Windows Police Pro

Question

I am having a bad time with this windows police pro. Somebody please help! I cannot do anything without it popping up or keeping me from doing other tasks on my compuer. I am operating with Windows XP Professional SP3. I have to do anything I do on safemode. That is where I am now. I have looked at a lot of forums with no luck so far. Some of the forums said to open task manager and end the process there but when I open the task manager there is not anything named Windows Police Pro. I searched with the search option and found it yesterday in the C drive program files. So I sent it to the recyle bin and emptied the recycle bin but that did no good. I ran search again and now it does not show up anywhere. I tried to restore my computer but the computer just sits there and does nothing. I even got out my computer disk to just install the operating system again and can't do that. I am running AVG antivirus software but scanning with it does not find it. So I have been reading some of the forums here and hope you can help me. I noticed everyone is sending this hijack file. Here it is. I hope I did it right.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:50 PM, on 10/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: ICQSys (IE PlugIn) - {77DC0B63-1535-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\system32\plugie.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ScanSoft PDF Professional 4-reminder] "C:\Program Files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Professional\4\Ereg\Ereg.ini
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB003" /M "PictureMate"
O4 - HKCU\..\Run: [haihaep] C:\Documents and Settings\Moak Petrolium\haihaep.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-255879815-3811564576-2564377081-1005\..\Run: [haihaep] C:\Documents and Settings\Moak Petrolium\haihaep.exe (User '?')
O4 - HKUS\S-1-5-21-255879815-3811564576-2564377081-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.1 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.pogo.com
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 7167 bytes

bamajim · Answer

sheripatn 1. Go HERE and download File Lister. Save it to your Desktop Rt Click ->> Extract all ->> And extract it to your Desktop Additional help on extracting zip files can be found HERE Open the File Lister Folder. Note: Leave the FileLister.vbe file in the folder and run it from there. Rt Click FileLister.vbe ->>Select Open Then Open to confirm. When the program is fnished it will produce a log for you C:\Files.txt Copy and paste the contents of that log in your reply.

sheripatn · Answer

Thank you for your help. Here is the file.

+++++++++++++++++++++++++++++++++
+ File Lister Version 1.1.1                                 +
+                                                                    +
+ By bamajim / SpywareHammer.com                 +
+++++++++++++++++++++++++++++++++

Report ran on --->>> 10/13/2009 9:50:36 PM

====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WScript.exe

====== BHO's ======

bamajim · Answer

sheripatn The FileLister log you posted is incomplete. Please Rerun FileLister and post a fresh FileLister log

sheripatn · Answer

I think it copied the whole file this time. When it finished I noticed a file in the filelister folder named hidden. I don't know if it is important or not but I am also attaching it also. Thank you. ++++++++++++++++++++++++++++++++++ File Lister  Version 1.1.1                                 ++                                                                    ++  By bamajim / SpywareHammer.com                 ++++++++++++++++++++++++++++++++++ Report ran on --->>>  10/14/2009 7:04:37 PM ====== Running Processes ====== C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXEC:\Documents and Settings\Moak Petrolium\haihaep.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\NETGEAR\WPN111\wpn111.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgam.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\System32\WScript.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXE ====== BHO's ====== BHO: (NO NAME) -  - ====== HKLM\~\Run Keys ====== HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ====== HKCU\~\Run Keys ====== ====== DNS Info (List may be empty) ======     ====== Folders and Files from '%\' and '%\Windows' Created Last 60 Days ====== 10/12/2009 4:54:23 PM    1931632    C:\AVGTemp10/12/2009 4:54:23 PM    1931632    C:\AVGTemp\avgproci_en9/13/2009 2:31:48 PM    555240139    C:\MSOCache9/13/2009 2:31:48 PM    555240139    C:\MSOCache\All Users9/13/2009 2:32:04 PM    1632850    C:\MSOCache\All Users\{90120000-0010-0409-0000-0000000FF1CE}-C9/13/2009 2:31:55 PM    15669675    C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C9/13/2009 2:32:01 PM    15068409    C:\MSOCache\All Users\{90120000-0018-0409-0000-0000000FF1CE}-C9/13/2009 2:32:20 PM    12591459    C:\MSOCache\All Users\{90120000-0019-0409-0000-0000000FF1CE}-C9/13/2009 2:31:58 PM    17091367    C:\MSOCache\All Users\{90120000-001A-0409-0000-0000000FF1CE}-C9/13/2009 2:32:22 PM    17027228    C:\MSOCache\All Users\{90120000-001B-0409-0000-0000000FF1CE}-C9/13/2009 2:32:10 PM    52395081    C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C9/13/2009 2:32:11 PM    22914224    C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.en9/13/2009 2:32:17 PM    16972298    C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.es9/13/2009 2:32:15 PM    11999590    C:\MSOCache\All Users\{90120000-002C-0409-0000-0000000FF1CE}-C\Proof.fr9/13/2009 2:32:37 PM    295197868    C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C9/13/2009 2:32:05 PM    28792769    C:\MSOCache\All Users\{90120000-0044-0409-0000-0000000FF1CE}-C9/13/2009 2:32:31 PM    32655135    C:\MSOCache\All Users\{90120000-00A1-0409-0000-0000000FF1CE}-C9/13/2009 2:32:04 PM    4514093    C:\MSOCache\All Users\{90120000-0114-0409-0000-0000000FF1CE}-C9/13/2009 2:32:04 PM    4009013    C:\MSOCache\All Users\{90120000-0114-0409-0000-0000000FF1CE}-C\Groove.en-us9/13/2009 2:31:48 PM    32869192    C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C9/13/2009 2:31:55 PM    108872    C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\10339/13/2009 2:32:26 PM    29735013    C:\MSOCache\All Users\{90120000-0117-0409-0000-0000000FF1CE}-C9/13/2009 2:32:26 PM    29229605    C:\MSOCache\All Users\{90120000-0117-0409-0000-0000000FF1CE}-C\Access.en-us9/30/2009 4:30:05 PM    436    32    C:\2.js10/12/2009 6:47:44 PM    590532    32    C:\Autoruns.zip9/23/2009 3:30:19 PM    0    32    C:\butwwo.exe9/23/2009 3:28:27 PM    0    32    C:\ddmishqi.exe10/13/2009 9:50:36 PM    0    32    C:\Files.txt9/23/2009 3:30:18 PM    0    32    C:\iusfdc.exe9/16/2009 8:54:01 PM    2198    32    C:\LYPR.bat9/23/2009 3:28:27 PM    0    32    C:\wuun.exe9/9/2009 3:03:38 AM    778911    C:\WINDOWS\$NtUninstallKB956844$9/9/2009 3:03:38 AM    625823    C:\WINDOWS\$NtUninstallKB956844$\spuninst8/19/2009 3:01:34 AM    2133445    C:\WINDOWS\$NtUninstallKB968389$8/19/2009 3:01:34 AM    629061    C:\WINDOWS\$NtUninstallKB968389$\spuninst9/9/2009 3:03:43 AM    3083489    C:\WINDOWS\$NtUninstallKB968816_WM9$9/9/2009 3:03:43 AM    625377    C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst8/26/2009 3:00:27 AM    838190    C:\WINDOWS\$NtUninstallKB970653-v3$8/26/2009 3:00:27 AM    640046    C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst9/9/2009 3:01:48 AM    1140912    C:\WINDOWS\$NtUninstallKB971961$9/9/2009 3:01:48 AM    628912    C:\WINDOWS\$NtUninstallKB971961$\spuninst10/9/2009 10:12:43 PM    128    C:\WINDOWS\CSC10/9/2009 10:12:43 PM    0    C:\WINDOWS\CSC\d110/9/2009 10:12:43 PM    0    C:\WINDOWS\CSC\d210/9/2009 10:12:43 PM    0    C:\WINDOWS\CSC\d310/9/2009 10:12:43 PM    0    C:\WINDOWS\CSC\d410/9/2009 10:12:44 PM    0    C:\WINDOWS\CSC\d510/9/2009 10:12:44 PM    0    C:\WINDOWS\CSC\d610/9/2009 10:12:44 PM    0    C:\WINDOWS\CSC\d710/9/2009 10:12:44 PM    0    C:\WINDOWS\CSC\d810/6/2009 9:38:45 PM    35507264    C:\WINDOWS\ie810/6/2009 9:38:45 PM    1175984    C:\WINDOWS\ie8\spuninst10/6/2009 9:39:55 PM    27041882    C:\WINDOWS\ie8updates10/7/2009 12:54:30 AM    1351843    C:\WINDOWS\ie8updates\KB971961-IE810/7/2009 12:54:30 AM    625315    C:\WINDOWS\ie8updates\KB971961-IE8\spuninst10/6/2009 9:39:55 PM    25062722    C:\WINDOWS\ie8updates\KB972260-IE810/6/2009 9:39:55 PM    635535    C:\WINDOWS\ie8updates\KB972260-IE8\spuninst10/6/2009 9:40:12 PM    627317    C:\WINDOWS\ie8updates\KB973874-IE810/6/2009 9:40:12 PM    625269    C:\WINDOWS\ie8updates\KB973874-IE8\spuninst10/10/2009 6:24:13 PM    140    32    C:\WINDOWS\DBStartup.log10/11/2009 2:23:04 PM    1424    32    C:\WINDOWS\DHCPUPG.LOG10/6/2009 9:38:31 PM    84347    32    C:\WINDOWS\ie8.log9/9/2009 3:03:33 AM    36827    32    C:\WINDOWS\KB956844.log8/18/2009 8:43:06 AM    15189    32    C:\WINDOWS\KB968389.log9/9/2009 3:03:41 AM    36622    32    C:\WINDOWS\KB968816.log8/26/2009 3:00:23 AM    3806    32    C:\WINDOWS\KB970653-v3.log10/7/2009 12:54:17 AM    7176    32    C:\WINDOWS\KB971961-IE8.log9/9/2009 3:00:36 AM    8853    32    C:\WINDOWS\KB971961.log10/6/2009 9:39:38 PM    93598    32    C:\WINDOWS\KB972260-IE8.log10/6/2009 9:40:11 PM    72634    32    C:\WINDOWS\KB973874-IE8.log10/9/2009 10:12:34 PM    639778    32    C:\WINDOWS
tbtlog.txt10/9/2009 9:15:04 AM    333312    32    C:\WINDOWS\svohost.exe10/11/2009 2:23:01 PM    145    32    C:\WINDOWS\WINNT32.LOG10/9/2009 9:15:04 AM    4    32    C:\WINDOWS\wp3.dat10/9/2009 9:15:04 AM    58    32    C:\WINDOWS\wp4.dat10/9/2009 9:18:15 AM    211087    C:\WINDOWS\system32\schtml10/9/2009 9:18:15 AM    64833    C:\WINDOWS\system32\schtml\images10/9/2009 5:24:58 PM    4    32    C:\WINDOWS\system32\bincd32.dat10/11/2009 3:54:56 PM    664    32    C:\WINDOWS\system32\d3d9caps.dat8/22/2009 8:05:24 PM    94208    32    C:\WINDOWS\system32\DNIN50.dll8/22/2009 8:05:24 PM    17149    32    C:\WINDOWS\system32\DNINDIS5.sys9/15/2009 11:08:34 PM    145184    32    C:\WINDOWS\system32\java.exe9/15/2009 11:08:34 PM    145184    32    C:\WINDOWS\system32\javaw.exe9/15/2009 11:08:34 PM    149280    32    C:\WINDOWS\system32\javaws.exe9/15/2009 11:08:18 PM    4240    32    C:\WINDOWS\system32\jupdate-1.6.0_15-b03.log8/22/2009 8:05:24 PM    651264    32    C:\WINDOWS\system32\libeay32.dll9/13/2009 2:45:38 PM    32592    32    C:\WINDOWS\system32\msonpmon.dll10/9/2009 9:15:04 AM    9    32    C:\WINDOWS\system32
uar.old10/9/2009 9:15:04 AM    654336    32    C:\WINDOWS\system32\plugie.dll10/9/2009 9:15:03 AM    556032    32    C:\WINDOWS\system32\pump.exe10/9/2009 9:15:05 AM    36    32    C:\WINDOWS\system32\skynet.dat8/22/2009 8:05:24 PM    147456    32    C:\WINDOWS\system32\ssleay32.dll ====== Files under '\Administrator\Startup' Last 60 Days====== ====== Files under '\All Users\Startup' Last 60 Days====== 8/22/2009 8:05:23 PM    1397    32    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk ====== Files and Folders under '\Program Files' Last 60 Days====== 9/13/2009 2:38:05 PM    64159055    C:\Program Files\Microsoft Visual Studio 89/13/2009 2:43:38 PM    3178824    C:\Program Files\Microsoft Works9/13/2009 2:41:04 PM    8152064    C:\Program Files\Microsoft.NET8/22/2009 8:03:19 PM    6605554    C:\Program Files\NETGEAR9/16/2009 8:54:15 PM    367720    C:\Program Files\SafetyCenter9/7/2009 2:21:44 PM    3431088    C:\Program Files\Spybot - Search & Destroy10/11/2009 9:07:36 PM    403456    C:\Program Files\Trend Micro ====== Files under '\System32\Drivers' Last 60 Days====== 8/22/2009 8:05:27 PM    17801    32    C:\WINDOWS\system32\drivers\AegisP.sys ====== Files Deleted under '%Temp%' ====== 13 Files deleted ====== Files and Folders under 'All Users\Application Data' Last 60 Days====== 9/13/2009 2:33:56 PM    66140    C:\Documents and Settings\All Users\Application Data\Microsoft Help9/7/2009 2:21:44 PM    31477    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy9/7/2009 2:25:10 PM    4677    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs9/7/2009 2:25:10 PM    0    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery ====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ====== HKLM\Software\microsoft\shared tools\msconfig\startupreg\ ====== Services ( Services that are Whitelisted are not shown) ====== ASCTRM (ASCTRM)- C:\WINDOWS\system32\drivers\ASCTRM.sys - Auto/RunningBVRPMPR5 (BVRPMPR5 NDIS Protocol Driver)- \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS - Manual/StoppedDNINDIS5 (DNINDIS5 NDIS Protocol Driver)- \??\C:\WINDOWS\system32\DNINDIS5.SYS - Manual/StoppedE100B (Intel(R) PRO Adapter Driver)- C:\WINDOWS\system32\DRIVERS\e100b325.sys - Manual/StoppedMtlmnt5 (Mtlmnt5)- C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys - Manual/StoppedMtlstrm (Mtlstrm)- C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys - Manual/StoppedNtMtlFax (NtMtlFax)- C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys - Manual/StoppedNuidFltr (NUID filter driver)- C:\WINDOWS\system32\DRIVERS\NuidFltr.sys - Manual/Runningomci (OMCI WDM Device Driver)- C:\WINDOWS\system32\DRIVERS\omci.sys - System/RunningPalmUSBD (PalmUSBD)- C:\WINDOWS\system32\drivers\PalmUSBD.sys - Manual/StoppedRecAgent (RecAgent)- C:\WINDOWS\system32\DRIVERS\RecAgent.sys - Boot/RunningRimUsb (BlackBerry Device)- C:\WINDOWS\system32\Drivers\RimUsb.sys - Manual/StoppedRimVSerPort (RIM Virtual Serial Port v2)- C:\WINDOWS\system32\DRIVERS\RimSerial.sys - Manual/Stoppedsenfilt (senfilt)- C:\WINDOWS\system32\drivers\senfilt.sys - Manual/RunningSlntamr (Smart Link 56K Modem Driver)- C:\WINDOWS\system32\DRIVERS\slntamr.sys - Manual/StoppedSlNtHal (SlNtHal)- C:\WINDOWS\system32\DRIVERS\Slnthal.sys - Manual/StoppedSlWdmSup (SlWdmSup)- C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys - Manual/Stoppedsmwdm (smwdm)- C:\WINDOWS\system32\drivers\smwdm.sys - Manual/Runningwanatw (WAN Miniport (ATW))- C:\WINDOWS\system32\DRIVERS\wanatw4.sys - Manual/RunningWdf01000 (Wdf01000)- C:\WINDOWS\system32\DRIVERS\Wdf01000.sys - Manual/Running ====== Uninstall List ======   ======== Other Info ======== TOTAL PHYSICAL RAM: 1063 MB Boot Info [boot loader]timeout=30default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]multi(0)disk(0)rdisk(0)partition(2)\WINDOWS='Microsoft Windows XP Professional' /noexecute=optin /fastdetect OS Type:  Microsoft Windows XP ProfessionalBuild:  5.1.2600Service Pack:  3.0 ====== Files with Hidden Attributes====== C:\IO.SYSC:\MSDOS.SYSC:\pagefile.sysC:\NTDETECT.COM ==End of Report==   Hidden File C:\IO.SYSC:\MSDOS.SYSC:\pagefile.sysC:\NTDETECT.COMC:\Documents and Settings\Administrator\IETldCache\index.datC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.datC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.datC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.datC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009100920091010\index.datC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009101120091012\index.datC:\Documents and Settings\Administrator\PrivacIE\index.datC:\Documents and Settings\All Users\Application Data\Sonic\sarlicense9.datC:\Documents and Settings\Default User\NTUSER.DATC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows\UsrClass.datC:\Documents and Settings\LocalService\NTUSER.DATC:\Documents and Settings\LocalService\IETldCache\index.datC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Feeds Cache\index.datC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.datC:\Documents and Settings\Moak Petrolium\cuecuf.exeC:\Documents and Settings\Moak Petrolium\haihaep.exeC:\Documents and Settings\Moak Petrolium\kanef.exeC:\Documents and Settings\Moak Petrolium\laqig.exeC:\Documents and Settings\Moak Petrolium\pktier.exeC:\Documents and Settings\Moak Petrolium\NTUSER.DATC:\Documents and Settings\Moak Petrolium\Application Data\Microsoft\Internet Explorer\UserData\index.datC:\Documents and Settings\Moak Petrolium\Application Data\Microsoft\Office\Recent\index.datC:\Documents and Settings\Moak Petrolium\IECompatCache\index.datC:\Documents and Settings\Moak Petrolium\IETldCache\index.datC:\Documents and Settings\Moak Petrolium\Local Settings\Application Data\Microsoft\Feeds Cache\index.datC:\Documents and Settings\Moak Petrolium\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.datC:\Documents and Settings\Moak Petrolium\Local Settings\Application Data\Microsoft\Windows\UsrClass.datC:\Documents and Settings\Moak Petrolium\Local Settings\History\History.IE5\MSHist012009100520091012\index.datC:\Documents and Settings\Moak Petrolium\Local Settings\History\History.IE5\MSHist012009101220091013\index.datC:\Documents and Settings\Moak Petrolium\Local Settings\History\History.IE5\MSHist012009101320091014\index.datC:\Documents and Settings\Moak Petrolium\Local Settings\History\History.IE5\MSHist012009101420091015\index.datC:\Documents and Settings\Moak Petrolium\PrivacIE\index.datC:\Documents and Settings\NetworkService\NTUSER.DATC:\Documents and Settings\NetworkService\Cookies\index.datC:\Documents and Settings\NetworkService\IETldCache\index.datC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.datC:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.datC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.datC:\i386\UsrClass.datC:\i386\oem10.infC:\i386\oem12.infC:\Program Files\Canon\MP Navigator 2.2\uinstrsc.dllC:\Program Files\Canon\MP Navigator 2.2\Maint.exeC:\Program Files\Chocolatier - Decadence by Design\chocolatier-decadence.exeC:\Program Files\Common Files\AOL\TopSpeed\3.0\WBUnins.exeC:\WINDOWS\assembly\pubpol14.datC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index90.datC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index91.datC:\WINDOWS\inf\oem10.infC:\WINDOWS\inf\oem12.infC:\WINDOWS\inf\oem19.infC:\WINDOWS\inf\oem20.infC:\WINDOWS\inf\oem21.infC:\WINDOWS\inf\oem22.infC:\WINDOWS\inf\oem26.infC:\WINDOWS\inf\oem27.infC:\WINDOWS\inf\oem32.infC:\WINDOWS\inf\oem33.infC:\WINDOWSepair
tuser.datC:\WINDOWS\system32\config\systemprofile\IETldCache\index.datC:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.datC:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009100920091010\index.datC:\WINDOWS\Tasks\SA.DAT

