Jump to content

Myfreezetoolbar./brower Redirected


smilingtraci
 Share

Recommended Posts

Hi

I have a friends computer. that keeps getting their brower redirected. And had lost all progams. I did a restore and get the progams back.

I ran ad-ware,and spybot. and malwarbytes. They found and removed a few things and some they could not remove.

 

trojan fake alert file

registry value

registry data

 

I also keep getting a Error message.

Installer:wrapper.Creat file with error 5: access is denied.

 

It also keeps opening internet explorer.

Thank youi for any help.

 

here is the DDS and hjt list.

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by SnowMau at 17:19:22 on 2011-08-03

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.494 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\msiexec.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL

BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\SnowMau\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{6EF0A38B-5DD4-45AA-8877-4A6D07393AFC} : DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{6EF0A38B-5DD4-45AA-8877-4A6D07393AFC}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 192.168.0.1

TCP: Interfaces\{6EF0A38B-5DD4-45AA-8877-4A6D07393AFC}\7456E6965737D275D2055726C69636 : DhcpNameServer = 192.168.10.19 192.168.10.20

TCP: Interfaces\{6EF0A38B-5DD4-45AA-8877-4A6D07393AFC}\B6279647A7562713 : DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{6EF0A38B-5DD4-45AA-8877-4A6D07393AFC}\C696E6B6379737 : DhcpNameServer = 192.168.1.1

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: NetAssistantBHO Class: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

BHO-X64: NetAssistantBHO - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

TB-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1106000.020\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1106000.020\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1106000.020\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1106000.020\SYMEFA64.SYS [?]

R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1106000.020\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1106000.020\ccHPx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSviA64.sys [2010-4-5 466992]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1106000.020\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1106000.020\SYMTDIV.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx64.sys [2010-3-24 678960]

S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1106000.020\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1106000.020\Ironx64.SYS [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2011-08-04 00:17:52 388096 ----a-r- C:\Users\SnowMau\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-04 00:15:54 -------- d-----w- C:\HJT

2011-08-04 00:04:01 -------- d-----w- C:\Windows\System32\SPReview

2011-08-04 00:03:06 -------- d-----w- C:\Windows\System32\EventProviders

2011-08-02 01:25:05 -------- d-----w- C:\Users\SnowMau\AppData\Roaming\Malwarebytes

2011-08-02 01:24:57 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-02 01:24:56 -------- d-----w- C:\ProgramData\Malwarebytes

2011-08-02 01:24:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-02 00:37:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-08-02 00:37:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-08-02 00:34:51 15880 ----a-w- C:\Windows\System32\lsdelete.exe

2011-08-02 00:16:43 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys

2011-08-02 00:16:39 95024 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2011-08-02 00:07:43 -------- dc-h--w- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2011-08-02 00:07:21 -------- d-----w- C:\Program Files (x86)\Lavasoft

2011-08-01 23:13:18 -------- d-----w- C:\Users\SnowMau\AppData\Local\Threat Expert

2011-08-01 23:01:09 -------- d-----w- C:\Program Files (x86)\PC Tools Security

2011-08-01 23:01:09 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2011-08-01 22:58:57 -------- d-----w- C:\ProgramData\PC Tools

2011-08-01 22:42:44 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7034B15-900D-4FBA-8CA8-D063B99A9E9D}\gapaengine.dll

2011-08-01 22:42:29 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CCEED03-D6FA-43CD-B6DD-0AB0C3D4A0DA}\mpengine.dll

2011-08-01 22:33:08 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2011-08-01 22:24:38 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D3D05DF-137B-4AF3-838F-6B6B5BC631CB}\mpengine.dll

2011-07-27 23:38:35 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-07-27 23:38:00 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-07-13 17:58:56 3134464 ----a-w- C:\Windows\System32\win32k.sys

.

==================== Find3M ====================

.

2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-02 03:50:59 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

.

============= FINISH: 17:33:17.99 ===============

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:51:50 PM, on 8/3/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16800)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\HJT\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL

O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll

O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 12821 bytes

Link to comment
Share on other sites

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)

Hello there, smilingtraci

 

:wp:

 

I'm Conspire, I'll be glad to help you with your computer problems.

