 4:24:38 AM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 19.13 Gb Free Space | 27.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOEY-6F5C874A00
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/13 04:24:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/14 11:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/04/14 11:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/03 10:51:56 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/15 16:59:14 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe
PRC - [2007/09/12 12:52:18 | 000,172,032 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe
PRC - [2007/08/16 18:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files\Razer\Lachesis\OSD.exe
PRC - [2007/06/05 11:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Lachesis\razerofa.exe
PRC - [2006/11/27 16:44:48 | 000,135,221 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/11/27 16:44:26 | 000,065,593 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/04/13 15:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe


========== Modules (SafeList) ==========

MOD - [2010/06/13 04:24:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/14 07:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/14 11:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 11:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 11:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006/11/27 16:44:48 | 000,135,221 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/11/27 16:44:26 | 000,065,593 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/13 15:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - [2010/04/14 11:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/04/14 11:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/04/14 11:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/04/14 11:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/04/14 11:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/14 11:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/20 21:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/03 08:56:07 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2008/11/11 17:21:52 | 004,946,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/08/08 11:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2004/02/25 23:27:04 | 000,038,904 | ---- | M] (Razer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\razerusb.sys -- (razerusb)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adm8511.sys -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1048

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedengine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.20.03
FF - prefs.js..extensions.enabledItems: {0B823001-3D05-4DE9-B63C-6EFC3675698E}:1.9.1
FF - prefs.js..keyword.URL: "http://search.wish-search.com/?sid=10101022100&s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.wish-search.com/?sid=10101022100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{0B823001-3D05-4DE9-B63C-6EFC3675698E}: C:\Documents and Settings\Owner\Local Settings\Application Data\{0B823001-3D05-4DE9-B63C-6EFC3675698E} [2010/06/10 04:09:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/18 13:06:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/13 04:23:38 | 000,000,000 | ---D | M]

[2009/08/05 10:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/06/13 03:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f094zcze.default\extensions
[2010/06/10 04:17:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f094zcze.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/13 03:59:50 | 000,000,000 | ---D | M] (googlebar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f094zcze.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2010/06/13 04:23:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/13 04:23:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/13 04:23:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/07 08:01:38 | 000,002,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/06/10 12:12:45 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe File not found
O4 - HKCU..\Run: [Knelu] C:\WINDOWS\sdbdepi.DLL (MaresWEB)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 69.1.30.43 69.1.30.42
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 17:06:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/07/31 11:47:52 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69256455022182400)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/13 04:24:17 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/13 04:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/13 04:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/13 04:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/06/13 04:23:38 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/13 04:23:38 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/13 04:23:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/13 04:23:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/13 04:23:38 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/10 16:55:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/10 11:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/10 11:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/06/10 11:16:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
[2010/06/10 04:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/10 04:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/10 04:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{0B823001-3D05-4DE9-B63C-6EFC3675698E}
[2010/06/10 04:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\wsxlth
[2010/06/10 04:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/06/10 04:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sky-Banners
[2010/06/10 04:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Street-Ads
[2010/06/10 04:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\$NtUninstallWTF1012$
[2010/06/10 04:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\2D292D8BC62C7A1F0D9DE42895D4EA9F
[2010/06/07 21:31:30 | 002,568,656 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Owner\Desktop\flashplayer10_1_rc7_plugin_060210.exe
[2010/05/24 19:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sony
[2010/05/24 19:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/24 17:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Vuze Downloads
[2010/05/24 17:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/24 17:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2010/05/24 17:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2010/05/24 17:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/05/24 17:26:19 | 008,463,808 | ---- | C] (Vuze Inc.) -- C:\Documents and Settings\Owner\Desktop\Vuze_Installer.exe
[2010/05/14 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\champ
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/13 04:24:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/13 04:23:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/13 04:23:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/13 04:23:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/13 04:23:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/13 04:23:30 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/13 03:50:39 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/06/13 03:50:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/13 03:49:56 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/06/13 03:21:01 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/06/12 15:00:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/12 05:16:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/06/10 17:01:19 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.bat
[2010/06/10 16:55:51 | 004,813,322 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/06/10 12:51:06 | 001,088,154 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lolol3.bmp
[2010/06/10 12:00:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/10 11:51:59 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/06/10 04:39:42 | 000,000,094 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/06/10 04:10:49 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\syssvc.exe
[2010/06/10 04:09:47 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Uxucujagedeyoxi.dat
[2010/06/10 04:09:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Wgumerami.bin
[2010/06/10 04:08:08 | 000,050,981 | ---- | M] () -- C:\WINDOWS\System32\fzspzpgmqw.exe
[2010/06/09 22:53:40 | 002,061,312 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Combat_1.5.1.xls
[2010/06/08 21:39:13 | 001,193,754 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ahahahahahaha.bmp
[2010/06/07 21:31:31 | 002,568,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Owner\Desktop\flashplayer10_1_rc7_plugin_060210.exe
[2010/06/07 14:52:12 | 000,077,814 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lolol2.bmp
[2010/06/06 00:26:57 | 001,316,226 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fuckintri.bmp
[2010/06/04 11:04:25 | 000,010,561 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\awesome.JPG
[2010/06/03 15:45:28 | 000,000,036 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/02 15:12:06 | 000,521,454 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lolol.bmp
[2010/05/31 20:04:02 | 003,625,014 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\what....bmp
[2010/05/29 11:37:40 | 000,082,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CATACLYSMBETAOMG.JPG
[2010/05/27 23:16:31 | 000,054,966 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\What.bmp
[2010/05/25 13:33:34 | 000,394,148 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Cherry Professor Putricide.gif
[2010/05/24 17:26:50 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2010/05/24 17:26:22 | 008,463,808 | ---- | M] (Vuze Inc.) -- C:\Documents and Settings\Owner\Desktop\Vuze_Installer.exe
[2010/05/24 11:31:20 | 000,040,633 | ---- | M] () -- C:\WINDOWS\System32\qvscgvws.exe
[2010/05/23 13:16:07 | 000,433,033 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WoWScrnShot_052310_131607.jpg
[2010/05/22 21:08:59 | 000,361,043 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Rhapsode.jpg
[2010/05/21 14:25:02 | 000,039,242 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Thumbsup.jpg
[2010/05/21 00:22:11 | 005,760,054 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Rant SS.bmp
[2010/05/20 13:06:16 | 000,038,602 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\number 9.bmp
[2010/05/20 13:05:14 | 000,024,966 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\#9.bmp
[2010/05/17 03:01:06 | 002,061,312 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BIS list2.xls
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/10 17:01:19 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.bat
[2010/06/10 12:51:06 | 001,088,154 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\lolol3.bmp
[2010/06/10 12:00:24 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/10 04:39:42 | 000,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/10 04:10:48 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\syssvc.exe
[2010/06/10 04:09:47 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Uxucujagedeyoxi.dat
[2010/06/10 04:09:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wgumerami.bin
[2010/06/10 04:08:08 | 000,050,981 | ---- | C] () -- C:\WINDOWS\System32\fzspzpgmqw.exe
[2010/06/08 21:39:13 | 001,193,754 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ahahahahahaha.bmp
[2010/06/07 14:52:11 | 000,077,814 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\lolol2.bmp
[2010/06/06 00:26:57 | 001,316,226 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fuckintri.bmp
[2010/06/04 11:04:25 | 000,010,561 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\awesome.JPG
[2010/06/02 15:12:06 | 000,521,454 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\lolol.bmp
[2010/05/31 20:04:02 | 003,625,014 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\what....bmp
[2010/05/29 11:37:40 | 000,082,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CATACLYSMBETAOMG.JPG
[2010/05/27 23:16:31 | 000,054,966 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\What.bmp
[2010/05/25 13:33:33 | 000,394,148 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Cherry Professor Putricide.gif
[2010/05/24 17:26:50 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2010/05/24 11:31:20 | 000,040,633 | ---- | C] () -- C:\WINDOWS\System32\qvscgvws.exe
[2010/05/23 13:16:07 | 000,433,033 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WoWScrnShot_052310_131607.jpg
[2010/05/22 21:08:58 | 000,361,043 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Rhapsode.jpg
[2010/05/21 14:25:02 | 000,039,242 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Thumbsup.jpg
[2010/05/21 00:22:11 | 005,760,054 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Rant SS.bmp
[2010/05/20 13:06:16 | 000,038,602 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\number 9.bmp
[2010/05/20 13:05:14 | 000,024,966 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\#9.bmp
[2010/05/18 16:38:25 | 002,061,312 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Combat testing.xls
[2010/05/17 03:00:12 | 002,061,312 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BIS list2.xls
[2009/08/05 18:30:52 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/07/31 11:51:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/31 11:51:20 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/31 11:51:20 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2008/04/14 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2008/04/14 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2008/04/14 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2008/04/14 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2008/04/14 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2008/04/14 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2008/04/14 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2008/04/14 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2008/04/14 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2008/04/14 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2008/04/14 07:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2008/04/14 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2008/04/14 07:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2008/04/14 07:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2008/04/14 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/14 07:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 08:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/08/03 09:00:53 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/07/31 17:06:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/07/31 17:02:49 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/02/04 19:08:49 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/17 03:14:06 | 000,060,222 | ---- | M] () -- C:\Bunny.jpg
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/02/04 21:12:04 | 000,011,073 | ---- | M] () -- C:\ComboFix.txt
[2009/07/31 17:06:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/07/31 17:06:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/19 15:16:50 | 000,000,460 | -H-- | M] () -- C:\IPH.PH
[2009/07/31 17:06:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/13 03:50:26 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/08/03 09:01:37 | 000,001,655 | ---- | M] () -- C:\RHDSetup.log