bamajim · Answer

sheripatn

Please download Combofix and save to your desktop:

Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

sheripatn · Answer

Here is the combofix report. Thank you ComboFix 09-10-15.04 - Moak Petrolium 10/15/2009 22:16.2.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.513 [GMT -5:00]Running from: c:\documents and settings\Moak Petrolium\Desktop\ComboFix.exeAV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}. (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))). c:\documents and settings\Moak Petrolium\cuecuf.exec:\documents and settings\Moak Petrolium\haihaep.exec:\documents and settings\Moak Petrolium\kanef.exec:\documents and settings\Moak Petrolium\laqig.exec:\documents and settings\Moak Petrolium\pktier.exec:\program files\FunWebProductsc:\program files\FunWebProducts\ScreenSaver\Images\000399A1.urrc:\program files\MyWebSearchc:\program files\MyWebSearch\bar\History\search3c:\program files\MyWebSearch\bar\Settings\s_pid.datc:\program files\MyWebSearch\bar\Settings\setting2.htmc:\program files\MyWebSearch\bar\Settings\settings.datc:\program files\SafetyCenterc:\program files\SafetyCenter\main.icoc:\program files\SafetyCenter\sound.wavc:\windows\Installer\15b01c.mspc:\windows\Installer\16315.mspc:\windows\Installer\1e5a3a.mspc:\windows\Installer\1f9970d3.mspc:\windows\Installer\3a1f2bc.msic:\windows\Installer\46d81b45.mspc:\windows\Installer\46d81b59.mspc:\windows\Installer\46d81b6d.mspc:\windows\Installer\6bbb3a8.msic:\windows\Installer\6bbb3a9.mspc:\windows\Installer\6bbb3aa.mspc:\windows\Installer\6bbb3ab.mspc:\windows\Installer\6bbb3ac.mspc:\windows\Installer\6bbb3ad.mspc:\windows\Installer\6bbb3ae.mspc:\windows\Installer\6bbb3af.mspc:\windows\Installer\6bbb3b0.mspc:\windows\Installer\6bbb3b1.mspc:\windows\Installer\7b53166.mspc:\windows\Installer\7b53182.mspc:\windows\Installer\7b531d5.mspc:\windows\Installer\7b531ea.mspc:\windows\Installer\7b5320f.mspc:\windows\Installer\7b53223.mspc:\windows\Installer\7b53239.mspc:\windows\Installer\7b5324d.mspc:\windows\Installer\7b53263.mspc:\windows\Installer\7b5327a.mspc:\windows\Installer\7b5328f.mspc:\windows\Installer\7b532a3.mspc:\windows\Installer\8fa65b9.mspc:\windows\svohost.exec:\windows\system32\bincd32.datc:\windows\system32\bszip.dllc:\windows\system32\gasfkyueqxbfal.dllc:\windows\system32
uar.oldc:\windows\system32\pump.exec:\windows\system32\schtmlc:\windows\system32\schtml\dbsinit.exec:\windows\system32\schtml\images\i1.gifc:\windows\system32\schtml\images\i2.gifc:\windows\system32\schtml\images\i3.gifc:\windows\system32\schtml\images\j1.gifc:\windows\system32\schtml\images\j2.gifc:\windows\system32\schtml\images\j3.gifc:\windows\system32\schtml\images\jj1.gifc:\windows\system32\schtml\images\jj2.gifc:\windows\system32\schtml\images\jj3.gifc:\windows\system32\schtml\images\l1.gifc:\windows\system32\schtml\images\l2.gifc:\windows\system32\schtml\images\l3.gifc:\windows\system32\schtml\images\pix.gifc:\windows\system32\schtml\images	1.gifc:\windows\system32\schtml\images	2.gifc:\windows\system32\schtml\images\up1.gifc:\windows\system32\schtml\images\up2.gifc:\windows\system32\schtml\images\w1.gifc:\windows\system32\schtml\images\w11.gifc:\windows\system32\schtml\images\w2.gifc:\windows\system32\schtml\images\w3.gifc:\windows\system32\schtml\images\w3.jpgc:\windows\system32\schtml\images\word.docc:\windows\system32\schtml\images\wt1.gifc:\windows\system32\schtml\images\wt2.gifc:\windows\system32\schtml\images\wt3.gifc:\windows\system32\schtml\wispex.htmlc:\windows\system32\skynet.datc:\windows\Tasks\At1.jobc:\windows\Tasks\At10.jobc:\windows\Tasks\At11.jobc:\windows\Tasks\At12.jobc:\windows\Tasks\At13.jobc:\windows\Tasks\At14.jobc:\windows\Tasks\At15.jobc:\windows\Tasks\At16.jobc:\windows\Tasks\At17.jobc:\windows\Tasks\At18.jobc:\windows\Tasks\At19.jobc:\windows\Tasks\At2.jobc:\windows\Tasks\At20.jobc:\windows\Tasks\At21.jobc:\windows\Tasks\At22.jobc:\windows\Tasks\At23.jobc:\windows\Tasks\At24.jobc:\windows\Tasks\At3.jobc:\windows\Tasks\At4.jobc:\windows\Tasks\At5.jobc:\windows\Tasks\At6.jobc:\windows\Tasks\At7.jobc:\windows\Tasks\At8.jobc:\windows\Tasks\At9.job .(((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))). -------\Legacy_WDefend-------\Service_WDefend (((((((((((((((((((((((((   Files Created from 2009-09-16 to 2009-10-16  ))))))))))))))))))))))))))))))). 2009-10-12 23:47 . 2009-10-12 23:47 590532 ----a-w- C:\Autoruns.zip2009-10-12 21:54 . 2009-10-13 00:00 -------- d-----w- C:\AVGTemp2009-10-12 02:07 . 2009-10-12 02:07 -------- d-----w- c:\program files\Trend Micro2009-10-11 21:02 . 2009-10-11 21:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe2009-10-11 20:54 . 2009-10-14 10:58 664 ----a-w- c:\windows\system32\d3d9caps.dat2009-10-10 03:13 . 2009-10-10 03:13 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE2009-10-10 03:13 . 2009-10-10 03:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2009-10-09 14:15 . 2009-10-09 15:15 58 ----a-w- c:\windows\wp4.dat2009-10-09 14:15 . 2009-10-09 15:15 4 ----a-w- c:\windows\wp3.dat2009-10-09 14:15 . 2009-10-09 14:15 654336 ----a-w- c:\windows\system32\plugie.dll2009-10-07 23:46 . 2009-10-07 23:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2009-10-07 03:30 . 2009-10-07 03:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2009-10-07 02:48 . 2009-10-07 02:48 -------- d-sh--w- c:\documents and settings\Moak Petrolium\IECompatCache2009-10-07 02:43 . 2009-10-07 02:43 -------- d-sh--w- c:\documents and settings\Moak Petrolium\PrivacIE2009-10-07 02:42 . 2009-10-07 02:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2009-10-07 02:42 . 2009-10-07 02:42 -------- d-sh--w- c:\documents and settings\Moak Petrolium\IETldCache2009-10-07 02:39 . 2009-10-07 02:39 -------- d-----w- c:\windows\ie8updates2009-10-07 02:38 . 2009-10-07 02:38 -------- dc-h--w- c:\windows\ie82009-10-07 02:36 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll2009-10-07 02:36 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll2009-10-07 02:36 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll2009-09-23 20:30 . 2009-09-23 20:30 0 ----a-w- C:\butwwo.exe2009-09-23 20:30 . 2009-09-23 20:30 0 ----a-w- C:\iusfdc.exe2009-09-23 20:28 . 2009-09-23 20:28 0 ----a-w- C:\wuun.exe2009-09-23 20:28 . 2009-09-23 20:28 0 ----a-w- C:\ddmishqi.exe2009-09-17 01:54 . 2009-09-17 01:54 2198 ----a-w- C:\LYPR.bat .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-10-15 05:05 . 2008-12-12 20:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2009-10-14 04:17 . 2009-01-13 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg82009-10-11 20:14 . 2009-06-12 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar2009-10-09 02:47 . 2006-09-12 14:58 82160 -c--a-w- c:\documents and settings\Moak Petrolium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-09-17 02:01 . 2009-09-07 19:21 -------- d-----w- c:\program files\Spybot - Search & Destroy2009-09-17 01:57 . 2009-09-07 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2009-09-16 04:08 . 2006-09-07 04:49 -------- d-----w- c:\program files\Java2009-09-14 08:03 . 2009-09-13 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2009-09-13 19:48 . 2009-09-13 19:38 -------- d-----w- c:\program files\Microsoft Visual Studio 82009-09-13 19:43 . 2009-09-13 19:43 -------- d-----w- c:\program files\Microsoft Works2009-09-13 19:43 . 2009-08-08 08:11 -------- d-----w- c:\program files\MSBuild2009-09-13 19:41 . 2009-09-13 19:41 -------- d-----w- c:\program files\Microsoft.NET2009-09-09 08:14 . 2009-08-04 23:12 -------- d-----w- c:\program files\Microsoft Silverlight2009-09-05 14:38 . 2009-09-05 14:38 -------- d-----w- c:\documents and settings\Moak Petrolium\Application Data\Oberonv10012009-09-05 14:37 . 2009-06-13 14:33 -------- d-----w- c:\program files\Oberon Media2009-08-23 01:05 . 2009-08-23 01:05 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys2009-08-23 01:05 . 2009-08-23 01:03 -------- d-----w- c:\program files\NETGEAR2009-08-23 01:05 . 2007-01-20 21:09 -------- d--h--w- c:\program files\InstallShield Installation Information2009-08-23 01:04 . 2008-09-17 15:36 -------- d-----w- c:\documents and settings\Moak Petrolium\Application Data\InstallShield2009-08-05 09:01 . 2004-08-11 22:00 204800 -c--a-w- c:\windows\system32\mswebdvd.dll2009-07-29 13:46 . 2009-01-13 18:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll2009-07-29 13:46 . 2009-01-13 18:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys2009-07-29 13:46 . 2009-01-13 18:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2009-07-25 10:23 . 2009-01-08 19:27 411368 ----a-w- c:\windows\system32\deploytk.dll. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]'{A3BC75A2-1F87-4686-AA43-5347D756017C}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]2009-09-02 16:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]'{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]'{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ScanSoft PDF Professional 4-reminder'='c:\program files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe' [2006-11-16 35368]'Symantec PIF AlertEng'='c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe' [2007-11-29 583048]'itype'='c:\program files\Microsoft IntelliType Pro\itype.exe' [2006-07-07 576320]'IntelliPoint'='c:\program files\Microsoft IntelliPoint\ipoint.exe' [2006-07-07 600896]'AVG8_TRAY'='c:\progra~1\AVG\AVG8\avgtray.exe' [2009-09-29 2023704]'EPSON PictureMate'='c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE' [2003-09-19 99840] c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2009-8-22 884838] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\avgrsstarter]2009-07-29 13:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnkbackup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkbackup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Moak Petrolium^Start Menu^Programs^Startup^AOL Desktop.lnk]path=c:\documents and settings\Moak Petrolium\Start Menu\Programs\Startup\AOL Desktop.lnkbackup=c:\windows\pss\AOL Desktop.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Moak Petrolium^Start Menu^Programs^Startup^Event Reminder.lnk]path=c:\documents and settings\Moak Petrolium\Start Menu\Programs\Startup\Event Reminder.lnkbackup=c:\windows\pss\Event Reminder.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]'WMPNetworkSvc'=3 (0x3)'WDefend'=2 (0x2)'RoxLiveShare9'=2 (0x2)'QuickBooksDB17'=2 (0x2)'QuickBooksDB'=2 (0x2)'QBFCService'=3 (0x3)'QBCFMonitorService'=2 (0x2)'ose'=3 (0x3)'odserv'=3 (0x3)'Microsoft Office Groove Audit Service'=3 (0x3)'MDM'=2 (0x2)'LiveUpdate Notice Service'=2 (0x2)'LiveUpdate Notice Ex'=2 (0x2)'KodakCCS'=3 (0x3)'JavaQuickStarterService'=2 (0x2)'idsvc'=3 (0x3)'IDriverT'=3 (0x3)'Iap'=2 (0x2)'hpdj'=2 (0x2)'gusvc'=3 (0x3)'GoogleDesktopManager'=3 (0x3)'CLTNetCnService'=2 (0x2)'AOL ACS'=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]'DisableMonitoring'=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]'%windir%\system32\sessmgr.exe'='c:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe'='c:\Program Files\Common Files\AOL\Loader\aolload.exe'='c:\Program Files\Common Files\AOL\ACS\AOLDial.exe'='c:\Program Files\Common Files\AOL\ACS\AOLacsd.exe'='c:\Program Files\Common Files\AOL\System Information\sinf.exe'='c:\Program Files\Intuit\QuickBooks 2006\QBW32PremierGeneric.exe'='c:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe'='c:\Program Files\Outlook Express\msimn.exe'='c:\Program Files\Common Files\AOL\1159364574\EE\aolsoftware.exe'='%windir%\Network Diagnostic\xpnetdiag.exe'='c:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe'='c:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe'='c:\Program Files\Common Files\AOL\1159364574\EE\AOLDesktop.exe'='c:\Program Files\AVG\AVG8\avgam.exe'='c:\Program Files\AVG\AVG8\avgupd.exe'='c:\Program Files\AVG\AVG8\avgnsx.exe'='c:\Program Files\Java\jre6\bin\java.exe'='c:\WINDOWS\system32\dpnsvr.exe'='c:\WINDOWS\system32\dxdiag.exe'='c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE'='c:\Program Files\Microsoft Office\Office12\GROOVE.EXE'='c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE'='c:\WINDOWS\system32\usmt\migwiz.exe'='c:\WINDOWS\system32\mmc.exe'= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]'443:TCP'= 443:TCP:HTTPS'21:TCP'= 21:TCP:FTP R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/13/2009 1:26 PM 12552]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/13/2009 1:26 PM 335240]R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/13/2009 1:26 PM 108552]R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/13/2009 1:26 PM 297752]S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/22/2009 8:05 PM 17149]S4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]'c:\windows\system32undll32.exe' 'c:\windows\system32\iedkcs32.dll',BrandIEActiveSetup SIGNUP.Contents of the 'Scheduled Tasks' folder 2009-10-16 c:\windows\Tasks\User_Feed_Synchronization-{038D821F-E787-43D8-99C0-7FD89C3500CC}.job- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]..