 

Please observe these rules while we work:

  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

 

---------------------------------------------------------------------------------------------------

 

1. All tools MUST be run from the executable. (.exe)

With Admin Rights (Right click, choose "Run as Administrator")

 

Download aswMBR.exe ( 511KB ) to your desktop.

 

Double click the aswMBR.exe to run it

 

Click the "Scan" button to start scan

Posted Image

 

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

 

---------------------------------------------------------------------------------------------------

Link to comment
Share on other sites

Hi, Thank for your help. Here is the log you asked for.

 

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software

Run date: 2011-08-06 07:23:25

-----------------------------

07:23:25.222 OS Version: Windows x64 6.1.7600

07:23:25.222 Number of processors: 1 586 0x170A

07:23:25.222 ComputerName: SNOWMAU-PC UserName: SnowMau

07:23:32.554 Initialize success

07:23:51.255 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

07:23:51.255 Disk 0 Vendor: ST9250410AS 0006HPM1 Size: 238475MB BusType: 11

07:23:53.423 Disk 0 MBR read successfully

07:23:53.423 Disk 0 MBR scan

07:23:53.423 Disk 0 TDL4@MBR code has been found

07:23:53.423 Disk 0 MBR hidden

07:23:53.439 Disk 0 MBR [TDL4] **ROOTKIT**

07:23:53.439 Disk 0 trace - called modules:

07:23:53.470 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8002768254]<<

07:23:53.470 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800274b060]

07:23:53.486 3 CLASSPNP.SYS[fffff8800111043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002293060]

07:23:53.486 \Driver\atapi[0xfffffa80021d4e70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8002768254

07:23:53.486 Scan finished successfully

07:24:26.464 Disk 0 MBR has been saved successfully to "C:\Users\SnowMau\Desktop\MBR.dat"

07:24:26.667 The log file has been saved successfully to "C:\Users\SnowMau\Desktop\aswMBR1.txt"

 

 

Thank You again for your time and knowlege.

Traci

Link to comment
Share on other sites

Hi,

 

The aswMBR log shows that your friends MBR code is indeed infected. You said that you did a system restore, was it from HP recovery system? - We do have the capacity to fix this but there is one thing to note before continuing on is that, aswMBR will replace the standard MBR code which means that your friend will no longer be able to access the hidden partition if he/she wants to restore to the original factory state. Because OEM computers such as HP will have its own custom MBR for their customers to access the hidden partition for recovery purpose. Once it is replaced with a standard MBR code, you will still be able to use the computer normally.

Link to comment
Share on other sites

Thank you

 

FIX

 

Re-Run aswMBR

 

Click Scan

 

On completion of the scan

 

Click the Fix for TDL4

Posted Image

 

 

Save the log as before and post in your next reply

 

===================================================

 

Please read through these instructions to familarize yourself with what to expect when this tool runs

 

Refer to the ComboFix User's Guide

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

 

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

     

    **********************************************

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

Posted Image

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

Notes:

 

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

===================================================

 

On your next reply please post :

aswMBR log

Combofix log

 

Let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

Hi

Ok I think I got it done correctly. here are the lists

 

Thank You Again for your help.

 

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software

Run date: 2011-08-09 21:38:50

-----------------------------

21:38:50.609 OS Version: Windows x64 6.1.7600

21:38:50.609 Number of processors: 1 586 0x170A

21:38:50.655 ComputerName: SNOWMAU-PC UserName: SnowMau

21:38:56.568 Initialize success

21:39:18.665 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

21:39:18.665 Disk 0 Vendor: ST9250410AS 0006HPM1 Size: 238475MB BusType: 11

21:39:20.725 Disk 0 MBR read successfully

21:39:20.725 Disk 0 MBR scan

21:39:20.725 Disk 0 TDL4@MBR code has been found

21:39:20.725 Disk 0 MBR hidden

21:39:20.740 Disk 0 MBR [TDL4] **ROOTKIT**

21:39:20.740 Disk 0 trace - called modules:

21:39:20.756 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800276b254]<<

21:39:20.756 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800274b060]

21:39:20.756 3 CLASSPNP.SYS[fffff8800109d43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002236680]

21:39:20.756 \Driver\atapi[0xfffffa80021bb650] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800276b254

21:39:20.771 Scan finished successfully

21:41:43.542 Disk 0 MBR read successfully

21:41:44.088 Disk 0 TDL4@MBR code has been found

21:41:44.088 Disk 0 fixing MBR ...