< %PROGRAMFILES%\*. >
[2010/06/10 04:08:06 | 000,000,000 | ---D | M] -- C:\Program Files\$NtUninstallWTF1012$
[2010/03/22 02:26:30 | 000,000,000 | ---D | M] -- C:\Program Files\3.0.1.8874 US PTR Installer
[2010/01/21 23:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2010/01/19 15:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2010/02/21 15:09:03 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/08/23 17:04:08 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/05/24 19:40:07 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Bar Installer
[2010/06/13 04:24:02 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/07/31 17:04:31 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/08/09 17:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/10/11 18:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/06/10 11:16:38 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
[2010/04/21 17:33:16 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/06/10 16:56:31 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/06/13 04:23:28 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/01/21 15:45:42 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2010/05/08 00:38:39 | 000,000,000 | ---D | M] -- C:\Program Files\keyclone
[2010/06/10 12:00:25 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/03 09:16:21 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/05/24 19:40:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/07/31 17:06:30 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/04/30 11:30:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/07/31 17:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/06/13 04:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/03 09:21:20 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/07/31 17:03:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/07/31 17:04:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/07/31 17:05:16 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/01/21 23:19:55 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2009/07/31 17:04:09 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/01/21 15:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2009/08/13 00:26:32 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/04/21 17:22:59 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/08/23 17:04:29 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/02/01 15:25:41 | 000,000,000 | ---D | M] -- C:\Program Files\Razer
[2009/08/03 09:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/08/03 09:21:17 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/05/24 19:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2009/08/23 17:02:54 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2010/06/10 11:51:59 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/10 11:48:08 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2010/02/22 20:38:52 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/04/22 20:27:46 | 000,000,000 | ---D | M] -- C:\Program Files\StarCraft II Beta
[2009/10/10 22:34:32 | 000,000,000 | ---D | M] -- C:\Program Files\StarWarsGalaxies
[2010/06/08 01:32:08 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2010/06/13 04:23:41 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2010/01/29 20:28:08 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/08/03 06:58:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/08/05 18:30:53 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2009/10/13 09:55:07 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/05/24 17:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2010/06/07 23:10:33 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III
[2009/08/23 01:24:14 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III 1.21b ROC Installer enUS
[2009/08/23 02:27:39 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III 1.21b TFT Installer enUS
[2009/08/03 09:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/08/03 09:15:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/08/03 09:15:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/31 17:03:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/08/05 18:31:55 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/06/09 15:29:40 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2009/07/31 17:06:30 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2009/07/31 11:52:34 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2009/08/03 08:56:07 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\Chipset\IDE\IDE\Win2K\sata_ide\nvata.sys
[2009/08/03 08:56:07 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\Chipset\IDE\IDE\WinXP\sata_ide\nvata.sys
[2009/08/03 08:56:07 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2009/08/03 08:56:07 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\Chipset\IDE\IDE\Win2K\sataraid\nvatabus.sys
[2009/08/03 08:56:07 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\Chipset\IDE\IDE\WinXP\sataraid\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 01:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/14 01:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-22 23:41:26