------- Supplementary Scan -------.uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page = hxxp://aol.com/uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Open with ScanSoft PDF Converter 4.1 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100Trusted Zone: aol.comTrusted Zone: pogo.com\wwwDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabDPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB.- - - - ORPHANS REMOVED - - - - HKCU-Run-haihaep - c:\documents and settings\Moak Petrolium\haihaep.exeAddRemove-AOL Regclient - c:\program files\AOL\RC\uninstall.exeAddRemove-AOL Toolbar 5.0 - c:\program files\AOL\AOL Toolbar 5.0\uninstall.exeAddRemove-Port Magic - c:\program files\Pure Networks\Port Magic\PortAOL.exe   ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-10-15 22:25Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ...  scanning hidden autostart entries ... scanning hidden files ...  scan completed successfullyhidden files: 0 **************************************************************************.--------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-255879815-3811564576-2564377081-1005\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).--------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(4032)c:\windows\system32\WININET.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll.------------------------ Other Running Processes ------------------------.c:\progra~1\AVG\AVG8\avgam.exec:\program files\AVG\AVG8\avgrsx.exec:\progra~1\AVG\AVG8\avgnsx.exe.**************************************************************************.Completion time: 2009-10-16 22:32 - machine was rebootedComboFix-quarantined-files.txt  2009-10-16 03:31 Pre-Run: 51,524,202,496 bytes freePost-Run: 51,451,289,600 bytes free 341 --- E O F --- 2009-10-13 08:01

bamajim · Answer

sheripatn 1. Open NotePad (not wordpad). Copy and paste the following into Notepad File::c:\windows\wp4.datc:\windows\wp3.datc:\windows\system32\plugie.dllC:\butwwo.exeC:\iusfdc.exeC:\wuun.exeC:\ddmishqi.exeC:\LYPR.bat Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop Using the Image as a reference, drag CFScript into ComboFix.exe You will be prompted to run Combofix again, Do so Following the same rules as indicated in my first post Then post the contents of the C:\ComboFix.txt log in your reply

sheripatn · Answer

Here is the file. Thank you ComboFix 09-10-15.04 - Moak Petrolium 10/16/2009 19:54.3.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.478 [GMT -5:00]Running from: c:\documents and settings\Moak Petrolium\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Moak Petrolium\Desktop\CFScript.txtAV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE ::'C:\butwwo.exe''C:\ddmishqi.exe''C:\iusfdc.exe''C:\LYPR.bat''c:\windows\system32\plugie.dll''c:\windows\wp3.dat''c:\windows\wp4.dat''C:\wuun.exe'. (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))). C:\butwwo.exeC:\ddmishqi.exeC:\iusfdc.exeC:\LYPR.batc:\windows\system32\plugie.dllc:\windows\wp3.datc:\windows\wp4.datC:\wuun.exe .(((((((((((((((((((((((((   Files Created from 2009-09-17 to 2009-10-17  ))))))))))))))))))))))))))))))). 2009-10-16 10:57 . 2009-10-16 10:57 -------- d-----w- c:\windows\LastGood2009-10-12 23:47 . 2009-10-12 23:47 590532 ----a-w- C:\Autoruns.zip2009-10-12 21:54 . 2009-10-13 00:00 -------- d-----w- C:\AVGTemp2009-10-12 02:07 . 2009-10-12 02:07 -------- d-----w- c:\program files\Trend Micro2009-10-11 21:02 . 2009-10-11 21:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe2009-10-11 20:54 . 2009-10-14 10:58 664 ----a-w- c:\windows\system32\d3d9caps.dat2009-10-10 03:13 . 2009-10-10 03:13 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE2009-10-10 03:13 . 2009-10-10 03:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2009-10-07 23:46 . 2009-10-07 23:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2009-10-07 03:30 . 2009-10-07 03:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2009-10-07 02:48 . 2009-10-07 02:48 -------- d-sh--w- c:\documents and settings\Moak Petrolium\IECompatCache2009-10-07 02:43 . 2009-10-07 02:43 -------- d-sh--w- c:\documents and settings\Moak Petrolium\PrivacIE2009-10-07 02:42 . 2009-10-07 02:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2009-10-07 02:42 . 2009-10-07 02:42 -------- d-sh--w- c:\documents and settings\Moak Petrolium\IETldCache2009-10-07 02:39 . 2009-10-07 02:39 -------- d-----w- c:\windows\ie8updates2009-10-07 02:38 . 2009-10-07 02:38 -------- dc-h--w- c:\windows\ie82009-10-07 02:36 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll2009-10-07 02:36 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll2009-10-07 02:36 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-10-17 00:46 . 2008-12-12 20:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2009-10-14 04:17 . 2009-01-13 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg82009-10-11 20:14 . 2009-06-12 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar2009-10-09 02:47 . 2006-09-12 14:58 82160 -c--a-w- c:\documents and settings\Moak Petrolium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-09-17 02:01 . 2009-09-07 19:21 -------- d-----w- c:\program files\Spybot - Search & Destroy2009-09-17 01:57 . 2009-09-07 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2009-09-16 04:08 . 2006-09-07 04:49 -------- d-----w- c:\program files\Java2009-09-14 08:03 . 2009-09-13 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2009-09-13 19:48 . 2009-09-13 19:38 -------- d-----w- c:\program files\Microsoft Visual Studio 82009-09-13 19:43 . 2009-09-13 19:43 -------- d-----w- c:\program files\Microsoft Works2009-09-13 19:43 . 2009-08-08 08:11 -------- d-----w- c:\program files\MSBuild2009-09-13 19:41 . 2009-09-13 19:41 -------- d-----w- c:\program files\Microsoft.NET2009-09-09 08:14 . 2009-08-04 23:12 -------- d-----w- c:\program files\Microsoft Silverlight2009-09-05 14:38 . 2009-09-05 14:38 -------- d-----w- c:\documents and settings\Moak Petrolium\Application Data\Oberonv10012009-09-05 14:37 . 2009-06-13 14:33 -------- d-----w- c:\program files\Oberon Media2009-08-23 01:05 . 2009-08-23 01:05 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys2009-08-23 01:05 . 2009-08-23 01:03 -------- d-----w- c:\program files\NETGEAR2009-08-23 01:05 . 2007-01-20 21:09 -------- d--h--w- c:\program files\InstallShield Installation Information2009-08-23 01:04 . 2008-09-17 15:36 -------- d-----w- c:\documents and settings\Moak Petrolium\Application Data\InstallShield2009-08-05 09:01 . 2004-08-11 22:00 204800 -c--a-w- c:\windows\system32\mswebdvd.dll2009-07-29 13:46 . 2009-01-13 18:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll2009-07-29 13:46 . 2009-01-13 18:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys2009-07-29 13:46 . 2009-01-13 18:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2009-07-25 10:23 . 2009-01-08 19:27 411368 ----a-w- c:\windows\system32\deploytk.dll. (((((((((((((((((((((((((((((   SnapShot@2009-10-16_03.25.58   )))))))))))))))))))))))))))))))))))))))))..(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]'{A3BC75A2-1F87-4686-AA43-5347D756017C}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]2009-09-02 16:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]'{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]'{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ScanSoft PDF Professional 4-reminder'='c:\program files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe' [2006-11-16 35368]'Symantec PIF AlertEng'='c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe' [2007-11-29 583048]'itype'='c:\program files\Microsoft IntelliType Pro\itype.exe' [2006-07-07 576320]'IntelliPoint'='c:\program files\Microsoft IntelliPoint\ipoint.exe' [2006-07-07 600896]'AVG8_TRAY'='c:\progra~1\AVG\AVG8\avgtray.exe' [2009-09-29 2023704]'EPSON PictureMate'='c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE' [2003-09-19 99840] c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2009-8-22 884838] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\avgrsstarter]2009-07-29 13:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnkbackup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkbackup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Moak Petrolium^Start Menu^Programs^Startup^AOL Desktop.lnk]path=c:\documents and settings\Moak Petrolium\Start Menu\Programs\Startup\AOL Desktop.lnkbackup=c:\windows\pss\AOL Desktop.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Moak Petrolium^Start Menu^Programs^Startup^Event Reminder.lnk]path=c:\documents and settings\Moak Petrolium\Start Menu\Programs\Startup\Event Reminder.lnkbackup=c:\windows\pss\Event Reminder.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]'WMPNetworkSvc'=3 (0x3)'WDefend'=2 (0x2)'RoxLiveShare9'=2 (0x2)'QuickBooksDB17'=2 (0x2)'QuickBooksDB'=2 (0x2)'QBFCService'=3 (0x3)'QBCFMonitorService'=2 (0x2)'ose'=3 (0x3)'odserv'=3 (0x3)'Microsoft Office Groove Audit Service'=3 (0x3)'MDM'=2 (0x2)'LiveUpdate Notice Service'=2 (0x2)'LiveUpdate Notice Ex'=2 (0x2)'KodakCCS'=3 (0x3)'JavaQuickStarterService'=2 (0x2)'idsvc'=3 (0x3)'IDriverT'=3 (0x3)'Iap'=2 (0x2)'hpdj'=2 (0x2)'gusvc'=3 (0x3)'GoogleDesktopManager'=3 (0x3)'CLTNetCnService'=2 (0x2)'AOL ACS'=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]'DisableMonitoring'=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]'%windir%\system32\sessmgr.exe'='c:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe'='c:\Program Files\Common Files\AOL\Loader\aolload.exe'='c:\Program Files\Common Files\AOL\ACS\AOLDial.exe'='c:\Program Files\Common Files\AOL\ACS\AOLacsd.exe'='c:\Program Files\Common Files\AOL\System Information\sinf.exe'='c:\Program Files\Intuit\QuickBooks 2006\QBW32PremierGeneric.exe'='c:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe'='c:\Program Files\Outlook Express\msimn.exe'='c:\Program Files\Common Files\AOL\1159364574\EE\aolsoftware.exe'='%windir%\Network Diagnostic\xpnetdiag.exe'='c:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe'='c:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe'='c:\Program Files\Common Files\AOL\1159364574\EE\AOLDesktop.exe'='c:\Program Files\AVG\AVG8\avgam.exe'='c:\Program Files\AVG\AVG8\avgupd.exe'='c:\Program Files\AVG\AVG8\avgnsx.exe'='c:\Program Files\Java\jre6\bin\java.exe'='c:\WINDOWS\system32\dpnsvr.exe'='c:\WINDOWS\system32\dxdiag.exe'='c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE'='c:\Program Files\Microsoft Office\Office12\GROOVE.EXE'='c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE'='c:\WINDOWS\system32\usmt\migwiz.exe'='c:\WINDOWS\system32\mmc.exe'= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]'443:TCP'= 443:TCP:HTTPS'21:TCP'= 21:TCP:FTP R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/13/2009 1:26 PM 12552]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/13/2009 1:26 PM 335240]R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/13/2009 1:26 PM 108552]R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/13/2009 1:26 PM 297752]S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/22/2009 8:05 PM 17149]S4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]'c:\windows\system32undll32.exe' 'c:\windows\system32\iedkcs32.dll',BrandIEActiveSetup SIGNUP.Contents of the 'Scheduled Tasks' folder 2009-10-16 c:\windows\Tasks\User_Feed_Synchronization-{038D821F-E787-43D8-99C0-7FD89C3500CC}.job- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]..------- Supplementary Scan -------.uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page = hxxp://aol.com/uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Open with ScanSoft PDF Converter 4.1 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100Trusted Zone: aol.comTrusted Zone: pogo.com\wwwDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabDPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-10-16 20:00Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ...  scanning hidden autostart entries ... scanning hidden files ...  **************************************************************************.--------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-255879815-3811564576-2564377081-1005\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).Completion time: 2009-10-17 20:03ComboFix-quarantined-files.txt  2009-10-17 01:02ComboFix2.txt  2009-10-16 03:32 Pre-Run: 51,269,496,832 bytes freePost-Run: 51,239,567,360 bytes free 220 --- E O F --- 2009-10-16 08:01