21:41:54.306 Disk 0 MBR restored successfully

21:41:54.556 Verifying disinfection

21:42:06.739 Infection fixed successfully - please reboot ASAP

21:42:36.988 Disk 0 MBR has been saved successfully to "C:\Users\SnowMau\Desktop\MBR.dat"

21:42:37.003 The log file has been saved successfully to "C:\Users\SnowMau\Desktop\aswMBR2.txt"

 

 

 

 

 

ComboFix 11-08-09.03 - SnowMau 08/09/2011 21:58:08.1.1 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.869 [GMT -7:00]

Running from: c:\users\SnowMau\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Images

c:\images\DirCfg.ini

C:\Install.exe

c:\users\SnowMau\googleupdatesetup.exe

c:\users\SnowMau\HRBlock_DeluxeSE_2010_Update_D.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-07-10 to 2011-08-10 )))))))))))))))))))))))))))))))

.

.

2011-08-10 05:12 . 2011-08-10 05:12 -------- d-----w- c:\users\Jesse\AppData\Local\temp

2011-08-10 05:12 . 2011-08-10 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-10 05:12 . 2011-08-10 05:12 -------- d-----w- c:\users\Vikki\AppData\Local\temp

2011-08-10 05:12 . 2011-08-10 05:12 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-08-09 02:27 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-09 02:27 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F133C206-B892-44C9-A254-D2094783E6CC}\mpengine.dll

2011-08-04 00:17 . 2011-08-04 00:17 388096 ----a-r- c:\users\SnowMau\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-04 00:15 . 2011-08-04 00:17 -------- d-----w- C:\HJT

2011-08-04 00:04 . 2011-08-04 00:04 -------- d-----w- c:\windows\system32\SPReview

2011-08-04 00:03 . 2011-08-04 00:03 -------- d-----w- c:\windows\system32\EventProviders

2011-08-02 01:25 . 2011-08-02 01:25 -------- d-----w- c:\users\SnowMau\AppData\Roaming\Malwarebytes

2011-08-02 01:24 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-02 01:24 . 2011-08-02 01:24 -------- d-----w- c:\programdata\Malwarebytes

2011-08-02 01:24 . 2011-08-02 01:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-02 00:37 . 2011-08-02 01:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-08-02 00:37 . 2011-08-02 00:37 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-08-02 00:34 . 2011-08-02 00:16 15880 ----a-w- c:\windows\system32\lsdelete.exe

2011-08-02 00:16 . 2011-08-02 00:15 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-08-02 00:16 . 2011-08-02 00:16 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-08-02 00:07 . 2011-08-02 00:07 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2011-08-02 00:07 . 2011-08-02 00:16 -------- d-----w- c:\programdata\Lavasoft

2011-08-02 00:07 . 2011-08-02 00:07 -------- d-----w- c:\program files (x86)\Lavasoft

2011-08-01 23:13 . 2011-08-01 23:13 -------- d-----w- c:\users\SnowMau\AppData\Local\Threat Expert

2011-08-01 23:01 . 2011-08-01 23:39 -------- d-----w- c:\program files (x86)\PC Tools Security

2011-08-01 23:01 . 2011-08-01 23:39 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2011-08-01 22:58 . 2011-08-01 23:33 -------- d-----w- c:\programdata\PC Tools

2011-08-01 22:42 . 2011-08-01 22:42 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7034B15-900D-4FBA-8CA8-D063B99A9E9D}\gapaengine.dll

2011-08-01 22:33 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2011-08-01 22:24 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D3D05DF-137B-4AF3-838F-6B6B5BC631CB}\mpengine.dll

2011-07-27 23:38 . 2011-07-27 23:38 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-07-27 23:38 . 2011-08-01 22:33 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-27 22:51 . 2011-07-27 22:51 -------- d-----w- c:\users\Jesse\AppData\Local\Apps

2011-07-27 22:51 . 2011-07-27 22:52 -------- d-----w- c:\users\Jesse\AppData\Local\Deployment

2011-07-13 17:58 . 2011-06-11 02:56 3134464 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-02 05:56 . 2011-08-01 22:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-28 03:25 . 2011-06-16 05:09 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-28 03:00 . 2011-06-16 05:09 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-05-24 11:21 . 2011-06-29 00:13 404992 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 10:34 . 2011-06-29 00:12 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:34 . 2011-06-29 00:12 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:34 . 2011-06-29 00:12 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:32 . 2011-06-29 00:12 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll" [2010-01-19 361592]

.

[HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]

[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]

[HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]

[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

2010-02-22 19:05 2353176 ----a-w- c:\program files (x86)\Zynga\tbZyng.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]

2010-01-19 22:08 361592 ----a-w- c:\program files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\tbZyng.dll" [2010-02-22 2353176]

.

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2010-06-26 167936]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

.

c:\users\SnowMau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx64.sys [2010-03-24 678960]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1106000.020\Ironx64.SYS [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-23 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-23 136176]

R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-08-02 1355968]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1106000.020\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1106000.020\SYMEFA64.SYS [x]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1106000.020\ccHPx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSvia64.sys [2009-10-28 466992]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1106000.020\SYMTDIV.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe [2010-02-25 126392]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-10 c:\windows\Tasks\Free File Viewer Update Checker.job

- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2010-08-12 05:44]

.

2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-23 04:48]

.

2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-23 04:48]

.

2011-08-03 c:\windows\Tasks\HPCeeScheduleForJesse.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]

.

2011-07-10 c:\windows\Tasks\HPCeeScheduleForSnowMau.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-01 171520]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

.

**************************************************************************

.

Completion time: 2011-08-09 22:40:05 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-10 05:39

.

Pre-Run: 55,557,824,512 bytes free

Post-Run: 65,707,995,136 bytes free

.

- - End Of File - - 9D64ADA97C74A11D66632BE3F6A3E151

Link to comment
Share on other sites

Hi,

 

Yup, you got it right :mrgreen:

 

Multiple AntiVirus Running

 

I see you have more than one Anti-Virus program installed, ( Microsoft Security Essentials ) and ( Norton Internet Security ).

 

While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

 

Any antivirus program must be removed via add/remove program.

For any program that doesn't have an add/remove entry, you will have to do this:

 

Re-install the program -> Reboot -> Uninstall

 

I would suggest you to uninstall MSE if NIS is not expired yet. I also see PC Tools there. Are you using it if I may ask?

 

===================================================

 

Please follow all previous instructions regarding security programs.

 

Open a new Notepad session

  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.

  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Folder::
c:\program files (x86)\Freeze.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"=-

[-HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]

[-HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]

[-HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]

[-HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]

 

In the notepad

  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

 

This will start ComboFix again.Close all browser/windows first.

 

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

 

Posted Image

 

===================================================

 

On your next reply please post :

Report on system behavior

Combofix log

 

Let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

Hi

 

The computer seems to running alot better. I haven't been redirected,while doing shearches. and I have not got any more ads popping up. and no random web pages opening.

 

I had downloaded some of the programs the was suggested at the top of the forums. I have deleted them already. They were not using norton. I could not get it to uninstall or to reload or update. it will not open.

 

Here is the log you requsted

 

Thank You again for your time and help.

Traci

 

ComboFix 11-08-09.03 - SnowMau 08/10/2011 13:53:37.2.1 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.908 [GMT -7:00]

Running from: c:\users\SnowMau\Desktop\ComboFix.exe

Command switches used :: c:\users\SnowMau\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Freeze.com

c:\program files (x86)\Freeze.com\My.Freeze.com NetAssistant\freeze.ico

c:\program files (x86)\Freeze.com\My.Freeze.com NetAssistant\netassist_version.txt

c:\program files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

c:\program files (x86)\Freeze.com\My.Freeze.com NetAssistant\update.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-07-10 to 2011-08-10 )))))))))))))))))))))))))))))))

.

.

2011-08-10 21:07 . 2011-08-10 21:07 -------- d-----w- c:\users\Vikki\AppData\Local\temp

2011-08-10 21:07 . 2011-08-10 21:07 -------- d-----w- c:\users\Jesse\AppData\Local\temp

2011-08-10 21:07 . 2011-08-10 21:07 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-08-10 21:07 . 2011-08-10 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-10 05:41 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2CD0AACB-2E7E-4160-9365-602BE5F2AAD4}\mpengine.dll

2011-08-09 02:27 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-04 00:17 . 2011-08-04 00:17 388096 ----a-r- c:\users\SnowMau\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-04 00:15 . 2011-08-04 00:17 -------- d-----w- C:\HJT