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

As a side note when I tried to post the OTL log on my infected computer it wouldn't let me, it would say "Connection has been reset while attempting to connect".

bobo337
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-01-30
OS : Windows XP

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by Belahzur on Sun Jun 13, 2010 2:53 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O4 - HKCU..\Run: [Knelu] C:\WINDOWS\sdbdepi.DLL (MaresWEB)
    [2010/06/10 04:10:49 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\syssvc.exe
    [2010/06/10 04:09:47 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Uxucujagedeyoxi.dat
    [2010/06/10 04:09:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Wgumerami.bin
    [2010/06/10 04:08:08 | 000,050,981 | ---- | M] () -- C:\WINDOWS\System32\fzspzpgmqw.exe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by bobo337 on Sun Jun 13, 2010 6:44 pm

Alright, that's done.

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Knelu deleted successfully.
C:\WINDOWS\sdbdepi.dll moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\syssvc.exe moved successfully.
C:\WINDOWS\Uxucujagedeyoxi.dat moved successfully.
C:\WINDOWS\Wgumerami.bin moved successfully.
File C:\WINDOWS\System32\fzspzpgmqw.ex not found.

OTL by OldTimer - Version 3.2.6.0 log created on 06132010_134720

bobo337
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-01-30
OS : Windows XP

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by Belahzur on Tue Jun 15, 2010 12:17 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by bobo337 on Tue Jun 15, 2010 12:39 am

Alright, that's done.

ComboFix 10-06-14.02 - Owner 06/14/2010 19:30:18.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1713 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\2D292D8BC62C7A1F0D9DE42895D4EA9F
c:\documents and settings\Owner\Application Data\2D292D8BC62C7A1F0D9DE42895D4EA9F\enemies-names.txt
c:\documents and settings\Owner\Application Data\2D292D8BC62C7A1F0D9DE42895D4EA9F\local.ini
c:\documents and settings\Owner\Application Data\Sky-Banners
c:\documents and settings\Owner\Application Data\Street-Ads
c:\documents and settings\Owner\Local Settings\Application Data\{0B823001-3D05-4DE9-B63C-6EFC3675698E}
c:\documents and settings\Owner\Local Settings\Application Data\{0B823001-3D05-4DE9-B63C-6EFC3675698E}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{0B823001-3D05-4DE9-B63C-6EFC3675698E}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{0B823001-3D05-4DE9-B63C-6EFC3675698E}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{0B823001-3D05-4DE9-B63C-6EFC3675698E}\install.rdf
c:\windows\oxitufum.dll

Infected copy of c:\windows\system32\drivers\serial.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IAS


((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))
.