rwscomp · Answer

Also, turn off your system restore, or it will reload. You can turn it back on once you get clean.

Go to Start, then right click "My Computer", then pick the system restore tab. Check the box "Turn off system restore", then Aplly, then OK. Check this setting after each reboot, it has a tendancy to turn the system restore back on so it can reload.

sheripatn · Answer

OK I turned off system restore and ran combofix again. This is the new scan. Thank you ComboFix 09-10-15.04 - Moak Petrolium 10/17/2009  0:55.4.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.482 [GMT -5:00]Running from: c:\documents and settings\Moak Petrolium\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Moak Petrolium\Desktop\CFScript.txtAV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE ::'C:\butwwo.exe''C:\ddmishqi.exe''C:\iusfdc.exe''C:\LYPR.bat''c:\windows\system32\plugie.dll''c:\windows\wp3.dat''c:\windows\wp4.dat''C:\wuun.exe'. (((((((((((((((((((((((((   Files Created from 2009-09-17 to 2009-10-17  ))))))))))))))))))))))))))))))). 2009-10-16 10:57 . 2009-10-16 10:57 -------- d-----w- c:\windows\LastGood2009-10-12 23:47 . 2009-10-12 23:47 590532 ----a-w- C:\Autoruns.zip2009-10-12 21:54 . 2009-10-13 00:00 -------- d-----w- C:\AVGTemp2009-10-12 02:07 . 2009-10-12 02:07 -------- d-----w- c:\program files\Trend Micro2009-10-11 21:02 . 2009-10-11 21:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe2009-10-11 20:54 . 2009-10-14 10:58 664 ----a-w- c:\windows\system32\d3d9caps.dat2009-10-10 03:13 . 2009-10-10 03:13 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE2009-10-10 03:13 . 2009-10-10 03:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2009-10-07 23:46 . 2009-10-07 23:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2009-10-07 03:30 . 2009-10-07 03:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2009-10-07 02:48 . 2009-10-07 02:48 -------- d-sh--w- c:\documents and settings\Moak Petrolium\IECompatCache2009-10-07 02:43 . 2009-10-07 02:43 -------- d-sh--w- c:\documents and settings\Moak Petrolium\PrivacIE2009-10-07 02:42 . 2009-10-07 02:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2009-10-07 02:42 . 2009-10-07 02:42 -------- d-sh--w- c:\documents and settings\Moak Petrolium\IETldCache2009-10-07 02:39 . 2009-10-07 02:39 -------- d-----w- c:\windows\ie8updates2009-10-07 02:38 . 2009-10-07 02:38 -------- dc-h--w- c:\windows\ie82009-10-07 02:36 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll2009-10-07 02:36 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll2009-10-07 02:36 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-10-17 00:46 . 2008-12-12 20:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2009-10-14 04:17 . 2009-01-13 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg82009-10-11 20:14 . 2009-06-12 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar2009-10-09 02:47 . 2006-09-12 14:58 82160 -c--a-w- c:\documents and settings\Moak Petrolium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-09-17 02:01 . 2009-09-07 19:21 -------- d-----w- c:\program files\Spybot - Search & Destroy2009-09-17 01:57 . 2009-09-07 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2009-09-16 04:08 . 2006-09-07 04:49 -------- d-----w- c:\program files\Java2009-09-14 08:03 . 2009-09-13 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2009-09-13 19:48 . 2009-09-13 19:38 -------- d-----w- c:\program files\Microsoft Visual Studio 82009-09-13 19:43 . 2009-09-13 19:43 -------- d-----w- c:\program files\Microsoft Works2009-09-13 19:43 . 2009-08-08 08:11 -------- d-----w- c:\program files\MSBuild2009-09-13 19:41 . 2009-09-13 19:41 -------- d-----w- c:\program files\Microsoft.NET2009-09-09 08:14 . 2009-08-04 23:12 -------- d-----w- c:\program files\Microsoft Silverlight2009-09-05 14:38 . 2009-09-05 14:38 -------- d-----w- c:\documents and settings\Moak Petrolium\Application Data\Oberonv10012009-09-05 14:37 . 2009-06-13 14:33 -------- d-----w- c:\program files\Oberon Media2009-08-23 01:05 . 2009-08-23 01:05 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys2009-08-23 01:05 . 2009-08-23 01:03 -------- d-----w- c:\program files\NETGEAR2009-08-23 01:05 . 2007-01-20 21:09 -------- d--h--w- c:\program files\InstallShield Installation Information2009-08-23 01:04 . 2008-09-17 15:36 -------- d-----w- c:\documents and settings\Moak Petrolium\Application Data\InstallShield2009-08-05 09:01 . 2004-08-11 22:00 204800 -c--a-w- c:\windows\system32\mswebdvd.dll2009-07-29 13:46 . 2009-01-13 18:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll2009-07-29 13:46 . 2009-01-13 18:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys2009-07-29 13:46 . 2009-01-13 18:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2009-07-25 10:23 . 2009-01-08 19:27 411368 ----a-w- c:\windows\system32\deploytk.dll. (((((((((((((((((((((((((((((   SnapShot@2009-10-16_03.25.58   )))))))))))))))))))))))))))))))))))))))))..(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]'{A3BC75A2-1F87-4686-AA43-5347D756017C}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]2009-09-02 16:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]'{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]'{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ScanSoft PDF Professional 4-reminder'='c:\program files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe' [2006-11-16 35368]'Symantec PIF AlertEng'='c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe' [2007-11-29 583048]'itype'='c:\program files\Microsoft IntelliType Pro\itype.exe' [2006-07-07 576320]'IntelliPoint'='c:\program files\Microsoft IntelliPoint\ipoint.exe' [2006-07-07 600896]'AVG8_TRAY'='c:\progra~1\AVG\AVG8\avgtray.exe' [2009-09-29 2023704]'EPSON PictureMate'='c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE' [2003-09-19 99840] c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2009-8-22 884838] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\avgrsstarter]2009-07-29 13:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnkbackup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkbackup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Moak Petrolium^Start Menu^Programs^Startup^AOL Desktop.lnk]path=c:\documents and settings\Moak Petrolium\Start Menu\Programs\Startup\AOL Desktop.lnkbackup=c:\windows\pss\AOL Desktop.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Moak Petrolium^Start Menu^Programs^Startup^Event Reminder.lnk]path=c:\documents and settings\Moak Petrolium\Start Menu\Programs\Startup\Event Reminder.lnkbackup=c:\windows\pss\Event Reminder.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]'WMPNetworkSvc'=3 (0x3)'WDefend'=2 (0x2)'RoxLiveShare9'=2 (0x2)'QuickBooksDB17'=2 (0x2)'QuickBooksDB'=2 (0x2)'QBFCService'=3 (0x3)'QBCFMonitorService'=2 (0x2)'ose'=3 (0x3)'odserv'=3 (0x3)'Microsoft Office Groove Audit Service'=3 (0x3)'MDM'=2 (0x2)'LiveUpdate Notice Service'=2 (0x2)'LiveUpdate Notice Ex'=2 (0x2)'KodakCCS'=3 (0x3)'JavaQuickStarterService'=2 (0x2)'idsvc'=3 (0x3)'IDriverT'=3 (0x3)'Iap'=2 (0x2)'hpdj'=2 (0x2)'gusvc'=3 (0x3)'GoogleDesktopManager'=3 (0x3)'CLTNetCnService'=2 (0x2)'AOL ACS'=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]'DisableMonitoring'=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]'%windir%\system32\sessmgr.exe'='c:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe'='c:\Program Files\Common Files\AOL\Loader\aolload.exe'='c:\Program Files\Common Files\AOL\ACS\AOLDial.exe'='c:\Program Files\Common Files\AOL\ACS\AOLacsd.exe'='c:\Program Files\Common Files\AOL\System Information\sinf.exe'='c:\Program Files\Intuit\QuickBooks 2006\QBW32PremierGeneric.exe'='c:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe'='c:\Program Files\Outlook Express\msimn.exe'='c:\Program Files\Common Files\AOL\1159364574\EE\aolsoftware.exe'='%windir%\Network Diagnostic\xpnetdiag.exe'='c:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe'='c:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe'='c:\Program Files\Common Files\AOL\1159364574\EE\AOLDesktop.exe'='c:\Program Files\AVG\AVG8\avgam.exe'='c:\Program Files\AVG\AVG8\avgupd.exe'='c:\Program Files\AVG\AVG8\avgnsx.exe'='c:\Program Files\Java\jre6\bin\java.exe'='c:\WINDOWS\system32\dpnsvr.exe'='c:\WINDOWS\system32\dxdiag.exe'='c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE'='c:\Program Files\Microsoft Office\Office12\GROOVE.EXE'='c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE'='c:\WINDOWS\system32\usmt\migwiz.exe'='c:\WINDOWS\system32\mmc.exe'= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]'443:TCP'= 443:TCP:HTTPS'21:TCP'= 21:TCP:FTP R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/13/2009 1:26 PM 12552]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/13/2009 1:26 PM 335240]R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/13/2009 1:26 PM 108552]R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/13/2009 1:26 PM 297752]S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/22/2009 8:05 PM 17149]S4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]'c:\windows\system32undll32.exe' 'c:\windows\system32\iedkcs32.dll',BrandIEActiveSetup SIGNUP.Contents of the 'Scheduled Tasks' folder 2009-10-17 c:\windows\Tasks\User_Feed_Synchronization-{038D821F-E787-43D8-99C0-7FD89C3500CC}.job- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]..------- Supplementary Scan -------.uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page = hxxp://aol.com/uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Open with ScanSoft PDF Converter 4.1 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100Trusted Zone: aol.comTrusted Zone: pogo.com\wwwDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabDPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-10-17 00:59Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ...  scanning hidden autostart entries ... scanning hidden files ...  **************************************************************************.--------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-255879815-3811564576-2564377081-1005\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).--------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(5436)c:\windows\system32\WININET.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2009-10-17  1:02ComboFix-quarantined-files.txt  2009-10-17 06:01ComboFix2.txt  2009-10-17 01:03ComboFix3.txt  2009-10-16 03:32 Pre-Run: 53,290,041,344 bytes freePost-Run: 53,295,775,744 bytes free 220 --- E O F --- 2009-10-16 08:01