2011-08-04 00:04 . 2011-08-04 00:04 -------- d-----w- c:\windows\system32\SPReview

2011-08-04 00:03 . 2011-08-04 00:03 -------- d-----w- c:\windows\system32\EventProviders

2011-08-02 01:25 . 2011-08-02 01:25 -------- d-----w- c:\users\SnowMau\AppData\Roaming\Malwarebytes

2011-08-02 01:24 . 2011-08-02 01:24 -------- d-----w- c:\programdata\Malwarebytes

2011-08-02 00:37 . 2011-08-02 01:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-08-02 00:37 . 2011-08-02 00:37 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-08-02 00:16 . 2011-08-02 00:16 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-08-02 00:07 . 2011-08-10 20:38 -------- d-----w- c:\programdata\Lavasoft

2011-08-01 23:13 . 2011-08-01 23:13 -------- d-----w- c:\users\SnowMau\AppData\Local\Threat Expert

2011-08-01 23:01 . 2011-08-01 23:39 -------- d-----w- c:\program files (x86)\PC Tools Security

2011-08-01 23:01 . 2011-08-01 23:39 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2011-08-01 22:58 . 2011-08-01 23:33 -------- d-----w- c:\programdata\PC Tools

2011-08-01 22:42 . 2011-08-01 22:42 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7034B15-900D-4FBA-8CA8-D063B99A9E9D}\gapaengine.dll

2011-08-01 22:33 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2011-08-01 22:24 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D3D05DF-137B-4AF3-838F-6B6B5BC631CB}\mpengine.dll

2011-07-27 23:38 . 2011-07-27 23:38 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-07-27 23:38 . 2011-08-01 22:33 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-27 22:51 . 2011-07-27 22:51 -------- d-----w- c:\users\Jesse\AppData\Local\Apps

2011-07-27 22:51 . 2011-07-27 22:52 -------- d-----w- c:\users\Jesse\AppData\Local\Deployment

2011-07-13 17:58 . 2011-06-11 02:56 3134464 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-16 04:32 . 2011-08-10 04:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-24 11:21 . 2011-06-29 00:13 404992 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 10:34 . 2011-06-29 00:12 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:34 . 2011-06-29 00:12 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:34 . 2011-06-29 00:12 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:32 . 2011-06-29 00:12 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-10_05.18.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-08-10 04:54 . 2011-07-16 04:31 25600 c:\windows\SysWOW64\setup16.exe

- 2011-08-01 22:46 . 2011-06-02 05:56 25600 c:\windows\SysWOW64\setup16.exe

+ 2011-08-10 04:54 . 2011-07-16 04:36 14336 c:\windows\SysWOW64\ntvdm64.dll

- 2011-08-01 22:46 . 2011-06-02 05:59 14336 c:\windows\SysWOW64\ntvdm64.dll

+ 2011-08-10 04:50 . 2011-06-21 05:35 67072 c:\windows\SysWOW64\mshtmled.dll

- 2011-06-16 05:09 . 2011-04-22 19:31 67072 c:\windows\SysWOW64\mshtmled.dll

- 2011-06-16 05:09 . 2011-04-22 19:30 12800 c:\windows\SysWOW64\msfeedssync.exe

+ 2011-08-10 04:50 . 2011-06-21 05:32 12800 c:\windows\SysWOW64\msfeedssync.exe

- 2011-06-16 05:09 . 2011-04-22 19:31 64512 c:\windows\SysWOW64\msfeedsbs.dll

+ 2011-08-10 04:50 . 2011-06-21 05:35 64512 c:\windows\SysWOW64\msfeedsbs.dll

+ 2011-08-10 04:50 . 2011-06-21 05:36 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll

- 2011-06-16 05:09 . 2011-04-22 19:31 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll

- 2011-06-16 05:09 . 2011-04-22 19:31 44544 c:\windows\SysWOW64\licmgr10.dll

+ 2011-08-10 04:50 . 2011-06-21 05:35 44544 c:\windows\SysWOW64\licmgr10.dll

- 2011-06-16 05:09 . 2011-04-22 19:31 48128 c:\windows\SysWOW64\jsproxy.dll

+ 2011-08-10 04:50 . 2011-06-21 05:34 48128 c:\windows\SysWOW64\jsproxy.dll

- 2011-08-01 22:46 . 2011-06-02 06:45 13312 c:\windows\system32\wow64cpu.dll

+ 2011-08-10 04:54 . 2011-07-16 05:26 13312 c:\windows\system32\wow64cpu.dll

+ 2009-11-01 05:59 . 2011-08-10 21:10 51094 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-08-10 05:19 63738 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-08-10 21:10 63738 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-02-05 02:50 . 2011-08-10 21:10 16844 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4100934189-3811556741-3763301191-1000_UserData.bin