2010-06-15 00:21 . 2010-06-15 00:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-14 20:05 . 2010-06-15 00:25 120 ----a-w- c:\windows\Uxucujagedeyoxi.dat
2010-06-14 20:05 . 2010-06-14 20:05 0 ----a-w- c:\windows\Wgumerami.bin
2010-06-13 19:38 . 2010-06-13 19:38 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-36c2c8f3-n\decora-sse.dll
2010-06-13 19:38 . 2010-06-13 19:38 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2d551572-n\msvcp71.dll
2010-06-13 19:38 . 2010-06-13 19:38 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2d551572-n\jmc.dll
2010-06-13 19:38 . 2010-06-13 19:38 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2d551572-n\msvcr71.dll
2010-06-13 19:38 . 2010-06-13 19:38 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-36c2c8f3-n\decora-d3d.dll
2010-06-13 18:56 . 2010-06-13 18:56 2304 ----a-w- c:\windows\system32\dialmgr.sys
2010-06-13 09:24 . 2010-06-13 09:24 -------- d-----w- c:\program files\Common Files\Java
2010-06-13 09:23 . 2010-06-13 09:23 -------- d-----w- c:\program files\Sun
2010-06-13 09:23 . 2010-06-13 09:23 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-10 21:55 . 2010-06-10 21:55 -------- dc-h--w- c:\windows\ie8
2010-06-10 16:40 . 2010-06-10 16:48 -------- d-----w- c:\program files\Spyware Doctor
2010-06-10 16:16 . 2010-06-10 16:16 -------- d-----w- c:\program files\Enigma Software Group
2010-06-10 16:16 . 2010-06-10 17:13 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-06-10 09:08 . 2010-06-10 20:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\wsxlth
2010-06-10 09:08 . 2010-06-10 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-06-10 09:08 . 2010-06-10 09:08 50981 ----a-w- c:\windows\system32\fzspzpgmqw.exe
2010-06-10 09:08 . 2010-06-10 09:08 -------- d-----w- c:\program files\$NtUninstallWTF1012$
2010-05-25 00:40 . 2010-05-25 00:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Sony
2010-05-25 00:40 . 2010-05-25 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-05-24 22:30 . 2010-05-24 22:30 6123008 ----a-w- c:\documents and settings\Owner\Application Data\Azureus\plugins\azemp\vuzeplayer.exe
2010-05-24 22:27 . 2010-05-25 00:40 -------- d-----w- c:\program files\Microsoft
2010-05-24 22:26 . 2010-05-25 09:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2010-05-24 22:26 . 2010-05-24 22:26 -------- d-----w- c:\program files\Vuze
2010-05-24 22:26 . 2010-05-25 00:40 -------- d-----w- c:\program files\Bing Bar Installer
2010-05-24 16:31 . 2010-05-24 16:31 40633 ----a-w- c:\windows\system32\qvscgvws.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 06:06 . 2010-01-21 20:47 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-13 09:50 . 2009-08-05 17:57 -------- d-----w- c:\program files\Steam
2010-06-13 09:23 . 2010-01-21 20:44 -------- d-----w- c:\program files\Java
2010-06-10 17:07 . 2010-02-05 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-10 17:00 . 2010-01-30 00:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 16:51 . 2010-02-05 20:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-10 16:47 . 2009-08-05 18:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-10 16:16 . 2009-08-03 14:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-09 20:29 . 2009-09-28 21:12 -------- d-----w- c:\program files\World of Warcraft
2010-06-08 04:10 . 2009-08-23 06:34 -------- d-----w- c:\program files\Warcraft III
2010-05-25 00:41 . 2009-08-23 22:04 -------- d-----w- c:\program files\Sony
2010-05-24 22:35 . 2009-10-13 14:55 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-05-22 09:18 . 2010-03-26 08:07 356704 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-08 05:38 . 2010-05-02 20:34 -------- d-----w- c:\program files\keyclone
2010-04-30 16:30 . 2010-04-30 16:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-29 20:39 . 2010-01-30 00:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-01-30 00:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 15:13 . 2009-08-04 18:30 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-23 01:27 . 2010-04-23 00:39 -------- d-----w- c:\program files\StarCraft II Beta
2010-04-23 00:46 . 2009-08-19 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-04-21 23:54 . 2010-04-21 23:54 -------- d-----w- c:\documents and settings\Owner\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
2010-04-21 22:37 . 2010-04-21 22:36 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-21 22:36 . 2010-04-21 22:36 38784 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-04-21 22:33 . 2010-02-05 02:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-21 22:32 . 2010-04-21 22:23 696666008 ----a-w- c:\program files\data2.cab
2010-04-21 22:32 . 2010-04-21 22:23 576000 ----a-w- c:\program files\ISSetup.dll
2010-04-21 22:30 . 2010-04-21 22:23 368424 ----a-w- c:\program files\data1.hdr
2010-04-21 22:30 . 2010-04-21 22:23 1079468 ----a-w- c:\program files\data1.cab
2010-04-21 22:30 . 2010-04-21 22:23 21494 ----a-w- c:\program files\0x0409.ini
2010-04-21 22:30 . 2010-04-21 22:23 1669931 ----a-w- c:\program files\setup.isn
2010-04-21 22:30 . 2010-04-21 22:23 254098 ----a-w- c:\program files\setup.inx
2010-04-21 22:30 . 2010-04-21 22:23 1224 ----a-w- c:\program files\setup.ini
2010-04-21 22:24 . 2010-04-21 22:23 473 ----a-w- c:\program files\layout.bin
2010-04-21 22:22 . 2010-04-21 22:22 -------- d-----w- c:\program files\Pando Networks
2010-04-14 16:47 . 2010-03-25 05:23 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2010-03-25 05:23 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2010-03-25 05:23 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2010-03-25 05:23 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2010-03-25 05:23 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2010-03-25 05:23 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2010-03-25 05:23 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2010-03-25 05:23 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2010-03-25 05:23 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-05 23:50 . 2009-08-05 23:50 206557 ----a-w- c:\program files\g13.jpg
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-07 17421824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Steam\\steamapps\\rivertam337\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Steam\\steamapps\\rivertam337\\counter-strike\\hl.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15097\\SC2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\keyclone\\keyclone.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Apps\\2.0\\2XVWC6G2.VPJ\\H4OK1VYG.DQX\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/25/2010 12:23 AM 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/25/2010 12:23 AM 19024]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [8/9/2009 5:55 PM 12032]
S0 smwjad;smwjad; [x]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\adm8511.sys [8/3/2009 8:50 AM 20160]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Owner\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Owner\LOCALS~1\Temp\ALSysIO.sys [?]
S3 dialmgr;dialmgr;c:\windows\system32\dialmgr.sys [6/13/2010 1:56 PM 2304]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:1048
uInternet Settings,ProxyOverride =
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f094zcze.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - Google
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - [You must be registered and logged in to see this link.] files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
HKLM-Run-Xvohosifadu - c:\windows\oxitufum.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-14 19:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3588)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Razer\Lachesis\OSD.exe
c:\windows\system32\rundll32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Razer\Lachesis\razertra.exe
c:\program files\Razer\Lachesis\razerofa.exe
.
**************************************************************************
.
Completion time: 2010-06-14 19:38:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-15 00:38
ComboFix2.txt 2010-02-05 02:12

Pre-Run: 20,411,969,536 bytes free
Post-Run: 20,418,871,296 bytes free

- - End Of File - - 68D46A89C6DE304774D1C53436F4262A

bobo337
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-01-30
OS : Windows XP

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by Belahzur on Tue Jun 15, 2010 8:50 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    c:\windows\Uxucujagedeyoxi.dat
    c:\windows\Wgumerami.bin
    c:\windows\system32\fzspzpgmqw.exe
    c:\windows\system32\qvscgvws.exe

    Folder::
    c:\documents and settings\Owner\Local Settings\Application Data\wsxlth

    Driver::
    ALSysIO

    DDS::
    uStart Page = about:blank
    uInternet Settings,ProxyServer = http=127.0.0.1:1048
    uInternet Settings,ProxyOverride =

    Firefox::
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f094zcze.default\
    FF - prefs.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101022100&s=
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by bobo337 on Tue Jun 15, 2010 9:21 pm