sheripatn · Answer

OK I turned off system restore and ran combofix again. This is the new scan. Thank you ComboFix 09-10-15.04 - Moak Petrolium 10/17/2009  0:55.4.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.482 [GMT -5:00]Running from: c:\documents and settings\Moak Petrolium\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Moak Petrolium\Desktop\CFScript.txtAV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE ::'C:\butwwo.exe''C:\ddmishqi.exe''C:\iusfdc.exe''C:\LYPR.bat''c:\windows\system32\plugie.dll''c:\windows\wp3.dat''c:\windows\wp4.dat''C:\wuun.exe'. (((((((((((((((((((((((((   Files Created from 2009-09-17 to 2009-10-17  ))))))))))))))))))))))))))))))). 2009-10-16 10:57 . 2009-10-16 10:57 -------- d-----w- c:\windows\LastGood2009-10-12 23:47 . 2009-10-12 23:47 590532 ----a-w- C:\Autoruns.zip2009-10-12 21:54 . 2009-10-13 00:00 -------- d-----w- C:\AVGTemp2009-10-12 02:07 . 2009-10-12 02:07 -------- d-----w- c:\program files\Trend Micro2009-10-11 21:02 . 2009-10-11 21:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe2009-10-11 20:54 . 2009-10-14 10:58 664 ----a-w- c:\windows\system32\d3d9caps.dat2009-10-10 03:13 . 2009-10-10 03:13 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE2009-10-10 03:13 . 2009-10-10 03:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2009-10-07 23:46 . 2009-10-07 23:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2009-10-07 03:30 . 2009-10-07 03:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2009-10-07 02:48 . 2009-10-07 02:48 -------- d-sh--w- c:\documents and settings\Moak Petrolium\IECompatCache2009-10-07 02:43 . 2009-10-07 02:43 -------- d-sh--w- c:\documents and settings\Moak Petrolium\PrivacIE2009-10-07 02:42 . 2009-10-07 02:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2009-10-07 02:42 . 2009-10-07 02:42 -------- d-sh--w- c:\documents and settings\Moak Petrolium\IETldCache2009-10-07 02:39 . 2009-10-07 02:39 -------- d-----w- c:\windows\ie8updates2009-10-07 02:38 . 2009-10-07 02:38 -------- dc-h--w- c:\windows\ie82009-10-07 02:36 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll2009-10-07 02:36 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll2009-10-07 02:36 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-10-17 00:46 . 2008-12-12 20:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2009-10-14 04:17 . 2009-01-13 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg82009-10-11 20:14 . 2009-06-12 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar2009-10-09 02:47 . 2006-09-12 14:58 82160 -c--a-w- c:\documents and settings\Moak Petrolium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-09-17 02:01 . 2009-09-07 19:21 -------- d-----w- c:\program files\Spybot - Search & Destroy2009-09-17 01:57 . 2009-09-07 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2009-09-16 04:08 . 2006-09-07 04:49 -------- d-----w- c:\program files\Java2009-09-14 08:03 . 2009-09-13 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2009-09-13 19:48 . 2009-09-13 19:38 -------- d-----w- c:\program files\Microsoft Visual Studio 82009-09-13 19:43 . 2009-09-13 19:43 -------- d-----w- c:\program files\Microsoft Works2009-09-13 19:43 . 2009-08-08 08:11 -------- d-----w- c:\program files\MSBuild2009-09-13 19:41 . 2009-09-13 19:41 -------- d-----w- c:\program files\Microsoft.NET2009-09-09 08:14 . 2009-08-04 23:12 -------- d-----w- c:\program files\Microsoft Silverlight2009-09-05 14:38 . 2009-09-05 14:38 -------- d-----w- c:\documents and settings\Moak Petrolium\Application Data\Oberonv10012009-09-05 14:37 . 2009-06-13 14:33 -------- d-----w- c:\program files\Oberon Media2009-08-23 01:05 . 2009-08-23 01:05 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys2009-08-23 01:05 . 2009-08-23 01:03 -------- d-----w- c:\program files\NETGEAR2009-08-23 01:05 . 2007-01-20 21:09 -------- d--h--w- c:\program files\InstallShield Installation Information2009-08-23 01:04 . 2008-09-17 15:36 -------- d-----w- c:\documents and settings\Moak Petrolium\Application Data\InstallShield2009-08-05 09:01 . 2004-08-11 22:00 204800 -c--a-w- c:\windows\system32\mswebdvd.dll2009-07-29 13:46 . 2009-01-13 18:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll2009-07-29 13:46 . 2009-01-13 18:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys2009-07-29 13:46 . 2009-01-13 18:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2009-07-25 10:23 . 2009-01-08 19:27 411368 ----a-w- c:\windows\system32\deploytk.dll. (((((((((((((((((((((((((((((   SnapShot@2009-10-16_03.25.58   )))))))))))))))))))))))))))))))))))))))))..(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]'{A3BC75A2-1F87-4686-AA43-5347D756017C}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]2009-09-02 16:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]'{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]'{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ScanSoft PDF Professional 4-reminder'='c:\program files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe' [2006-11-16 35368]'Symantec PIF AlertEng'='c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe' [2007-11-29 583048]'itype'='c:\program files\Microsoft IntelliType Pro\itype.exe' [2006-07-07 576320]'IntelliPoint'='c:\program files\Microsoft IntelliPoint\ipoint.exe' [2006-07-07 600896]'AVG8_TRAY'='c:\progra~1\AVG\AVG8\avgtray.exe' [2009-09-29 2023704]'EPSON PictureMate'='c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE' [2003-09-19 99840] c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2009-8-22 884838] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\avgrsstarter]2009-07-29 13:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnkbackup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkbackup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Moak Petrolium^Start Menu^Programs^Startup^AOL Desktop.lnk]path=c:\documents and settings\Moak Petrolium\Start Menu\Programs\Startup\AOL Desktop.lnkbackup=c:\windows\pss\AOL Desktop.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Moak Petrolium^Start Menu^Programs^Startup^Event Reminder.lnk]path=c:\documents and settings\Moak Petrolium\Start Menu\Programs\Startup\Event Reminder.lnkbackup=c:\windows\pss\Event Reminder.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]'WMPNetworkSvc'=3 (0x3)'WDefend'=2 (0x2)'RoxLiveShare9'=2 (0x2)'QuickBooksDB17'=2 (0x2)'QuickBooksDB'=2 (0x2)'QBFCService'=3 (0x3)'QBCFMonitorService'=2 (0x2)'ose'=3 (0x3)'odserv'=3 (0x3)'Microsoft Office Groove Audit Service'=3 (0x3)'MDM'=2 (0x2)'LiveUpdate Notice Service'=2 (0x2)'LiveUpdate Notice Ex'=2 (0x2)'KodakCCS'=3 (0x3)'JavaQuickStarterService'=2 (0x2)'idsvc'=3 (0x3)'IDriverT'=3 (0x3)'Iap'=2 (0x2)'hpdj'=2 (0x2)'gusvc'=3 (0x3)'GoogleDesktopManager'=3 (0x3)'CLTNetCnService'=2 (0x2)'AOL ACS'=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]'DisableMonitoring'=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]'%windir%\system32\sessmgr.exe'='c:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe'='c:\Program Files\Common Files\AOL\Loader\aolload.exe'='c:\Program Files\Common Files\AOL\ACS\AOLDial.exe'='c:\Program Files\Common Files\AOL\ACS\AOLacsd.exe'='c:\Program Files\Common Files\AOL\System Information\sinf.exe'='c:\Program Files\Intuit\QuickBooks 2006\QBW32PremierGeneric.exe'='c:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe'='c:\Program Files\Outlook Express\msimn.exe'='c:\Program Files\Common Files\AOL\1159364574\EE\aolsoftware.exe'='%windir%\Network Diagnostic\xpnetdiag.exe'='c:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe'='c:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe'='c:\Program Files\Common Files\AOL\1159364574\EE\AOLDesktop.exe'='c:\Program Files\AVG\AVG8\avgam.exe'='c:\Program Files\AVG\AVG8\avgupd.exe'='c:\Program Files\AVG\AVG8\avgnsx.exe'='c:\Program Files\Java\jre6\bin\java.exe'='c:\WINDOWS\system32\dpnsvr.exe'='c:\WINDOWS\system32\dxdiag.exe'='c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE'='c:\Program Files\Microsoft Office\Office12\GROOVE.EXE'='c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE'='c:\WINDOWS\system32\usmt\migwiz.exe'='c:\WINDOWS\system32\mmc.exe'= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]'443:TCP'= 443:TCP:HTTPS'21:TCP'= 21:TCP:FTP R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/13/2009 1:26 PM 12552]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/13/2009 1:26 PM 335240]R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/13/2009 1:26 PM 108552]R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/13/2009 1:26 PM 297752]S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/22/2009 8:05 PM 17149]S4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]'c:\windows\system32undll32.exe' 'c:\windows\system32\iedkcs32.dll',BrandIEActiveSetup SIGNUP.Contents of the 'Scheduled Tasks' folder 2009-10-17 c:\windows\Tasks\User_Feed_Synchronization-{038D821F-E787-43D8-99C0-7FD89C3500CC}.job- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]..------- Supplementary Scan -------.uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page = hxxp://aol.com/uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Open with ScanSoft PDF Converter 4.1 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100Trusted Zone: aol.comTrusted Zone: pogo.com\wwwDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabDPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-10-17 00:59Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ...  scanning hidden autostart entries ... scanning hidden files ...  **************************************************************************.--------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-255879815-3811564576-2564377081-1005\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).--------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(5436)c:\windows\system32\WININET.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2009-10-17  1:02ComboFix-quarantined-files.txt  2009-10-17 06:01ComboFix2.txt  2009-10-17 01:03ComboFix3.txt  2009-10-16 03:32 Pre-Run: 53,290,041,344 bytes freePost-Run: 53,295,775,744 bytes free 220 --- E O F --- 2009-10-16 08:01

bamajim · Answer

sheripatn Turn System Restore back on. It is your only Safety Net in case an error occours. Once you have done so, then reply and we will continue. @rwscomp Combofix does not clean System Restore folders.