+ 2011-08-10 04:54 . 2011-07-16 05:24 16384 c:\windows\system32\ntvdm64.dll

- 2011-08-01 22:46 . 2011-06-02 06:42 16384 c:\windows\system32\ntvdm64.dll

- 2011-06-16 05:09 . 2011-04-22 20:14 97280 c:\windows\system32\mshtmled.dll

+ 2011-08-10 04:50 . 2011-06-21 06:20 97280 c:\windows\system32\mshtmled.dll

- 2011-06-16 05:09 . 2011-04-22 20:09 12288 c:\windows\system32\msfeedssync.exe

+ 2011-08-10 04:50 . 2011-06-21 06:17 12288 c:\windows\system32\msfeedssync.exe

- 2011-06-16 05:09 . 2011-04-22 20:14 82944 c:\windows\system32\msfeedsbs.dll

+ 2011-08-10 04:50 . 2011-06-21 06:20 82944 c:\windows\system32\msfeedsbs.dll

- 2011-06-16 05:09 . 2011-04-22 20:18 95232 c:\windows\system32\migration\WininetPlugin.dll

+ 2011-08-10 04:50 . 2011-06-21 06:20 95232 c:\windows\system32\migration\WininetPlugin.dll

+ 2011-08-10 04:50 . 2011-06-21 06:20 57856 c:\windows\system32\licmgr10.dll

- 2011-06-16 05:09 . 2011-04-22 20:14 57856 c:\windows\system32\licmgr10.dll

+ 2011-08-10 04:50 . 2011-06-21 06:19 64512 c:\windows\system32\jsproxy.dll

- 2011-06-16 05:09 . 2011-04-22 20:13 64512 c:\windows\system32\jsproxy.dll

+ 2009-07-14 05:30 . 2011-08-10 21:10 86016 c:\windows\system32\DriverStore\infpub.dat

- 2009-07-14 05:30 . 2011-08-10 05:17 86016 c:\windows\system32\DriverStore\infpub.dat

- 2010-02-05 10:51 . 2011-08-10 04:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-02-05 10:51 . 2011-08-10 20:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-02-05 10:51 . 2011-08-10 20:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-02-05 10:51 . 2011-08-10 04:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-08-10 04:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-08-10 20:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-02-27 02:40 . 2011-08-10 05:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-02-27 02:40 . 2011-08-10 21:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2011-08-10 20:30 78344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2010-02-27 02:40 . 2011-08-10 21:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-02-27 02:40 . 2011-08-10 05:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-02-27 02:40 . 2011-08-10 05:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-02-27 02:40 . 2011-08-10 21:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-02-05 02:48 . 2011-08-10 05:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-02-05 02:48 . 2011-08-10 21:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-02-05 02:48 . 2011-08-10 05:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-02-05 02:48 . 2011-08-10 21:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-10 05:56 . 2011-08-10 05:56 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2011-08-10 05:56 . 2011-08-10 05:56 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2011-08-10 05:56 . 2011-08-10 05:56 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2011-08-10 05:56 . 2011-08-10 05:56 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

+ 2011-08-10 05:56 . 2011-08-10 05:56 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-06-16 18:38 . 2011-06-16 18:38 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-06-16 18:37 . 2011-06-16 18:37 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-06-16 18:37 . 2011-06-16 18:37 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-08-10 04:54 . 2011-07-16 04:30 5120 c:\windows\SysWOW64\wow32.dll

- 2011-08-01 22:46 . 2011-06-02 05:54 5120 c:\windows\SysWOW64\wow32.dll

- 2011-08-01 22:46 . 2011-06-02 03:50 2048 c:\windows\SysWOW64\user.exe

+ 2011-08-10 04:54 . 2011-07-16 02:26 2048 c:\windows\SysWOW64\user.exe

- 2011-08-01 22:46 . 2011-06-02 03:51 7680 c:\windows\SysWOW64\instnm.exe

+ 2011-08-10 04:54 . 2011-07-16 02:26 7680 c:\windows\SysWOW64\instnm.exe

- 2011-08-01 22:46 . 2011-06-02 03:45 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 02:21 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 02:21 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 03:45 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 03:45 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 02:21 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 03:45 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 02:21 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