Alright that's done,

ComboFix 10-06-15.02 - Owner 06/15/2010 16:06:05.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1569 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\fzspzpgmqw.exe"
"c:\windows\system32\qvscgvws.exe"
"c:\windows\Uxucujagedeyoxi.dat"
"c:\windows\Wgumerami.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\wsxlth
c:\program files\$NtUninstallWTF1012$
c:\program files\$NtUninstallWTF1012$\elUninstall.exe
c:\windows\$NtUninstallMTF1011$
c:\windows\$NtUninstallMTF1011$\apUninstall.exe
c:\windows\system32\dialmgr.sys
c:\windows\system32\fzspzpgmqw.exe
c:\windows\system32\qvscgvws.exe
c:\windows\Uxucujagedeyoxi.dat
c:\windows\Wgumerami.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALSYSIO
-------\Service_ALSysIO
-------\Legacy_dialmgr
-------\Service_dialmgr


((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))
.

2010-06-15 00:43 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-15 00:21 . 2010-06-15 00:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-13 19:38 . 2010-06-13 19:38 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-36c2c8f3-n\decora-sse.dll
2010-06-13 19:38 . 2010-06-13 19:38 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2d551572-n\msvcp71.dll
2010-06-13 19:38 . 2010-06-13 19:38 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2d551572-n\jmc.dll
2010-06-13 19:38 . 2010-06-13 19:38 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2d551572-n\msvcr71.dll
2010-06-13 19:38 . 2010-06-13 19:38 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-36c2c8f3-n\decora-d3d.dll
2010-06-13 09:24 . 2010-06-13 09:24 -------- d-----w- c:\program files\Common Files\Java
2010-06-13 09:23 . 2010-06-13 09:23 -------- d-----w- c:\program files\Sun
2010-06-13 09:23 . 2010-06-13 09:23 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-10 21:55 . 2010-06-10 21:55 -------- dc-h--w- c:\windows\ie8
2010-06-10 16:40 . 2010-06-10 16:48 -------- d-----w- c:\program files\Spyware Doctor
2010-06-10 16:16 . 2010-06-10 16:16 -------- d-----w- c:\program files\Enigma Software Group
2010-06-10 16:16 . 2010-06-10 17:13 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-06-10 09:08 . 2010-06-10 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-05-25 00:40 . 2010-05-25 00:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Sony
2010-05-25 00:40 . 2010-05-25 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-05-24 22:30 . 2010-05-24 22:30 6123008 ----a-w- c:\documents and settings\Owner\Application Data\Azureus\plugins\azemp\vuzeplayer.exe
2010-05-24 22:27 . 2010-05-25 00:40 -------- d-----w- c:\program files\Microsoft
2010-05-24 22:26 . 2010-05-25 09:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2010-05-24 22:26 . 2010-05-24 22:26 -------- d-----w- c:\program files\Vuze
2010-05-24 22:26 . 2010-05-25 00:40 -------- d-----w- c:\program files\Bing Bar Installer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 06:06 . 2010-01-21 20:47 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-13 09:50 . 2009-08-05 17:57 -------- d-----w- c:\program files\Steam
2010-06-13 09:23 . 2010-01-21 20:44 -------- d-----w- c:\program files\Java
2010-06-10 17:07 . 2010-02-05 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-10 17:00 . 2010-01-30 00:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 16:51 . 2010-02-05 20:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-10 16:47 . 2009-08-05 18:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-10 16:16 . 2009-08-03 14:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-09 20:29 . 2009-09-28 21:12 -------- d-----w- c:\program files\World of Warcraft
2010-06-08 04:10 . 2009-08-23 06:34 -------- d-----w- c:\program files\Warcraft III
2010-05-25 00:41 . 2009-08-23 22:04 -------- d-----w- c:\program files\Sony
2010-05-24 22:35 . 2009-10-13 14:55 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-05-08 05:38 . 2010-05-02 20:34 -------- d-----w- c:\program files\keyclone
2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 16:30 . 2010-04-30 16:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-29 20:39 . 2010-01-30 00:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-01-30 00:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 15:13 . 2009-08-04 18:30 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-23 01:27 . 2010-04-23 00:39 -------- d-----w- c:\program files\StarCraft II Beta
2010-04-23 00:46 . 2009-08-19 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-04-21 23:54 . 2010-04-21 23:54 -------- d-----w- c:\documents and settings\Owner\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
2010-04-21 22:37 . 2010-04-21 22:36 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-21 22:36 . 2010-04-21 22:36 38784 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-04-21 22:33 . 2010-02-05 02:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-21 22:32 . 2010-04-21 22:23 696666008 ----a-w- c:\program files\data2.cab
2010-04-21 22:32 . 2010-04-21 22:23 576000 ----a-w- c:\program files\ISSetup.dll
2010-04-21 22:30 . 2010-04-21 22:23 368424 ----a-w- c:\program files\data1.hdr
2010-04-21 22:30 . 2010-04-21 22:23 1079468 ----a-w- c:\program files\data1.cab
2010-04-21 22:30 . 2010-04-21 22:23 21494 ----a-w- c:\program files\0x0409.ini
2010-04-21 22:30 . 2010-04-21 22:23 1669931 ----a-w- c:\program files\setup.isn
2010-04-21 22:30 . 2010-04-21 22:23 254098 ----a-w- c:\program files\setup.inx
2010-04-21 22:30 . 2010-04-21 22:23 1224 ----a-w- c:\program files\setup.ini
2010-04-21 22:24 . 2010-04-21 22:23 473 ----a-w- c:\program files\layout.bin
2010-04-21 22:22 . 2010-04-21 22:22 -------- d-----w- c:\program files\Pando Networks
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 16:47 . 2010-03-25 05:23 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2010-03-25 05:23 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2010-03-25 05:23 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2010-03-25 05:23 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2010-03-25 05:23 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2010-03-25 05:23 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2010-03-25 05:23 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2010-03-25 05:23 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2010-03-25 05:23 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-05 23:50 . 2009-08-05 23:50 206557 ----a-w- c:\program files\g13.jpg
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-15 21:10 . 2010-06-15 21:10 16384 c:\windows\Temp\Perflib_Perfdata_1a8.dat
+ 2008-04-14 12:00 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 12:00 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2010-06-15 08:03 78114 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2010-06-15 00:33 78114 c:\windows\system32\perfc009.dat
+ 2009-11-06 03:17 . 2009-11-06 03:17 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2008-04-14 05:42 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 11264 c:\windows\system32\msrle32.dll
- 2009-03-08 09:31 . 2009-03-08 09:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 09:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
- 2008-04-14 12:00 . 2009-03-08 09:33 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 12:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 05:41 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
+ 2009-08-03 14:18 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-08-03 14:18 . 2009-12-21 19:14 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2009-08-03 14:18 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-08-03 14:18 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-14 12:00 . 2009-03-08 09:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2008-04-14 12:00 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-14 12:00 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
- 2008-04-14 12:00 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2008-04-14 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2008-04-14 12:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2008-04-14 12:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
- 2008-04-14 12:00 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
+ 2008-04-14 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-04-01 16:42 . 2010-04-01 16:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 20:32 . 2010-03-31 20:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 20:32 . 2010-03-31 20:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2003-02-21 00:19 . 2003-02-21 00:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-06-15 08:05 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-15 08:05 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-15 08:05 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-06-15 08:01 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB971961-IE8\spmsg.dll
+ 2010-06-15 08:01 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB971961-IE8\spcustom.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-06-15 08:06 . 2010-06-15 08:06 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_68712d5b\System.Drawing.Design.dll