sheripatn · Answer

System Restore is on. As soon as I rebooted my computer I looked and it was back on so I never cut it back off. I ran another scan and am attaching it. I have never used one of these forum before, so should I only reply to you since we have been working on this from the start? ComboFix 09-10-15.04 - Moak Petrolium 10/19/2009 15:27.5.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.455 [GMT -5:00]Running from: c:\documents and settings\Moak Petrolium\Desktop\ComboFix.exeAV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}. (((((((((((((((((((((((((   Files Created from 2009-09-19 to 2009-10-19  ))))))))))))))))))))))))))))))). 2009-10-17 08:29 . 2009-10-17 08:29 -------- d-----w- c:\documents and settings\Moak Petrolium\Local Settings\Application Data\PCHealth2009-10-17 08:03 . 2009-10-17 08:03 -------- d-sh--w- c:\documents and settings\Default User\IETldCache2009-10-12 23:47 . 2009-10-12 23:47 590532 ----a-w- C:\Autoruns.zip2009-10-12 21:54 . 2009-10-13 00:00 -------- d-----w- C:\AVGTemp2009-10-12 02:07 . 2009-10-12 02:07 -------- d-----w- c:\program files\Trend Micro2009-10-11 21:02 . 2009-10-11 21:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe2009-10-11 20:54 . 2009-10-14 10:58 664 ----a-w- c:\windows\system32\d3d9caps.dat2009-10-10 03:13 . 2009-10-10 03:13 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE2009-10-10 03:13 . 2009-10-10 03:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2009-10-07 23:46 . 2009-10-07 23:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2009-10-07 03:30 . 2009-10-07 03:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2009-10-07 02:48 . 2009-10-07 02:48 -------- d-sh--w- c:\documents and settings\Moak Petrolium\IECompatCache2009-10-07 02:43 . 2009-10-07 02:43 -------- d-sh--w- c:\documents and settings\Moak Petrolium\PrivacIE2009-10-07 02:42 . 2009-10-07 02:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2009-10-07 02:42 . 2009-10-07 02:42 -------- d-sh--w- c:\documents and settings\Moak Petrolium\IETldCache2009-10-07 02:39 . 2009-10-17 08:09 -------- d-----w- c:\windows\ie8updates2009-10-07 02:38 . 2009-10-07 02:38 -------- dc-h--w- c:\windows\ie82009-10-07 02:36 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll2009-10-07 02:36 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll2009-10-07 02:36 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-10-17 08:05 . 2009-09-13 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2009-10-17 00:46 . 2008-12-12 20:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2009-10-14 04:17 . 2009-01-13 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg82009-10-11 20:14 . 2009-06-12 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar2009-10-09 02:47 . 2006-09-12 14:58 82160 -c--a-w- c:\documents and settings\Moak Petrolium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-09-17 02:01 . 2009-09-07 19:21 -------- d-----w- c:\program files\Spybot - Search & Destroy2009-09-17 01:57 . 2009-09-07 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2009-09-16 04:08 . 2006-09-07 04:49 -------- d-----w- c:\program files\Java2009-09-13 19:48 . 2009-09-13 19:38 -------- d-----w- c:\program files\Microsoft Visual Studio 82009-09-13 19:43 . 2009-09-13 19:43 -------- d-----w- c:\program files\Microsoft Works2009-09-13 19:43 . 2009-08-08 08:11 -------- d-----w- c:\program files\MSBuild2009-09-13 19:41 . 2009-09-13 19:41 -------- d-----w- c:\program files\Microsoft.NET2009-09-11 14:18 . 2008-09-10 13:07 136192 ----a-w- c:\windows\system32\msv1_0.dll2009-09-09 08:14 . 2009-08-04 23:12 -------- d-----w- c:\program files\Microsoft Silverlight2009-09-05 14:38 . 2009-09-05 14:38 -------- d-----w- c:\documents and settings\Moak Petrolium\Application Data\Oberonv10012009-09-05 14:37 . 2009-06-13 14:33 -------- d-----w- c:\program files\Oberon Media2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll2009-08-29 08:08 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll2009-08-26 08:00 . 2004-08-11 22:00 247326 ----a-w- c:\windows\system32\strmdll.dll2009-08-23 01:05 . 2009-08-23 01:05 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys2009-08-23 01:05 . 2009-08-23 01:03 -------- d-----w- c:\program files\NETGEAR2009-08-23 01:05 . 2007-01-20 21:09 -------- d--h--w- c:\program files\InstallShield Installation Information2009-08-23 01:04 . 2008-09-17 15:36 -------- d-----w- c:\documents and settings\Moak Petrolium\Application Data\InstallShield2009-08-05 09:01 . 2004-08-11 22:00 204800 -c--a-w- c:\windows\system32\mswebdvd.dll2009-08-04 15:13 . 2008-09-10 13:07 2145280 ------w- c:\windows\system32
toskrnl.exe2009-08-04 14:20 . 2008-09-10 13:07 2023936 ------w- c:\windows\system32
tkrnlpa.exe2009-07-29 13:46 . 2009-01-13 18:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll2009-07-29 13:46 . 2009-01-13 18:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys2009-07-29 13:46 . 2009-01-13 18:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2009-07-25 10:23 . 2009-01-08 19:27 411368 ----a-w- c:\windows\system32\deploytk.dll. (((((((((((((((((((((((((((((   SnapShot@2009-10-16_03.25.58   ))))))))))))))))))))))))))))))))))))))))).+ 2004-08-11 22:00 . 2009-10-17 08:17 72576              c:\windows\system32\perfc009.dat- 2004-08-11 22:00 . 2009-09-17 02:19 72576              c:\windows\system32\perfc009.dat+ 2007-08-14 00:54 . 2009-08-29 08:08 55296              c:\windows\system32\msfeedsbs.dll- 2007-08-14 00:54 . 2009-07-03 17:09 55296              c:\windows\system32\msfeedsbs.dll- 2004-08-11 22:00 . 2009-07-03 17:09 25600              c:\windows\system32\jsproxy.dll+ 2004-08-11 22:00 . 2009-08-29 08:08 25600              c:\windows\system32\jsproxy.dll+ 2007-11-28 14:59 . 2009-08-29 08:08 55296              c:\windows\system32\dllcache\msfeedsbs.dll- 2007-11-28 14:59 . 2009-07-03 17:09 55296              c:\windows\system32\dllcache\msfeedsbs.dll+ 2009-09-04 21:03 . 2009-09-04 21:03 58880              c:\windows\system32\dllcache\msasn1.dll+ 2006-09-07 04:50 . 2009-08-29 08:08 25600              c:\windows\system32\dllcache\jsproxy.dll- 2006-09-07 04:50 . 2009-07-03 17:09 25600              c:\windows\system32\dllcache\jsproxy.dll+ 2009-09-13 19:45 . 2009-10-17 08:05 35088              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe- 2009-09-13 19:45 . 2009-09-14 08:03 35088              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe+ 2009-09-13 19:45 . 2009-10-17 08:05 18704              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe- 2009-09-13 19:45 . 2009-09-14 08:03 18704              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe- 2009-09-13 19:45 . 2009-09-14 08:03 20240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe+ 2009-09-13 19:45 . 2009-10-17 08:05 20240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe+ 2009-10-17 08:04 . 2009-10-17 08:04 38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe- 2009-06-10 08:07 . 2009-06-10 08:07 38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe+ 2009-10-17 08:09 . 2009-07-03 17:09 12800              c:\windows\ie8updates\KB974455-IE8\xpshims.dll+ 2009-10-17 08:09 . 2009-07-03 17:09 55296              c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll+ 2009-10-17 08:09 . 2009-07-03 17:09 25600              c:\windows\ie8updates\KB974455-IE8\jsproxy.dll+ 2009-10-17 08:22 . 2009-10-17 08:22 60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 82944              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll+ 2009-10-17 08:19 . 2009-10-17 08:19 47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe+ 2009-10-17 08:19 . 2009-10-17 08:19 39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 65024              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 74752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 14336              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe+ 2009-10-17 08:23 . 2009-10-17 08:23 25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll+ 2009-10-17 08:13 . 2009-10-17 08:13 77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll- 2009-08-08 08:18 . 2009-08-08 08:18 77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll- 2009-08-08 08:19 . 2009-08-08 08:19 81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll- 2009-08-08 08:19 . 2009-08-08 08:19 81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll- 2009-08-08 08:19 . 2009-08-08 08:19 32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll- 2009-08-08 08:19 . 2009-08-08 08:19 12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll- 2009-08-08 08:19 . 2009-08-08 08:19 28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll- 2009-08-08 08:19 . 2009-08-08 08:19 77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll- 2009-08-08 08:19 . 2009-08-08 08:19 36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll- 2009-08-08 08:19 . 2009-08-08 08:19 77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll- 2009-08-08 08:19 . 2009-08-08 08:19 13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll- 2009-08-08 08:19 . 2009-08-08 08:19 10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll- 2009-08-08 08:19 . 2009-08-08 08:19 72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll- 2009-08-08 08:19 . 2009-08-08 08:19 69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll- 2009-08-08 08:19 . 2009-08-08 08:19 8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll- 2009-08-08 08:19 . 2009-08-08 08:19 7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll- 2009-08-08 08:19 . 2009-08-08 08:19 5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll+ 2009-10-17 08:14 . 2009-10-17 08:14 6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll- 2009-08-08 08:19 . 2009-08-08 08:19 6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll- 2009-08-08 08:19 . 2009-08-08 08:19 8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll- 2009-08-08 08:19 . 2009-08-08 08:19 113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll- 2009-08-08 08:19 . 2009-08-08 08:19 258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll+ 2004-08-11 22:00 . 2009-04-02 04:02 604160              c:\windows\system32\wmspdmod.dll+ 2004-08-11 22:00 . 2009-10-17 08:17 445370              c:\windows\system32\perfh009.dat- 2004-08-11 22:00 . 2009-09-17 02:19 445370              c:\windows\system32\perfh009.dat+ 2004-08-11 22:00 . 2009-08-29 08:08 206848              c:\windows\system32\occache.dll- 2004-08-11 22:00 . 2009-07-03 17:09 206848              c:\windows\system32\occache.dll- 2007-08-14 00:54 . 2009-07-03 17:09 594432              c:\windows\system32\msfeeds.dll+ 2007-08-14 00:54 . 2009-08-29 08:08 594432              c:\windows\system32\msfeeds.dll- 2004-08-11 22:00 . 2009-07-03 17:09 184320              c:\windows\system32\iepeers.dll+ 2004-08-11 22:00 . 2009-08-29 08:08 184320              c:\windows\system32\iepeers.dll+ 2004-08-11 22:00 . 2009-08-29 08:08 387584              c:\windows\system32\iedkcs32.dll- 2004-08-11 22:00 . 2009-07-03 11:01 173056              c:\windows\system32\ie4uinit.exe+ 2004-08-11 22:00 . 2009-08-28 10:35 173056              c:\windows\system32\ie4uinit.exe+ 2004-08-11 22:00 . 2009-04-02 04:02 604160              c:\windows\system32\dllcache\wmspdmod.dll+ 2006-09-07 04:50 . 2009-08-29 08:08 916480              c:\windows\system32\dllcache\wininet.dll- 2004-08-11 22:00 . 2008-10-03 10:02 247326              c:\windows\system32\dllcache\strmdll.dll+ 2004-08-11 22:00 . 2009-08-26 08:00 247326              c:\windows\system32\dllcache\strmdll.dll- 2007-08-14 00:44 . 2009-07-03 17:09 206848              c:\windows\system32\dllcache\occache.dll+ 2007-08-14 00:44 . 2009-08-29 08:08 206848              c:\windows\system32\dllcache\occache.dll+ 2009-06-25 08:25 . 2009-09-11 14:18 136192              c:\windows\system32\dllcache\msv1_0.dll- 2009-06-25 08:25 . 2009-06-25 08:25 136192              c:\windows\system32\dllcache\msv1_0.dll- 2007-11-28 14:59 . 2009-07-03 17:09 594432              c:\windows\system32\dllcache\msfeeds.dll+ 2007-11-28 14:59 . 2009-08-29 08:08 594432              c:\windows\system32\dllcache\msfeeds.dll- 2006-09-07 04:50 . 2009-07-03 17:09 184320              c:\windows\system32\dllcache\iepeers.dll+ 2006-09-07 04:50 . 2009-08-29 08:08 184320              c:\windows\system32\dllcache\iepeers.dll+ 2007-08-14 00:39 . 2009-08-29 08:08 387584              c:\windows\system32\dllcache\iedkcs32.dll+ 2007-08-14 00:39 . 2009-08-28 10:35 173056              c:\windows\system32\dllcache\ie4uinit.exe- 2007-08-14 00:39 . 2009-07-03 11:01 173056              c:\windows\system32\dllcache\ie4uinit.exe+ 2009-08-08 04:51 . 2009-08-08 04:51 989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll+ 2009-09-13 19:45 . 2009-10-17 08:05 888080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe- 2009-09-13 19:45 . 2009-09-14 08:03 888080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe- 2009-09-13 19:45 . 2009-09-14 08:03 272648              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe+ 2009-09-13 19:45 . 2009-10-17 08:05 272648              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe+ 2009-09-13 19:45 . 2009-10-17 08:05 922384              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe- 2009-09-13 19:45 . 2009-09-14 08:03 922384              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe+ 2009-09-13 19:45 . 2009-10-17 08:05 845584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe- 2009-09-13 19:45 . 2009-09-14 08:03 845584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe+ 2009-09-13 19:45 . 2009-10-17 08:05 217864              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe- 2009-09-13 19:45 . 2009-09-14 08:03 217864              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe+ 2009-09-13 19:45 . 2009-10-17 08:05 184080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe- 2009-09-13 19:45 . 2009-09-14 08:03 184080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe- 2009-09-13 19:45 . 2009-09-14 08:03 159504              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe+ 2009-09-13 19:45 . 2009-10-17 08:05 159504              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe+ 2009-10-17 08:09 . 2009-07-03 17:09 915456              c:\windows\ie8updates\KB974455-IE8\wininet.dll+ 2009-10-17 08:09 . 2009-05-26 11:40 382840              c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll+ 2009-10-17 08:09 . 2008-07-08 13:02 231288              c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe+ 2009-10-17 08:09 . 2009-07-03 17:09 206848              c:\windows\ie8updates\KB974455-IE8\occache.dll+ 2009-10-17 08:09 . 2009-07-03 17:09 594432              c:\windows\ie8updates\KB974455-IE8\msfeeds.dll+ 2009-10-17 08:09 . 2009-07-03 17:09 246272              c:\windows\ie8updates\KB974455-IE8\ieproxy.dll+ 2009-10-17 08:09 . 2009-07-03 17:09 184320              c:\windows\ie8updates\KB974455-IE8\iepeers.dll+ 2009-10-17 08:09 . 2009-07-03 17:09 386048              c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll+ 2009-10-17 08:09 . 2009-07-03 11:01 173056              c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe+ 2009-10-17 08:31 . 2009-10-17 08:31 321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe+ 2009-10-17 08:22 . 2009-10-17 08:22 240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll+ 2009-10-17 08:22 . 2009-10-17 08:22 187904              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll+ 2009-10-17 08:22 . 2009-10-17 08:22 447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 676352              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll+ 2009-10-17 08:23 . 2009-10-17 08:23 381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll+ 2009-10-17 08:23 . 2009-10-17 08:23 212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll+ 2009-10-17 08:21 . 2009-10-17 08:21 208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe+ 2009-10-17 08:31 . 2009-10-17 08:31 256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe+ 2009-10-17 08:20 . 2009-10-17 08:20 258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll+ 2009-10-17 08:20 . 2009-10-17 08:20 539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll+ 2009-10-17 08:20 . 2009-10-17 08:20 368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll+ 2009-10-17 08:20 . 2009-10-17 08:20 224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe+ 2009-10-17 08:31 . 2009-10-17 08:31 386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 220672              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe+ 2009-10-17 08:23 . 2009-10-17 08:23 842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll+ 2009-10-17 08:13 . 2009-10-17 08:13 839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll- 2009-08-08 08:18 . 