+ 2011-08-10 04:54 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

- 2011-08-01 22:46 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

- 2011-08-10 05:16 . 2011-08-10 05:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-10 21:08 . 2011-08-10 21:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-10 21:08 . 2011-08-10 21:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-08-10 05:16 . 2011-08-10 05:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-06-16 05:09 . 2011-04-22 19:31 981504 c:\windows\SysWOW64\wininet.dll

+ 2011-08-10 04:50 . 2011-06-21 05:36 981504 c:\windows\SysWOW64\wininet.dll

+ 2011-08-10 04:50 . 2011-06-21 05:36 132096 c:\windows\SysWOW64\url.dll

- 2011-06-16 05:09 . 2011-04-22 19:31 606208 c:\windows\SysWOW64\mstime.dll

+ 2011-08-10 04:50 . 2011-06-21 05:35 606208 c:\windows\SysWOW64\mstime.dll

- 2011-06-16 05:09 . 2011-04-22 19:31 599552 c:\windows\SysWOW64\msfeeds.dll

+ 2011-08-10 04:50 . 2011-06-21 05:35 599552 c:\windows\SysWOW64\msfeeds.dll

- 2011-08-01 22:46 . 2011-06-02 05:54 272384 c:\windows\SysWOW64\KernelBase.dll

+ 2011-08-10 04:54 . 2011-07-16 04:30 272384 c:\windows\SysWOW64\KernelBase.dll

- 2011-06-16 05:09 . 2011-04-22 19:31 176640 c:\windows\SysWOW64\ieui.dll

+ 2011-08-10 04:50 . 2011-06-21 05:34 176640 c:\windows\SysWOW64\ieui.dll

- 2011-06-16 05:09 . 2011-04-22 19:31 185856 c:\windows\SysWOW64\iepeers.dll

+ 2011-08-10 04:50 . 2011-06-21 05:34 185856 c:\windows\SysWOW64\iepeers.dll

- 2011-06-16 05:09 . 2011-04-22 19:31 381440 c:\windows\SysWOW64\iedkcs32.dll

+ 2011-08-10 04:50 . 2011-06-21 05:34 381440 c:\windows\SysWOW64\iedkcs32.dll

+ 2011-08-10 04:54 . 2011-07-16 05:26 362496 c:\windows\system32\wow64win.dll

- 2011-08-01 22:46 . 2011-06-02 06:45 362496 c:\windows\system32\wow64win.dll

+ 2011-08-10 04:54 . 2011-07-16 05:26 243200 c:\windows\system32\wow64.dll

- 2011-08-01 22:46 . 2011-06-02 06:45 243200 c:\windows\system32\wow64.dll

- 2011-08-01 22:46 . 2011-06-02 06:44 214528 c:\windows\system32\winsrv.dll

+ 2011-08-10 04:54 . 2011-07-16 05:26 214528 c:\windows\system32\winsrv.dll

- 2009-07-13 23:58 . 2009-07-14 01:41 134144 c:\windows\system32\url.dll

+ 2011-08-10 04:50 . 2011-06-21 06:20 134144 c:\windows\system32\url.dll

+ 2009-07-14 02:36 . 2011-08-10 05:54 642922 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-08-10 05:54 115374 c:\windows\system32\perfc009.dat