+ 2010-06-15 08:06 . 2010-06-15 08:06 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2d2c1b71\CustomMarshalers.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\1c1629f536fa9874ef08d09fb19ab0f0\System.Windows.Presentation.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-15 08:04 . 2010-06-15 08:04 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe
+ 2010-06-15 08:03 . 2010-06-15 08:03 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-08-03 14:21 . 2009-08-03 14:21 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-15 08:06 . 2010-06-15 08:06 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-04-14 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
- 2008-04-14 12:00 . 2009-03-08 09:33 420352 c:\windows\system32\vbscript.dll
+ 2008-04-14 12:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
+ 2008-04-14 12:00 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 474112 c:\windows\system32\shlwapi.dll
+ 2008-04-14 12:00 . 2010-06-15 08:03 462168 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-06-15 00:33 462168 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
+ 2008-04-14 12:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
- 2008-04-14 12:00 . 2009-03-08 09:32 611840 c:\windows\system32\mstime.dll
- 2009-07-31 22:03 . 2008-04-14 12:00 343040 c:\windows\system32\mspaint.exe
+ 2009-07-31 22:03 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
+ 2009-03-08 09:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2008-04-14 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
- 2008-04-14 12:00 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll
+ 2009-07-31 22:04 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2009-07-31 22:04 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2008-04-14 12:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
- 2008-04-14 12:00 . 2009-03-08 09:32 173056 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
+ 2009-07-31 16:52 . 2010-06-15 08:46 110992 c:\windows\system32\FNTCACHE.DAT
- 2009-07-31 16:52 . 2010-01-22 15:49 110992 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 12:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2008-04-14 12:00 . 2009-12-31 16:50 353792 c:\windows\system32\drivers\srv.sys
+ 2008-04-14 12:00 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
+ 2008-04-14 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-04-14 12:00 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-14 12:00 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-14 12:00 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-04-14 12:00 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
+ 2008-04-14 12:00 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-14 12:00 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
- 2008-04-14 12:00 . 2009-03-08 09:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-14 12:00 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-07-31 22:03 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
- 2009-07-31 22:03 . 2008-04-14 12:00 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2009-08-03 14:18 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-08-03 14:10 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
- 2008-04-14 12:00 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-04-14 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-07-31 22:04 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-07-31 22:04 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-08-03 14:18 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-04-14 12:00 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 12:00 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-14 12:00 . 2009-03-08 09:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 12:00 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2008-04-14 12:00 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2008-04-14 12:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 17:22 . 2010-02-09 17:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 19:49 . 2010-03-31 19:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-02-25 05:14 . 2010-02-25 05:14 543232 c:\windows\Installer\197b880.msp
+ 2010-06-15 08:05 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-15 08:05 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-15 08:05 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-15 08:05 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-15 08:05 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-15 08:05 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-15 08:05 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-15 08:05 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-15 08:05 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-15 08:05 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-15 08:05 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-06-15 08:04 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-06-15 08:04 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-06-15 08:04 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-06-15 08:07 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-06-15 08:07 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-06-15 08:07 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-06-15 08:01 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\updspapi.dll
+ 2010-06-15 08:01 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB971961-IE8\update.exe
+ 2010-06-15 08:01 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-06-15 08:01 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-06-15 08:01 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst.exe
+ 2010-06-15 08:01 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-08-03 14:10 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-06-15 08:07 . 2010-06-15 08:07 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_23c97a73\System.Drawing.dll
+ 2010-06-15 08:07 . 2010-06-15 08:07 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3910bf5b\System.Drawing.Design.dll
+ 2010-06-15 08:07 . 2010-06-15 08:07 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_8a5240d0\CustomMarshalers.dll
+ 2010-06-15 08:30 . 2010-06-15 08:30 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-06-15 08:06 . 2010-06-15 08:06 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7c702f75d47bf841b9587e582c2d0b2\WindowsFormsIntegration.ni.dll
+ 2010-06-15 08:06 . 2010-06-15 08:06 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\3a78043c85333d5af49a0d958912ae4a\UIAutomationClient.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-06-15 08:30 . 2010-06-15 08:30 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-15 08:05 . 2010-06-15 08:05 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-06-15 08:30 . 2010-06-15 08:30 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-15 08:30 . 2010-06-15 08:30 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-15 08:30 . 2010-06-15 08:30 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-15 08:04 . 2010-06-15 08:04 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll
+ 2010-06-15 08:04 . 2010-06-15 08:04 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad524016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll
+ 2010-06-15 08:04 . 2010-06-15 08:04 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll
+ 2010-06-15 08:04 . 2010-06-15 08:04 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-06-15 08:30 . 2010-06-15 08:30 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-06-15 08:30 . 2010-06-15 08:30 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-06-15 08:31 . 2010-06-15 08:31 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-08-03 14:21 . 2009-08-03 14:21 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-14 12:00 . 2010-04-06 09:52 2462720 c:\windows\system32\WMVCore.dll
+ 2008-04-14 12:00 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
+ 2008-04-14 12:00 . 2010-02-16 14:08 2146304 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 00:01 . 2010-02-16 13:25 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2008-04-14 12:00 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2009-03-08 09:32 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2008-04-14 12:00 . 2010-04-06 09:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-14 12:00 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 12:00 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-08-03 14:11 . 2010-02-17 14:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-08-03 14:11 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-08-03 14:11 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-07-31 22:04 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-07-31 22:04 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2008-04-14 12:00 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2009-07-31 22:05 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2009-07-31 22:05 . 2008-04-14 12:00 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2009-08-03 14:18 . 2009-12-21 19:14 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-08-03 14:18 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-04-12 03:17 . 2010-04-12 03:17 2607104 c:\windows\Installer\197b88c.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 4210688 c:\windows\Installer\197b88b.msp
+ 2010-06-15 08:05 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll

bobo337
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-01-30
OS : Windows XP

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by bobo337 on Tue Jun 15, 2010 9:21 pm

+ 2010-06-15 08:05 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-15 08:05 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2009-08-03 14:11 . 2010-02-17 14:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-08-03 14:11 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 00:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-08-03 14:11 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-06-15 08:06 . 2010-06-15 08:06 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_932bef1f\System.dll
+ 2010-06-15 08:07 . 2010-06-15 08:07 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1e257ae6\System.dll
+ 2010-06-15 08:06 . 2010-06-15 08:06 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4ced599e\System.Xml.dll
+ 2010-06-15 08:07 . 2010-06-15 08:07 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_0137090e\System.Xml.dll
+ 2010-06-15 08:06 . 2010-06-15 08:06 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_d0e5bbf1\System.Windows.Forms.dll
+ 2010-06-15 08:07 . 2010-06-15 08:07 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_4528f8a1\System.Windows.Forms.dll
+ 2010-06-15 08:07 . 2010-06-15 08:07 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_bc69405e\System.Drawing.dll
+ 2010-06-15 08:07 . 2010-06-15 08:07 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a67a8a67\System.Design.dll
+ 2010-06-15 08:07 . 2010-06-15 08:07 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_1fa509a3\System.Design.dll
+ 2010-06-15 08:07 . 2010-06-15 08:07 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_58c74a2f\mscorlib.dll
+ 2010-06-15 08:07 . 2010-06-15 08:07 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0ed63d81\mscorlib.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll
+ 2010-06-15 08:06 . 2010-06-15 08:06 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\48b66876f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-15 08:06 . 2010-06-15 08:06 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-15 08:05 . 2010-06-15 08:05 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-15 08:30 . 2010-06-15 08:30 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-15 08:05 . 2010-06-15 08:05 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\161b423dc4e86e569af019e838d39de5\System.Printing.ni.dll
+ 2010-06-15 08:30 . 2010-06-15 08:30 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-15 08:05 . 2010-06-15 08:05 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-15 08:05 . 2010-06-15 08:05 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-15 08:05 . 2010-06-15 08:05 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-15 08:05 . 2010-06-15 08:05 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-15 08:04 . 2010-06-15 08:04 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\fc373f0a8dbd173c63b6b95551b1c673\ReachFramework.ni.dll
+ 2010-06-15 08:04 . 2010-06-15 08:04 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ead93b6a4f0101cb99d09f3e3fc6491c\PresentationUI.ni.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-06-15 08:30 . 2010-06-15 08:30 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-06-15 08:31 . 2010-06-15 08:31 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-15 08:02 . 2010-06-15 08:02 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-15 08:03 . 2010-06-15 08:03 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-10-17 05:29 . 2009-10-17 05:29 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-10-17 05:27 . 2009-10-17 05:27 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-06-15 08:06 . 2010-06-15 08:06 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-06-15 08:06 . 2010-06-15 08:06 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-17 05:27 . 2009-10-17 05:27 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-08-03 14:17 . 2010-05-28 17:37 32472008 c:\windows\system32\MRT.exe
+ 2009-03-08 09:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2009-08-03 14:18 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-03 00:29 . 2010-04-03 00:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-04-02 17:30 . 2010-04-02 17:30 17456640 c:\windows\Installer\197b8b7.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 14599680 c:\windows\Installer\197b89a.msp
+ 2010-06-15 08:05 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-06-15 08:06 . 2010-06-15 08:06 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-15 08:32 . 2010-06-15 08:32 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-15 08:30 . 2010-06-15 08:30 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-15 08:05 . 2010-06-15 08:05 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-15 08:04 . 2010-06-15 08:04 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ca898d942e4d85af4c3d5f14a77c359a\PresentationFramework.ni.dll
+ 2010-06-15 08:04 . 2010-06-15 08:04 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89d7afa8885c2a326379f03\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-07 17421824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Steam\\steamapps\\rivertam337\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Steam\\steamapps\\rivertam337\\counter-strike\\hl.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15097\\SC2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\keyclone\\keyclone.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Apps\\2.0\\2XVWC6G2.VPJ\\H4OK1VYG.DQX\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/25/2010 12:23 AM 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/25/2010 12:23 AM 19024]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [8/9/2009 5:55 PM 12032]
S0 smwjad;smwjad; [x]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\adm8511.sys [8/3/2009 8:50 AM 20160]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f094zcze.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - Google
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe
AddRemove-$NtUninstallWTF1012$ - c:\program files\$NtUninstallWTF1012$\elUninstall.exe
AddRemove-fzspzpgmqw - c:\windows\system32\fzspzpgmqw.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-15 16:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2308)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Razer\Lachesis\OSD.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Razer\Lachesis\razertra.exe
c:\program files\Razer\Lachesis\razerofa.exe
.
**************************************************************************
.
Completion time: 2010-06-15 16:12:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-15 21:12
ComboFix2.txt 2010-06-15 00:38
ComboFix3.txt 2010-02-05 02:12