2009-08-08 08:18 839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll- 2009-08-08 08:18 . 2009-08-08 08:18 835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll+ 2009-10-17 08:13 . 2009-10-17 08:13 835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll- 2009-08-08 08:19 . 2009-08-08 08:19 114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll- 2009-08-08 08:19 . 2009-08-08 08:19 258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll- 2009-08-08 08:19 . 2009-08-08 08:19 131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll- 2009-08-08 08:19 . 2009-08-08 08:19 303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll- 2009-08-08 08:19 . 2009-08-08 08:19 258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll- 2009-08-08 08:19 . 2009-08-08 08:19 372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll- 2009-08-08 08:19 . 2009-08-08 08:19 626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll- 2009-08-08 08:19 . 2009-08-08 08:19 401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll- 2009-08-08 08:19 . 2009-08-08 08:19 188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll- 2009-08-08 08:19 . 2009-08-08 08:19 970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll- 2009-08-08 08:19 . 2009-08-08 08:19 745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll- 2009-08-08 08:19 . 2009-08-08 08:19 425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll- 2009-08-08 08:19 . 2009-08-08 08:19 110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll- 2009-08-08 08:19 . 2009-08-08 08:19 659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll- 2009-08-08 08:19 . 2009-08-08 08:19 372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll- 2009-08-08 08:19 . 2009-08-08 08:19 110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll- 2009-08-08 08:19 . 2009-08-08 08:19 749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll- 2009-08-08 08:19 . 2009-08-08 08:19 655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll- 2009-08-08 08:19 . 2009-08-08 08:19 348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll- 2009-08-08 08:18 . 2009-08-08 08:18 507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll+ 2009-10-17 08:13 . 2009-10-17 08:13 507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll- 2009-08-08 08:19 . 2009-08-08 08:19 261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll- 2009-08-08 08:19 . 2009-08-08 08:19 113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll- 2009-08-08 08:19 . 2009-08-08 08:19 258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll- 2009-08-08 08:19 . 2009-08-08 08:19 486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll+ 2009-10-16 11:10 . 2009-08-13 13:55 1748992              c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll- 2004-08-11 22:00 . 2009-07-03 17:09 1208832              c:\windows\system32\urlmon.dll+ 2004-08-11 22:00 . 2009-08-29 08:08 1208832              c:\windows\system32\urlmon.dll+ 2004-08-11 22:00 . 2009-07-17 16:22 1435648              c:\windows\system32\query.dll- 2004-08-11 22:00 . 2008-04-14 00:12 1435648              c:\windows\system32\query.dll+ 2004-08-11 22:00 . 2009-08-29 08:08 5940224              c:\windows\system32\mshtml.dll+ 2007-08-14 00:34 . 2009-08-29 08:08 1985536              c:\windows\system32\iertutil.dll- 2007-08-14 00:34 . 2009-07-03 17:09 1985536              c:\windows\system32\iertutil.dll- 2006-09-07 04:50 . 2009-07-03 17:09 1208832              c:\windows\system32\dllcache\urlmon.dll+ 2006-09-07 04:50 . 2009-08-29 08:08 1208832              c:\windows\system32\dllcache\urlmon.dll- 2004-08-11 22:00 . 2008-04-14 00:12 1435648              c:\windows\system32\dllcache\query.dll+ 2004-08-11 22:00 . 2009-07-17 16:22 1435648              c:\windows\system32\dllcache\query.dll+ 2008-10-16 00:42 . 2009-08-05 01:44 2189184              c:\windows\system32\dllcache
toskrnl.exe+ 2008-10-16 00:42 . 2009-08-04 14:20 2023936              c:\windows\system32\dllcache
tkrpamp.exe- 2008-10-16 00:42 . 2009-02-06 10:32 2023936              c:\windows\system32\dllcache
tkrpamp.exe- 2008-10-16 00:42 . 2009-02-08 00:02 2066048              c:\windows\system32\dllcache
tkrnlpa.exe+ 2008-10-16 00:42 . 2009-08-04 14:20 2066048              c:\windows\system32\dllcache
tkrnlpa.exe- 2008-10-16 00:42 . 2009-02-06 11:06 2145280              c:\windows\system32\dllcache
tkrnlmp.exe+ 2008-10-16 00:42 . 2009-08-04 15:13 2145280              c:\windows\system32\dllcache
tkrnlmp.exe+ 2006-05-19 13:08 . 2009-08-29 08:08 5940224              c:\windows\system32\dllcache\mshtml.dll+ 2007-11-28 14:59 . 2009-08-29 08:08 1985536              c:\windows\system32\dllcache\iertutil.dll- 2007-11-28 14:59 . 2009-07-03 17:09 1985536              c:\windows\system32\dllcache\iertutil.dll+ 2009-08-08 04:51 . 2009-08-08 04:51 5812560              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll- 2008-11-25 09:59 . 2008-11-25 09:59 4546560              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll+ 2009-08-08 04:51 . 2009-08-08 04:51 4546560              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll+ 2009-07-27 09:31 . 2009-07-27 09:31 3738624              c:\windows\Installer\62567a3.msp+ 2009-09-18 14:30 . 2009-09-18 14:30 5016576              c:\windows\Installer\625679a.msp- 2009-09-13 19:45 . 2009-09-14 08:02 1172240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe+ 2009-09-13 19:45 . 2009-10-17 08:05 1172240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe+ 2009-09-13 19:45 . 2009-10-17 08:05 1165584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe- 2009-09-13 19:45 . 2009-09-14 08:02 1165584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe+ 2009-10-17 08:09 . 2009-07-03 17:09 1208832              c:\windows\ie8updates\KB974455-IE8\urlmon.dll+ 2009-10-17 08:09 . 2009-07-19 13:18 5937152              c:\windows\ie8updates\KB974455-IE8\mshtml.dll+ 2009-10-17 08:09 . 2009-07-03 17:09 1985536              c:\windows\ie8updates\KB974455-IE8\iertutil.dll+ 2008-10-16 00:42 . 2009-08-05 01:44 2189184              c:\windows\Driver Cache\i386
toskrnl.exe+ 2008-10-16 00:42 . 2009-08-04 14:20 2023936              c:\windows\Driver Cache\i386
tkrpamp.exe- 2008-10-16 00:42 . 2009-02-06 10:32 2023936              c:\windows\Driver Cache\i386
tkrpamp.exe- 2008-10-16 00:42 . 2009-02-08 00:02 2066048              c:\windows\Driver Cache\i386
tkrnlpa.exe+ 2008-10-16 00:42 . 2009-08-04 14:20 2066048              c:\windows\Driver Cache\i386
tkrnlpa.exe- 2008-10-16 00:42 . 2009-02-06 11:06 2145280              c:\windows\Driver Cache\i386
tkrnlmp.exe+ 2008-10-16 00:42 . 2009-08-04 15:13 2145280              c:\windows\Driver Cache\i386
tkrnlmp.exe+ 2009-10-17 08:19 . 2009-10-17 08:19 3313664              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll+ 2009-10-17 08:22 . 2009-10-17 08:22 1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll+ 2009-10-17 08:19 . 2009-10-17 08:19 7868416              c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll+ 2009-10-17 08:22 . 2009-10-17 08:22 5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\70d0150facbf944e1d0ee79e5bb74e4e\System.WorkflowServices.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 1610240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\62c8a92725668cc4bceae8b2febdbd1d\System.Workflow.Runtime.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\82b56dd88e041072a3eee519ba01af86\System.Workflow.Activities.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 2403328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll+ 2009-10-17 08:21 . 2009-10-17 08:21 1917440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll+ 2009-10-17 08:23 . 2009-10-17 08:23 2338304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll+ 2009-10-17 08:21 . 2009-10-17 08:21 1035264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll+ 2009-10-17 08:23 . 2009-10-17 08:23 1056768              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll+ 2009-10-17 08:21 . 2009-10-17 08:21 1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll+ 2009-10-17 08:21 . 2009-10-17 08:21 6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll+ 2009-10-17 08:21 . 2009-10-17 08:21 2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll+ 2009-10-17 08:20 . 2009-10-17 08:20 2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll+ 2009-10-17 08:20 . 2009-10-17 08:20 2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll+ 2009-10-17 08:20 . 2009-10-17 08:20 1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll+ 2009-10-17 08:19 . 2009-10-17 08:19 1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll+ 2009-10-17 08:32 . 2009-10-17 08:32 2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll- 2009-08-08 08:19 . 2009-08-08 08:19 3149824              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 3149824              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll- 2009-08-08 08:19 . 2009-08-08 08:19 2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll- 2009-08-08 08:18 . 2009-08-08 08:19 5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll+ 2009-10-17 08:13 . 2009-10-17 08:14 5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll- 2009-08-08 08:19 . 2009-08-08 08:19 5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll+ 2009-10-17 08:13 . 2009-10-17 08:13 5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll- 2009-08-08 08:18 . 2009-08-08 08:18 5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll- 2009-08-08 08:19 . 2009-08-08 08:19 2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll+ 2009-10-17 08:14 . 2009-10-17 08:14 4546560              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll- 2009-08-08 08:19 . 2009-08-08 08:19 4546560              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll+ 2006-09-12 13:57 . 2009-10-02 18:01 25198016              c:\windows\system32\MRT.exe+ 2007-08-14 00:54 . 2009-08-29 08:08 11069440              c:\windows\system32\ieframe.dll+ 2007-11-28 14:59 . 2009-08-29 08:08 11069440              c:\windows\system32\dllcache\ieframe.dll+ 2009-08-15 01:32 . 2009-08-15 01:32 11110912              c:\windows\Installer\62567c1.msp+ 2009-10-17 08:09 . 2009-07-19 23:48 11067392              c:\windows\ie8updates\KB974455-IE8\ieframe.dll+ 2009-10-17 08:21 . 2009-10-17 08:21 12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll+ 2009-10-17 08:33 . 2009-10-17 08:33 11796992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll+ 2009-10-17 08:31 . 2009-10-17 08:31 17317888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll+ 2009-10-17 08:21 . 2009-10-17 08:21 10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll+ 2009-10-17 08:20 . 2009-10-17 08:20 14327808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll+ 2009-10-17 08:19 . 2009-10-17 08:19 12216320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll+ 2009-10-17 08:18 . 2009-10-17 08:18 11486720              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll.-- Snapshot reset to current date --.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]'{A3BC75A2-1F87-4686-AA43-5347D756017C}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]2009-09-02 16:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]'{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]'{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'swg'='c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe' [2007-06-15 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ScanSoft PDF Professional 4-reminder'='c:\program files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe' [2006-11-16 35368]'Symantec PIF AlertEng'='c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe' [2007-11-29 583048]'itype'='c:\program files\Microsoft IntelliType Pro\itype.exe' [2006-07-07 576320]'IntelliPoint'='c:\program files\Microsoft IntelliPoint\ipoint.exe' [2006-07-07 600896]'AVG8_TRAY'='c:\progra~1\AVG\AVG8\avgtray.exe' [2009-09-29 2023704]'EPSON PictureMate'='c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE' [2003-09-19 99840]'DWQueuedReporting'='c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe' [2006-10-27 434528] c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2009-8-22 884838] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\avgrsstarter]2009-07-29 13:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnkbackup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkbackup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Moak Petrolium^Start Menu^Programs^Startup^AOL Desktop.lnk]path=c:\documents and settings\Moak Petrolium\Start Menu\Programs\Startup\AOL Desktop.lnkbackup=c:\windows\pss\AOL Desktop.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Moak Petrolium^Start Menu^Programs^Startup^Event Reminder.lnk]path=c:\documents and settings\Moak Petrolium\Start Menu\Programs\Startup\Event Reminder.lnkbackup=c:\windows\pss\Event Reminder.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]'WMPNetworkSvc'=3 (0x3)'WDefend'=2 (0x2)'RoxLiveShare9'=2 (0x2)'QuickBooksDB17'=2 (0x2)'QuickBooksDB'=2 (0x2)'QBFCService'=3 (0x3)'QBCFMonitorService'=2 (0x2)'ose'=3 (0x3)'odserv'=3 (0x3)'Microsoft Office Groove Audit Service'=3 (0x3)'MDM'=2 (0x2)'LiveUpdate Notice Service'=2 (0x2)'LiveUpdate Notice Ex'=2 (0x2)'KodakCCS'=3 (0x3)'JavaQuickStarterService'=2 (0x2)'idsvc'=3 (0x3)'IDriverT'=3 (0x3)'Iap'=2 (0x2)'hpdj'=2 (0x2)'gusvc'=3 (0x3)'GoogleDesktopManager'=3 (0x3)'CLTNetCnService'=2 (0x2)'AOL ACS'=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]'DisableMonitoring'=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]'%windir%\system32\sessmgr.exe'='c:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe'='c:\Program Files\Common Files\AOL\Loader\aolload.exe'='c:\Program Files\Common Files\AOL\ACS\AOLDial.exe'='c:\Program Files\Common Files\AOL\ACS\AOLacsd.exe'='c:\Program Files\Common Files\AOL\System Information\sinf.exe'='c:\Program Files\Intuit\QuickBooks 2006\QBW32PremierGeneric.exe'='c:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe'='c:\Program Files\Outlook Express\msimn.exe'='c:\Program Files\Common Files\AOL\1159364574\EE\aolsoftware.exe'='%windir%\Network Diagnostic\xpnetdiag.exe'='c:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe'='c:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe'='c:\Program Files\Common Files\AOL\1159364574\EE\AOLDesktop.exe'='c:\Program Files\AVG\AVG8\avgam.exe'='c:\Program Files\AVG\AVG8\avgupd.exe'='c:\Program Files\AVG\AVG8\avgnsx.exe'='c:\Program Files\Java\jre6\bin\java.exe'='c:\WINDOWS\system32\dpnsvr.exe'='c:\WINDOWS\system32\dxdiag.exe'='c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE'='c:\Program Files\Microsoft Office\Office12\GROOVE.EXE'='c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE'='c:\WINDOWS\system32\usmt\migwiz.exe'='c:\WINDOWS\system32\mmc.exe'= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]'443:TCP'= 443:TCP:HTTPS'21:TCP'= 21:TCP:FTP R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/13/2009 1:26 PM 12552]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/13/2009 1:26 PM 335240]R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/13/2009 1:26 PM 108552]R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/13/2009 1:26 PM 297752]S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/22/2009 8:05 PM 17149]S4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]'c:\windows\system32undll32.exe' 'c:\windows\system32\iedkcs32.dll',BrandIEActiveSetup SIGNUP.Contents of the 'Scheduled Tasks' folder 2009-10-19 c:\windows\Tasks\User_Feed_Synchronization-{038D821F-E787-43D8-99C0-7FD89C3500CC}.job- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]..------- Supplementary Scan -------.uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page = hxxp://aol.com/uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Open with ScanSoft PDF Converter 4.1 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100Trusted Zone: aol.comTrusted Zone: pogo.com\wwwDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabDPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-10-19 15:33Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ...  scanning hidden autostart entries ... scanning hidden files ...  **************************************************************************.--------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-255879815-3811564576-2564377081-1005\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).--------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3836)c:\windows\system32\WININET.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2009-10-19 15:37ComboFix-quarantined-files.txt  2009-10-19 20:35ComboFix2.txt  2009-10-17 06:02ComboFix3.txt  2009-10-17 01:03ComboFix4.txt  2009-10-16 03:32 Pre-Run: 52,779,577,344 bytes freePost-Run: 52,767,178,752 bytes free 550 --- E O F --- 2009-10-19 08:01 Thank you, Sherri

bamajim · Answer

sheripatn

It normally is better to work one on one. While others help, and or try to help, it just makes it more difficult to resolve. Some of these infections must be removed in a certain order to be effective. And additional steps recommended may change the outcome.

How's your PC running now?

Let's do one more thing to make sure we didn't miss anything

Please perform a BitDefender Online Virus and Malware Scan here:
* Click Start Scanner.
* Click I Agree… and Start Here.
* An ActiveX warning box will appear; click Install.
* Options displayed are Folders to Scan and Cleaning Options; click Folders to Scan.
* Select folders to be scanned by clicking check boxes; click OK.
* Click Start Scan.
* After the scan has completed, click Click here to export the scan report.
* Save the report to your Desktop.
* In your next reply, please include the BitDefender log.

sheripatn · Answer

For the past two days I have been trying to get BitDefender to run but with no luck. First I clicked on the link in your reply and when I got to the part to click on the ActiveX box it would hang up. I opened task manager and it showed it was not responding. I tried that twice. Then I signed on in safemode with networking and it got to about 40% updating and a box popped up and said could not finish updating. So I tried again and both bars went to 100% but just sat there. So I cancelled it and tried again and the same thing happened. I let it sit there over night thinking it might just take awhile to start the scan but it was at the same point this morning. I had to go to task manager to end it. When I clicked on task manager to end the application it showed it was running. And when I clicked end application a box popped up stating it was waiting for a response from me. But there was nothing to respond to. So this afternoon I tried again in regular mode and it still gets to the 100% and just hangs. I went under troubleshooting in BitDefender and they said I could go into inernet options under privacy tab and add three different links to allow so I did that, but it still won't go past that point. The computer has been running much better until a couple days ago and I started having problems accessing some of my favorite links. They would not open up unless I right clicked on them to open. Also tonight when I clicked on new tab and it shows the last few tabs I have opened and I clicked on BitDefender it would state that internet connection lost and show a diagnose connection problem box which I clicked on and it would send me through all these steps and was stating could not find internet connection. Yet my home page tab was still open and I could go to other websites just not BitDefender. Help.  This is the last scan I did with Combofix yesterday. I didn't know if you would need it or not. Thank you. ComboFix 09-10-15.04 - Moak Petrolium 10/20/2009 22:08.6.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.586 [GMT -5:00]Running from: c:\documents and settings\Moak Petrolium\Desktop\ComboFix.exeAV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}. (((((((((((((((((((((((((   Files Created from 2009-09-21 to 2009-10-21  ))))))))))))))))))))))))))))))). 2009-10-17 08:29 . 2009-10-17 08:29 -------- d-----w- c:\documents and settings\Moak Petrolium\Local Settings\Application Data\PCHealth2009-10-17 08:03 . 2009-10-17 08:03 -------- d-sh--w- c:\documents and settings\Default User\IETldCache2009-10-12 23:47 . 2009-10-12 23:47 590532 ----a-w- C:\Autoruns.zip2009-10-12 21:54 . 2009-10-13 00:00 -------- d-----w- C:\AVGTemp2009-10-12 02:07 . 2009-10-12 02:07 -------- d-----w- c:\program files\Trend Micro2009-10-11 21:02 . 2009-10-11 21:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe2009-10-11 20:54 . 2009-10-14 10:58 664 ----a-w- c:\windows\system32\d3d9caps.dat2009-10-10 03:13 . 2009-10-10 03:13 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE2009-10-10 03:13 . 2009-10-10 03:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2009-10-07 23:46 . 2009-10-07 23:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2009-10-07 03:30 . 2009-10-07 03:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2009-10-07 02:48 . 2009-10-07 02:48 -------- d-sh--w- c:\documents and settings\Moak Petrolium\IECompatCache2009-10-07 02:43 . 2009-10-07 02:43 -------- d-sh--w- c:\documents and settings\Moak Petrolium\PrivacIE2009-10-07 02:42 . 2009-10-07 02:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2009-10-07 02:42 . 2009-10-07 02:42 -------- d-sh--w- c:\documents and settings\Moak Petrolium\IETldCache2009-10-07 02:39 . 2009-10-17 08:09 -------- d-----w- c:\windows\ie8updates2009-10-07 02:38 . 2009-10-07 02:38 -------- dc-h--w- c:\windows\ie82009-10-07 02:36 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll2009-10-07 02:36 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll2009-10-07 02:36 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-10-17 08:05 . 2009-09-13 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2009-10-17 00:46 . 2008-12-12 20:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2009-10-14 04:17 . 2009-01-13 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg82009-10-11 20:14 . 2009-06-12 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar2009-10-09 02:47 . 2006-09-12 14:58 82160 -c--a-w- c:\documents and settings\Moak Petrolium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-09-17 02:01 . 2009-09-07 19:21 -------- d-----w- c:\program files\Spybot - Search & Destroy2009-09-17 01:57 . 2009-09-07 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2009-09-16 04:08 . 2006-09-07 04:49 -------- d-----w- c:\program files\Java2009-09-13 19:48 . 2009-09-13 19:38 -------- d-----w- c:\program files\Microsoft Visual Studio 82009-09-13 19:43 . 2009-09-13 19:43 -------- d-----w- c:\program files\Microsoft Works2009-09-13 19:43 . 2009-08-08 08:11 -------- d-----w- c:\program files\MSBuild2009-09-13 19:41 . 2009-09-13 19:41 -------- d-----w- c:\program files\Microsoft.NET2009-09-11 14:18 . 2008-09-10 13:07 136192 ----a-w- c:\windows\system32\msv1_0.dll2009-09-09 08:14 . 2009-08-04 23:12 -------- d-----w- c:\program files\Microsoft Silverlight2009-09-05 14:38 . 2009-09-05 14:38 -------- d-----w- c:\documents and settings\Moak Petrolium\Application Data\Oberonv10012009-09-05 14:37 . 2009-06-13 14:33 -------- d-----w- c:\program files\Oberon Media2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll2009-08-29 08:08 . 2004-08-11 22:00 916480 ------w- c:\windows\system32\wininet.dll2009-08-26 08:00 . 2004-08-11 22:00 247326 ----a-w- c:\windows\system32\strmdll.dll2009-08-23 01:05 . 2009-08-23 01:05 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys2009-08-23 01:05 . 2009-08-23 01:03 -------- d-----w- c:\program files\NETGEAR2009-08-23 01:05 . 2007-01-20 21:09 -------- d--h--w- c:\program files\InstallShield Installation Information2009-08-23 01:04 . 2008-09-17 15:36 -------- d-----w- c:\documents and settings\Moak Petrolium\Application Data\InstallShield2009-08-05 09:01 . 2004-08-11 22:00 204800 -c--a-w- c:\windows\system32\mswebdvd.dll2009-08-04 15:13 . 2008-09-10 13:07 2145280 ------w- c:\windows\system32
toskrnl.exe2009-08-04 14:20 . 2008-09-10 13:07 2023936 ------w- c:\windows\system32
tkrnlpa.exe2009-07-29 13:46 . 2009-01-13 18:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll2009-07-29 13:46 . 2009-01-13 18:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys2009-07-29 13:46 . 2009-01-13 18:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2009-07-25 10:23 . 2009-01-08 19:27 411368 ----a-w- c:\windows\system32\deploytk.dll. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]'{A3BC75A2-1F87-4686-AA43-5347D756017C}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]2009-09-02 16:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]'{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]'{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'= 'c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll' [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'swg'='c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe' [2007-06-15 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ScanSoft PDF Professional 4-reminder'='c:\program files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe' [2006-11-16 35368]'Symantec PIF AlertEng'='c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe' [2007-11-29 583048]'itype'='c:\program files\Microsoft IntelliType Pro\itype.exe' [2006-07-07 576320]'IntelliPoint'='c:\program files\Microsoft IntelliPoint\ipoint.exe' [2006-07-07 600896]'AVG8_TRAY'='c:\progra~1\AVG\AVG8\avgtray.exe' [2009-09-29 2023704]'EPSON PictureMate'='c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE' [2003-09-19 99840] c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2009-8-22 884838] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\avgrsstarter]2009-07-29 13:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnkbackup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkbackup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Moak Petrolium^Start Menu^Programs^Startup^AOL Desktop.lnk]path=c:\documents and settings\Moak Petrolium\Start Menu\Programs\Startup\AOL Desktop.lnkbackup=c:\windows\pss\AOL Desktop.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Moak Petrolium^Start Menu^Programs^Startup^Event Reminder.lnk]path=c:\documents and settings\Moak Petrolium\Start Menu\Programs\Startup\Event Reminder.lnkbackup=c:\windows\pss\Event Reminder.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]'WMPNetworkSvc'=3 (0x3)'WDefend'=2 (0x2)'RoxLiveShare9'=2 (0x2)'QuickBooksDB17'=2 (0x2)'QuickBooksDB'=2 (0x2)'QBFCService'=3 (0x3)'QBCFMonitorService'=2 (0x2)'ose'=3 (0x3)'odserv'=3 (0x3)'Microsoft Office Groove Audit Service'=3 (0x3)'MDM'=2 (0x2)'LiveUpdate Notice Service'=2 (0x2)'LiveUpdate Notice Ex'=2 (0x2)'KodakCCS'=3 (0x3)'JavaQuickStarterService'=2 (0x2)'idsvc'=3 (0x3)'IDriverT'=3 (0x3)'Iap'=2 (0x2)'hpdj'=2 (0x2)'gusvc'=3 (0x3)'GoogleDesktopManager'=3 (0x3)'CLTNetCnService'=2 (0x2)'AOL ACS'=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]'DisableMonitoring'=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]'%windir%\system32\sessmgr.exe'='c:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe'='c:\Program Files\Common Files\AOL\Loader\aolload.exe'='c:\Program Files\Common Files\AOL\ACS\AOLDial.exe'='c:\Program Files\Common Files\AOL\ACS\AOLacsd.exe'='c:\Program Files\Common Files\AOL\System Information\sinf.exe'='c:\Program Files\Intuit\QuickBooks 2006\QBW32PremierGeneric.exe'='c:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe'='c:\Program Files\Outlook Express\msimn.exe'='c:\Program Files\Common Files\AOL\1159364574\EE\aolsoftware.exe'='%windir%\Network Diagnostic\xpnetdiag.exe'='c:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe'='c:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe'='c:\Program Files\Common Files\AOL\1159364574\EE\AOLDesktop.exe'='c:\Program Files\AVG\AVG8\avgam.exe'='c:\Program Files\AVG\AVG8\avgupd.exe'='c:\Program Files\AVG\AVG8\avgnsx.exe'='c:\Program Files\Java\jre6\bin\java.exe'='c:\WINDOWS\system32\dpnsvr.exe'='c:\WINDOWS\system32\dxdiag.exe'='c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE'='c:\Program Files\Microsoft Office\Office12\GROOVE.EXE'='c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE'='c:\WINDOWS\system32\usmt\migwiz.exe'='c:\WINDOWS\system32\mmc.exe'= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]'443:TCP'= 443:TCP:HTTPS'21:TCP'= 21:TCP:FTP R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/13/2009 1:26 PM 12552]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/13/2009 1:26 PM 335240]R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/13/2009 1:26 PM 108552]R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/13/2009 1:26 PM 297752]S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/22/2009 8:05 PM 17149]S4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]'c:\windows\system32undll32.exe' 'c:\windows\system32\iedkcs32.dll',BrandIEActiveSetup SIGNUP.Contents of the 'Scheduled Tasks' folder 2009-10-20 c:\windows\Tasks\User_Feed_Synchronization-{038D821F-E787-43D8-99C0-7FD89C3500CC}.job- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]..------- Supplementary Scan -------.uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page = hxxp://aol.com/uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Open with ScanSoft PDF Converter 4.1 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100Trusted Zone: aol.comTrusted Zone: pogo.com\wwwDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabDPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-10-20 22:14Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ...  scanning hidden autostart entries ... scanning hidden files ...  **************************************************************************.--------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-255879815-3811564576-2564377081-1005\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).--------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3408)c:\windows\system32\WININET.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2009-10-21 22:18ComboFix-quarantined-files.txt  2009-10-21 03:16ComboFix2.txt  2009-10-19 20:37ComboFix3.txt  2009-10-17 06:02ComboFix4.txt  2009-10-17 01:03ComboFix5.txt  2009-10-21 03:07 Pre-Run: 52,745,056,256 bytes freePost-Run: 52,714,418,176 bytes free 218 --- E O F --- 2009-10-20 08:01  Thank you, Sherri

Virus & Spyware

Windows Police Pro

Was this post helpful?