+ 2011-08-10 04:50 . 2011-06-21 06:20 703488 c:\windows\system32\msfeeds.dll

- 2011-06-16 05:09 . 2011-04-22 20:14 703488 c:\windows\system32\msfeeds.dll

+ 2011-08-10 04:54 . 2011-07-16 05:21 422400 c:\windows\system32\KernelBase.dll

- 2011-08-01 22:46 . 2011-06-02 06:39 422400 c:\windows\system32\KernelBase.dll

- 2011-06-16 05:09 . 2011-04-22 20:13 247808 c:\windows\system32\ieui.dll

+ 2011-08-10 04:50 . 2011-06-21 06:19 247808 c:\windows\system32\ieui.dll

+ 2011-08-10 04:50 . 2011-06-21 06:19 256000 c:\windows\system32\iepeers.dll

- 2011-06-16 05:09 . 2011-04-22 20:13 256000 c:\windows\system32\iepeers.dll

+ 2011-08-10 04:50 . 2011-06-21 06:19 445952 c:\windows\system32\iedkcs32.dll

- 2011-06-16 05:09 . 2011-04-22 20:13 445952 c:\windows\system32\iedkcs32.dll

- 2009-07-14 05:30 . 2011-08-10 05:17 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2011-08-10 21:10 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2011-08-10 21:10 143360 c:\windows\system32\DriverStore\infstor.dat

- 2009-07-14 05:30 . 2011-08-10 05:17 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2011-08-10 04:54 . 2011-07-16 05:17 338432 c:\windows\system32\conhost.exe

+ 2009-07-14 05:01 . 2011-08-10 21:07 319992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-08-10 05:15 319992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-06-16 18:38 . 2011-06-16 18:38 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2011-08-10 05:56 . 2011-08-10 05:56 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2011-08-10 05:56 . 2011-08-10 05:56 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-08-10 05:56 . 2011-08-10 05:56 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2011-08-10 05:56 . 2011-08-10 05:56 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

+ 2011-08-10 05:56 . 2011-08-10 05:56 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2011-08-10 05:56 . 2011-08-10 05:56 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2011-08-10 05:56 . 2011-08-10 05:56 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

+ 2011-08-10 05:56 . 2011-08-10 05:56 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-06-16 18:38 . 2011-06-16 18:38 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-08-10 05:55 . 2011-08-10 05:55 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.

Edited by smilingtraci
Link to comment
Share on other sites

Norton can be a bit tedious when removing it.

 

Follow this link for Norton removal and select whichever appropriate. Any questions, please feel free to ask.

 

 

 

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan

 

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

    scanning your computer. Please be patient as this can take some time.

  • Look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Select Uninstall application on close check box and push Posted Image
===================================================

 

Re-run Malwarebytes' Anti-Malware

  • Double-click MalwareBytes' (Note to Vista users, please right-click and select Run as Administrator.)

    • Go to Update tab to update Malwarebytes' Anti-Malware
  • Then click Check for Updates.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.

 

===================================================

 

On your next reply please post :

ESET log

MBAM log

 

Let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

Hi

 

Thank you for your help.

Traci

 

 

microsoft security essentials said it found and removed.

Trojandownloader;java/OpenConnection.EM

Trojan;java/Mugademel.A

 

file:C:\Users\Jesse\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\2ee45794-1ddbcd002ED124F7->yahoo/InfoCtrl.class

 

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

 

 

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Database version: 7452

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

8/12/2011 10:49:13 PM

mbam-log-2011-08-12 (22-49-13).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 517922

Time elapsed: 1 hour(s), 19 minute(s), 14 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Database version: 7452

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

8/12/2011 10:49:13 PM

mbam-log-2011-08-12 (22-49-13).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 517922

Time elapsed: 1 hour(s), 19 minute(s), 14 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Link to comment
Share on other sites

Hi,

 

You're good to go. :)

 

Your java is out of date. Click your start button, open Control panel.

  • Locate the Java icon (it looks like a coffee cup)
  • double click it to open it
  • click the Update tab
  • Click update now

After the java is updated, reboot your computer if not prompted to.

 

Next, clear the java cache

 

To clear the Java Plug-in cache:

  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
  • On the General tab, Click Settings under Temporary Internet Files.
  • On the Temporary Files Settings screen, Click Delete Files.
  • check all boxes
  • Click OK
===================================================

 

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix /Uninstall
Posted Image

 

===================================================

 

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

 

--------------------------------------------------------------------------------------------------------------

 

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

 

 

Passwords

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.

 

 

SPYWARE PREVENTION

This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an add-on available for both Firefox and IE.

  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

  • Download Host.zip and Save it to your Desktop.
  • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
  • Follow the prompts and click 'Finish'.
  • This will open the newly created hosts folder on your Desktop.
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  • Once updated you should see another prompt that the task was completed.
Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

 

Hopefully this should take care of your problems! Good luck.

 

Do you have any questions or problems to ask? Please do not hesitate to do so.

 

**Please respond this one more time to ensure it is resolved and close this topic.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...