Pre-Run: 19,914,117,120 bytes free
Post-Run: 19,922,599,936 bytes free

- - End Of File - - CA37D3FEBED4F1D20F9E07F4E8314483

I was wondering if there was a way to uninstall avast, when I try the uninstall launcher says "There was an error during product uninstallation" and because my keyboard is unresponsive when you have to up/down arrow to pick safe mode I can't go into safe mode.

bobo337
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-01-30
OS : Windows XP

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by Belahzur on Thu Jun 17, 2010 12:36 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by bobo337 on Thu Jun 17, 2010 1:23 am

Alright, done

@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1642bd5173fe59439fb971e1d18bb15a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-17 01:20:11
# local_time=2010-06-16 08:20:11 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 11003752 11003752 0 0
# compatibility_mode=768 16777175 100 0 9870897 9870897 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=52866
# found=1
# cleaned=1
# scan_time=973
C:\_OTL\MovedFiles\06132010_134720\C_WINDOWS\sdbdepi.dll a variant of Win32/Kryptik.EXA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

bobo337
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-01-30
OS : Windows XP

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by Belahzur on Thu Jun 17, 2010 1:16 pm

Delete this folder:
C:\_OTL

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by bobo337 on Thu Jun 17, 2010 7:28 pm

[You must be registered and logged in to see this link.] wrote:Delete this folder:
C:\_OTL

How is the machine running now?
It's been running well since I got rid of AV security suite, it was just now-and-then new tabs would pop-up with random sites like car loans or how to manage debt or just weird stuff not even porno or other fake antivirus sites usually and I haven't seen any of those in the last two days. But there is still the problem with my firefox, the top-right search engine that I can choose which ones to use (I.E. google, yahoo, amazon.com etc) when I try to use the one that has the google symbol it takes me to search-wish.com and it's not a big problem it's just obvious a hack had something to do with it, because I can't get it to be google again and i've tried to uninstall the google search engine and re-install it but I can't.

Also if you could help with un-installing avast antivirus because right now it is not only expired but also messed up and won't uninstall from the uninstall client, and requires safe mode to uninstall it any other way and I can't get into safe mode as I explained earlier my keyboard won't respond to get to safe mode.

bobo337
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-01-30
OS : Windows XP

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by Belahzur on Fri Jun 18, 2010 12:02 am

Hello.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by bobo337 on Fri Jun 18, 2010 7:07 am

Done

Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AIM 7
Apple Software Update
avast! Free Antivirus
Counter-Strike
Counter-Strike: Source
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
ESET Online Scanner v3
Fraps (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
Java DB 10.5.3.0
Java(TM) 6 Update 20
Java(TM) SE Development Kit 6 Update 20
League of Legends
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.5.9)
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenOffice.org 3.1
QuickTime
Razer
Razer Lachesis
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Spybot - Search & Destroy
SpywareBlaster 4.2
StarCraft II Beta
Station Launcher
Steam
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VLC media player 1.0.2
Vuze
Warcraft III
Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
WinRAR archiver

bobo337
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-01-30
OS : Windows XP

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by Belahzur on Fri Jun 18, 2010 11:58 pm

Hello.

I see that you are running Vuze.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Vuze

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 3.5.9 you currently have installed, so you won't lose any bookmarked websites.

Download and install [You must be registered and logged in to see this link.]
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by bobo337 on Sat Jun 19, 2010 6:13 am

It's running well, but avast still doesn't want to uninstall properly. The installing firefox 3.6.3 did get rid of the search-wish issue though.

bobo337
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-01-30
OS : Windows XP

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by Belahzur on Sat Jun 19, 2010 4:43 pm

Hello.
Don't worry, we'll deal with that now.

Completely Uninstall Avast software using aswClear.exe:


  1. Download [You must be registered and logged in to see this link.] on to your desktop
  2. Start Windows in Safe Mode
  3. Open (execute) the uninstall utility
  4. If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
  5. Click REMOVE
  6. Restart your computer

Is Avast removed now? let me know if it's gone now and we'll install Avira now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by bobo337 on Sat Jun 19, 2010 6:17 pm

That's the thing I can't start in safe mode because my keyboard doesn't respond during the start-up, when the screen pops up and says "Use your arrows to select the mode you want to start" I try to go up or down but it doesn't respond and I've tried un-plugging my keyboard and plugging it in during that time and still nothing.

bobo337
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-01-30
OS : Windows XP

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by bobo337 on Thu Jun 24, 2010 7:01 pm

Bump

Is there anything you can do to help remedy the computer not being able to go into safe mode, or am I going to have to find some keyboard that will respond during start-up?

bobo337
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2010-01-30
OS : Windows XP

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by Belahzur on Thu Jun 24, 2010 9:12 pm

Hello.
You can try another keyboard if you have one, keyboard might be faulty.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removing AV Security Suite after-effects

Post by Xoro on Fri Jun 25, 2010 6:15 pm

Your keyboard isn't working during boot because its USB. You'll need to find an "older" keyboard that has a PS/2 connector that goes in the purple hole in the back of the computer.

If its not USB disregard this.

Xoro
Beginner
Beginner

Status :
Online
Offline

Posts : 1
Joined : 2010-06-25
OS : Windows 7

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum