The system has detected a problem with one or more installed IDE/SATA hard disks

[cutyhammy]

Still some small problems

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com but DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

Hi Jonhb35

Here is the log from Hijack

=========================================================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:29:25, on 23/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\ADP\Print Manager\faxman4.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\ADP\KCML6.2Server\kservice.exe
C:\ADP\KCML6.2Server\kservice.exe
C:\ADP\KCML6.2Server\kplicserver.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ADP\Print Manager\PMService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\system32\SgLogPlayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ADP\Print Manager\PMTrayIcon.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\ADP\KCML6.90\kclient.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\ADP\KCML62\kclient.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\ADP\KCML6.90\kclient.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\ADP\KCML6.2\kclient.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hijack\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.usa.canon.com/html/download/irc2550.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 172.31.192.42 nelson
O1 - Hosts: 172.31.192.42 nelson.kerridge.com
O1 - Hosts: 172.31.192.47 atlas
O1 - Hosts: 172.31.192.18 alex
O1 - Hosts: 172.31.192.13 vialli.kerridge.com
O1 - Hosts: 172.31.193.9 octopus
O1 - Hosts: 172.31.192.75 titan
O1 - Hosts: 172.31.251.10 kcmlrefman.kerridge.com
O1 - Hosts: 172.31.192.59 kportal.kerridge.com
O1 - Hosts: 172.31.192.50 forums.kerridge.com
O1 - Hosts: 172.31.192.50 bugs.kerridge.com
O1 - Hosts: 172.31.196.1 solomon.kerridge.com
O1 - Hosts: 172.31.72.190 venus
O1 - Hosts: 172.31.196.157 scooby
O1 - Hosts: 172.31.196.14 golf.automotive.kerridge.com
O1 - Hosts: 172.31.192.50 forums.tealgate.kerridge.com
O1 - Hosts: 172.31.192.83 silverstone
O1 - Hosts: 172.31.205.1 silverstone.tealgate.kerridge.com
O1 - Hosts: 172.31.192.42 mail.kerridge.com
O1 - Hosts: 172.31.192.42 pop3.kerridge.com
O1 - Hosts: 208.218.106.21 www.adpcorp.com
O1 - Hosts: 172.16.200.16 www.adpcorp.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [EdWizard] C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe as
O4 - HKLM\..\Run: [SgeEcView] C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] "C:\Program Files\Kaseya\Agent\KaUsrTsk.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Print Manager Tray Icon] C:\Program Files\ADP\Print Manager\PMTrayIcon.exe
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {494b8c10-bdb5-11d1-8373-00a0c901b28c} (KClient.ActiveX.1) -
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DSI.AD.ADP.COM
O17 - HKLM\Software\..\Telephony: DomainName = DSI.AD.ADP.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DSI.AD.ADP.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dsi.ad.adp.com,ds.ad.adp.com,
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dsi.ad.adp.com,ds.ad.adp.com,
O20 - Winlogon Notify: NotLog - SGLogEx.dll (file missing)
O20 - Winlogon Notify: SGLogNotification - SGLogNotification.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FaxMan Fax Engine (FaxManService) - Data Techniques, Inc. - C:\Program Files\ADP\Print Manager\faxman4.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kaseya Agent (KaseyaAgent) - Kaseya - C:\Program Files\Kaseya\Agent\AgentMon.exe
O23 - Service: kplic - ADP DSI. - C:\ADP\KCML6.2Server\kservice.exe
O23 - Service: kwebadmin - ADP DSI. - C:\ADP\KCML6.2Server\kservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Manager Service v1.10.2263.15210 (PMService) - ADP DSI - C:\Program Files\ADP\Print Manager\PMService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r213367\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

--
End of file - 16991 bytes

=========================================================

Here is the log from Malwarebytes
==========================================================
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6923

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

23/06/2011 17:48:03
mbam-log-2011-06-23 (17-48-02).txt

Scan type: Quick scan
Objects scanned: 191486
Time elapsed: 16 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

==========================================================

 

[alexr1090]

If johnb35 was a processor he would be top of the line for keeping up with this thread

 

[litefoot]

The system recovery disks are created from the recovery partition files, no where else.

Try it again, but this time go into acer recovery management and choose to

restore system to factory default

do not use the recovery cd's.

What files are being detected by MSRT(malicious software removal tool)?

I've been attempting to restore the factory default over the last few days but I'm having problems. When I do it from Windows, it has to reboot before it runs, and I'm getting the same blue screen on startup. I tried doing Alt and F10 from the reboot, which is supposed to take you into an Acer menu to allow you to start it outside Windows, but this combination of keys doesn't seem to work. WIll keep trying and keep you updated.

 

[rschwarz]

logs for combofix, hijackthis, and malware to fix unhide problem

For some reason I only got part of the combofix log. Can you send them again but this time send them here instead? [email protected]

John,

I sent the combofix, hijackthis, and malware logs to [email protected]. I also tried to put them below, but even the combofix log alone was too long (i got this error message: The text that you have entered is too long (83744 characters) Please shorten it to 60000 characters long.

Sorry for my really delayed response. Somehow my thread alert got turned off and I didn't see any responses.

Thanks so much!

 

[johnb35]

You used the wrong address. it should be [email protected]. Since the combofix log is too long you can always break it up into multiple posts, just remember where you left off.

 

[rschwarz]

Part 1 of combofix log

You used the wrong address. it should be [email protected]. Since the combofix log is too long you can always break it up into multiple posts, just remember where you left off.

Sorry about the wrong email. I'm posting the logs here in two successive posts and sending it to the correct email, just to cover all the bases.

Here is the first part:

Combofix
ComboFix 11-06-23.01 - Roger Schwarz 06/23/2011 15:08:27.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.461 [GMT -4:00]
Running from: c:\documents and settings\Roger Schwarz\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-16 07:03 . 2011-06-16 07:39 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-16 02:35 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-10 14:16 . 2011-06-10 14:16 -------- d-----w- c:\documents and settings\Roger Schwarz\Local Settings\Application Data\Apple
2011-06-10 00:33 . 2011-06-10 00:33 -------- d-----w- c:\documents and settings\Roger Schwarz\Application Data\Windows Search
2011-06-09 21:57 . 2011-06-09 21:57 -------- d-----w- c:\documents and settings\Roger Schwarz\Application Data\Avira
2011-06-09 21:13 . 2011-06-09 21:13 388096 ----a-r- c:\documents and settings\Roger Schwarz\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-09 21:13 . 2011-06-09 21:13 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2009-09-06 18:27 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2009-09-06 18:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31 . 2005-08-16 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2006-01-18 04:55 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2005-08-16 10:18 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2005-08-16 10:18 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2005-08-16 10:18 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2005-08-16 10:18 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-02 04:51 . 2011-04-02 04:51 0 ----a-w- c:\documents and settings\Hannah Schwarz\FAP29F.tmp
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-09_20.59.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-14 00:17 . 2011-05-14 00:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2011-06-23 18:56 . 2011-06-23 18:56 16384 c:\windows\temp\Perflib_Perfdata_1e0.dat
- 2005-08-16 10:18 . 2011-02-17 19:00 44544 c:\windows\system32\pngfilt.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 44544 c:\windows\system32\pngfilt.dll
+ 2005-08-16 10:18 . 2011-06-16 07:19 80058 c:\windows\system32\perfc009.dat
- 2005-08-16 10:18 . 2011-04-13 07:11 80058 c:\windows\system32\perfc009.dat
- 2007-08-13 22:54 . 2011-02-17 19:00 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 22:54 . 2011-04-25 15:51 52224 c:\windows\system32\msfeedsbs.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 27648 c:\windows\system32\jsproxy.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 22:39 . 2011-02-17 11:43 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 22:39 . 2011-04-25 12:00 13824 c:\windows\system32\ieudinit.exe
+ 2005-08-16 10:18 . 2011-04-25 15:51 44544 c:\windows\system32\iernonce.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 44544 c:\windows\system32\iernonce.dll
+ 2005-08-16 10:18 . 2011-04-25 12:00 70656 c:\windows\system32\ie4uinit.exe
- 2005-08-16 10:18 . 2011-02-17 11:43 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 22:36 . 2011-04-25 15:51 63488 c:\windows\system32\icardie.dll
- 2007-08-13 22:36 . 2011-02-17 19:00 63488 c:\windows\system32\icardie.dll
+ 2006-05-10 05:25 . 2011-04-25 15:51 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2006-05-10 05:25 . 2011-02-17 19:00 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-05-17 03:22 . 2011-04-25 15:51 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-05-17 03:22 . 2011-02-17 19:00 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-05-10 05:25 . 2011-02-17 19:00 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:25 . 2011-04-25 15:51 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-05-17 03:22 . 2011-04-25 12:00 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2008-05-17 03:22 . 2011-02-17 11:43 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-08-13 22:39 . 2011-02-17 19:00 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 22:39 . 2011-04-25 15:51 44544 c:\windows\system32\dllcache\iernonce.dll
- 2007-08-13 22:45 . 2011-02-17 19:00 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 22:45 . 2011-04-25 15:51 78336 c:\windows\system32\dllcache\ieencode.dll
- 2007-08-13 22:39 . 2011-02-17 11:43 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 22:39 . 2011-04-25 12:00 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-05-17 03:22 . 2011-02-17 19:00 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-05-17 03:22 . 2011-04-25 15:51 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-13 22:42 . 2011-02-17 19:00 17408 c:\windows\system32\dllcache\corpol.dll
+ 2007-08-13 22:42 . 2011-04-25 15:51 17408 c:\windows\system32\dllcache\corpol.dll
- 2009-10-07 03:16 . 2011-05-11 07:05 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-10-07 03:16 . 2011-06-16 07:22 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-10-07 03:16 . 2011-06-16 07:22 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-10-07 03:16 . 2011-05-11 07:05 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-10-07 03:16 . 2011-05-11 07:05 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-10-07 03:16 . 2011-06-16 07:22 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-06-16 07:22 . 2011-02-17 19:00 44544 c:\windows\ie7updates\KB2530548-IE7\pngfilt.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 52224 c:\windows\ie7updates\KB2530548-IE7\msfeedsbs.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 27648 c:\windows\ie7updates\KB2530548-IE7\jsproxy.dll
+ 2011-06-16 07:22 . 2011-02-17 11:43 13824 c:\windows\ie7updates\KB2530548-IE7\ieudinit.exe
+ 2011-06-16 07:22 . 2011-02-17 19:00 44544 c:\windows\ie7updates\KB2530548-IE7\iernonce.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 78336 c:\windows\ie7updates\KB2530548-IE7\ieencode.dll
+ 2011-06-16 07:22 . 2011-02-17 11:43 70656 c:\windows\ie7updates\KB2530548-IE7\ie4uinit.exe
+ 2011-06-16 07:22 . 2011-02-17 19:00 63488 c:\windows\ie7updates\KB2530548-IE7\icardie.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 17408 c:\windows\ie7updates\KB2530548-IE7\corpol.dll
+ 2011-06-16 07:24 . 2011-06-16 07:24 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
+ 2011-06-16 07:29 . 2011-06-16 07:29 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\61c3b1e170de97a8d418b610bd9b0c77\System.Windows.Presentation.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a4173f12a0fea30f95bc56ab04f64cae\System.Web.DynamicData.Design.ni.dll
+ 2011-06-16 07:27 . 2011-06-16 07:27 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ab5802527ce15dbcc25e301dbbb4d666\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-06-16 07:27 . 2011-06-16 07:27 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
+ 2011-06-16 07:22 . 2011-06-16 07:22 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e9bb32c656a2f80b629f129d738c392b\PresentationFontCache.ni.exe
+ 2011-06-16 07:21 . 2011-06-16 07:21 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\d54d318ae1eb0667badea576d0534f9d\PresentationCFFRasterizer.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\87fe1d01b568b3bc9c750b7cf7802516\Microsoft.Vsa.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
+ 2011-06-16 07:25 . 2011-06-16 07:25 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-13 07:10 . 2011-04-13 07:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2011-05-14 05:17 . 2011-05-14 05:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 05:12 . 2011-05-14 05:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 05:11 . 2011-05-14 05:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 233472 c:\windows\system32\webcheck.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 233472 c:\windows\system32\webcheck.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 105984 c:\windows\system32\url.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 105984 c:\windows\system32\url.dll
- 2005-08-16 10:18 . 2011-04-13 07:11 466842 c:\windows\system32\perfh009.dat
+ 2005-08-16 10:18 . 2011-06-16 07:19 466842 c:\windows\system32\perfh009.dat
- 2005-08-16 10:18 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
+ 2005-08-16 10:18 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 102912 c:\windows\system32\occache.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 102912 c:\windows\system32\occache.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 671232 c:\windows\system32\mstime.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 671232 c:\windows\system32\mstime.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 193024 c:\windows\system32\msrating.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 193024 c:\windows\system32\msrating.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 478208 c:\windows\system32\mshtmled.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 478208 c:\windows\system32\mshtmled.dll
- 2007-08-13 22:54 . 2011-02-17 19:00 468480 c:\windows\system32\msfeeds.dll
+ 2007-08-13 22:54 . 2011-04-25 15:51 468480 c:\windows\system32\msfeeds.dll
- 2007-08-13 22:34 . 2011-02-17 19:00 268288 c:\windows\system32\iertutil.dll
+ 2007-08-13 22:34 . 2011-04-25 15:51 268288 c:\windows\system32\iertutil.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 192512 c:\windows\system32\iepeers.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 192512 c:\windows\system32\iepeers.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 384512 c:\windows\system32\iedkcs32.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 384512 c:\windows\system32\iedkcs32.dll
- 2007-07-11 16:27 . 2011-02-17 19:00 380928 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 16:27 . 2011-04-25 15:51 380928 c:\windows\system32\ieapfltr.dll
+ 2005-08-16 10:18 . 2011-04-21 10:56 161792 c:\windows\system32\ieakui.dll
- 2005-08-16 10:18 . 2011-02-14 12:15 161792 c:\windows\system32\ieakui.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 230400 c:\windows\system32\ieaksie.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 230400 c:\windows\system32\ieaksie.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 153088 c:\windows\system32\ieakeng.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 153088 c:\windows\system32\ieakeng.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 133120 c:\windows\system32\extmgr.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 133120 c:\windows\system32\extmgr.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 214528 c:\windows\system32\dxtrans.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 214528 c:\windows\system32\dxtrans.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 347136 c:\windows\system32\dxtmsft.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 347136 c:\windows\system32\dxtmsft.dll
+ 2005-08-16 10:18 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
- 2005-08-16 10:18 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
+ 2006-05-10 05:25 . 2011-04-25 15:51 832512 c:\windows\system32\dllcache\wininet.dll
- 2006-05-10 05:25 . 2011-02-17 19:00 832512 c:\windows\system32\dllcache\wininet.dll
- 2007-08-13 22:54 . 2011-02-17 19:00 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 22:54 . 2011-04-25 15:51 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-09-18 14:15 . 2011-04-30 08:50 766464 c:\windows\system32\dllcache\vgx.dll
- 2007-08-13 22:44 . 2011-02-17 19:00 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 22:44 . 2011-04-25 15:51 105984 c:\windows\system32\dllcache\url.dll
+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2007-08-13 22:44 . 2011-04-25 15:51 102912 c:\windows\system32\dllcache\occache.dll
- 2007-08-13 22:44 . 2011-02-17 19:00 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-05-10 05:25 . 2011-04-25 15:51 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:25 . 2011-02-17 19:00 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:25 . 2011-02-17 19:00 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-05-10 05:25 . 2011-04-25 15:51 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-05-10 05:25 . 2011-04-25 15:51 478208 c:\windows\system32\dllcache\mshtmled.dll
- 2006-05-10 05:25 . 2011-02-17 19:00 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-05-17 03:22 . 2011-04-25 15:51 468480 c:\windows\system32\dllcache\msfeeds.dll
- 2008-05-17 03:22 . 2011-02-17 19:00 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-12 18:29 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
- 2008-08-15 21:19 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-08-15 21:19 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2007-08-13 22:43 . 2011-04-21 10:58 634648 c:\windows\system32\dllcache\iexplore.exe
- 2007-08-13 22:43 . 2011-02-14 12:17 634648 c:\windows\system32\dllcache\iexplore.exe
- 2008-05-17 03:22 . 2011-02-17 19:00 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2008-05-17 03:22 . 2011-04-25 15:51 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-05-10 05:25 . 2011-04-25 15:51 192512 c:\windows\system32\dllcache\iepeers.dll
- 2006-05-10 05:25 . 2011-02-17 19:00 192512 c:\windows\system32\dllcache\iepeers.dll
- 2007-08-13 22:39 . 2011-02-17 19:00 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 22:39 . 2011-04-25 15:51 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-05-17 03:22 . 2011-04-25 15:51 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2008-05-17 03:22 . 2011-02-17 19:00 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-08-13 21:56 . 2011-02-14 12:15 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 21:56 . 2011-04-21 10:56 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 22:39 . 2011-04-25 15:51 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 22:39 . 2011-02-17 19:00 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 22:39 . 2011-04-25 15:51 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 22:39 . 2011-02-17 19:00 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-05-10 05:25 . 2011-02-17 19:00 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-05-10 05:25 . 2011-04-25 15:51 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-05-10 05:25 . 2011-02-17 19:00 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:25 . 2011-04-25 15:51 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:25 . 2011-04-25 15:51 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-05-10 05:25 . 2011-02-17 19:00 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
- 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
- 2007-08-13 22:39 . 2011-02-17 19:00 124928 c:\windows\system32\dllcache\advpack.dll
+ 2007-08-13 22:39 . 2011-04-25 15:51 124928 c:\windows\system32\dllcache\advpack.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 124928 c:\windows\system32\advpack.dll
- 2005-08-16 10:18 . 2011-02-17 19:00 124928 c:\windows\system32\advpack.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-03-18 00:03 . 2011-03-18 00:03 308736 c:\windows\Installer\24ad2770.msp
+ 2011-06-16 07:09 . 2011-06-16 07:09 223744 c:\windows\Installer\24ad2720.msi
+ 2011-06-16 07:03 . 2011-06-16 07:03 467456 c:\windows\Installer\24ad26fa.msi
+ 2009-10-07 03:16 . 2011-06-16 07:22 888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-10-07 03:16 . 2011-05-11 07:05 888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-10-07 03:16 . 2011-06-16 07:22 272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
- 2009-10-07 03:16 . 2011-05-11 07:05 272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-10-07 03:16 . 2011-06-16 07:22 922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2009-10-07 03:16 . 2011-05-11 07:05 922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2009-10-07 03:16 . 2011-05-11 07:05 845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-10-07 03:16 . 2011-06-16 07:22 845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-10-07 03:16 . 2011-06-16 07:22 217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2009-10-07 03:16 . 2011-05-11 07:05 217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2009-10-07 03:16 . 2011-05-11 07:05 184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-10-07 03:16 . 2011-06-16 07:22 184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
- 2009-10-07 03:16 . 2011-05-11 07:05 159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-10-07 03:16 . 2011-06-16 07:22 159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-06-16 07:11 . 2007-07-12 23:31 765952 c:\windows\ie7updates\KB2544521-IE7\vgx.dll
+ 2011-06-16 07:11 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2544521-IE7\spuninst\updspapi.dll
+ 2011-06-16 07:11 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2544521-IE7\spuninst\spuninst.exe
+ 2011-06-16 07:22 . 2011-02-17 19:00 832512 c:\windows\ie7updates\KB2530548-IE7\wininet.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 233472 c:\windows\ie7updates\KB2530548-IE7\webcheck.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 105984 c:\windows\ie7updates\KB2530548-IE7\url.dll
+ 2011-06-16 07:22 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2530548-IE7\spuninst\updspapi.dll
+ 2011-06-16 07:22 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2530548-IE7\spuninst\spuninst.exe
+ 2011-06-16 07:22 . 2011-02-17 19:00 102912 c:\windows\ie7updates\KB2530548-IE7\occache.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 671232 c:\windows\ie7updates\KB2530548-IE7\mstime.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 193024 c:\windows\ie7updates\KB2530548-IE7\msrating.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 478208 c:\windows\ie7updates\KB2530548-IE7\mshtmled.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 468480 c:\windows\ie7updates\KB2530548-IE7\msfeeds.dll
+ 2011-06-16 07:22 . 2011-02-14 12:17 634648 c:\windows\ie7updates\KB2530548-IE7\iexplore.exe
+ 2011-06-16 07:22 . 2011-02-17 19:00 268288 c:\windows\ie7updates\KB2530548-IE7\iertutil.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 192512 c:\windows\ie7updates\KB2530548-IE7\iepeers.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 384512 c:\windows\ie7updates\KB2530548-IE7\iedkcs32.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 380928 c:\windows\ie7updates\KB2530548-IE7\ieapfltr.dll
+ 2011-06-16 07:22 . 2011-02-14 12:15 161792 c:\windows\ie7updates\KB2530548-IE7\ieakui.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 230400 c:\windows\ie7updates\KB2530548-IE7\ieaksie.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 153088 c:\windows\ie7updates\KB2530548-IE7\ieakeng.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 133120 c:\windows\ie7updates\KB2530548-IE7\extmgr.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 214528 c:\windows\ie7updates\KB2530548-IE7\dxtrans.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 347136 c:\windows\ie7updates\KB2530548-IE7\dxtmsft.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 124928 c:\windows\ie7updates\KB2530548-IE7\advpack.dll
+ 2008-11-12 18:29 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-06-16 07:26 . 2011-06-16 07:26 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\8ba27eaa0f7d987f92319c64aefd2e98\WsatConfig.ni.exe
+ 2011-06-16 07:24 . 2011-06-16

 

[rschwarz]

Part 2 of the combofix log and hijackthis and Malware logs

You used the wrong address. it should be [email protected]. Since the combofix log is too long you can always break it up into multiple posts, just remember where you left off.

Here is the rest of the combofix log and the hijackthis and malware logs:

07:24 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\431d5dc1cfcc0c0530e813f370931670\WindowsFormsIntegration.ni.dll
+ 2011-06-16 07:24 . 2011-06-16 07:24 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
+ 2011-06-16 07:24 . 2011-06-16 07:24 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\00dfe5563886a1f69c96b3acb839107b\UIAutomationClient.ni.dll
+ 2011-06-16 07:29 . 2011-06-16 07:29 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\80187a9cfed4fd0ec82746495be76764\System.Xml.Linq.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\58c421c537b1c3f3878458ad306b2a42\System.Web.Routing.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\dc26fff00ce95d24fd190f38904bb2b3\System.Web.RegularExpressions.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4e3dd4d7f9aeda74a2fcefee036e5070\System.Web.Extensions.Design.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4fb1c0c07f40248b463f2e33444b9477\System.Web.Entity.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4dfcffc6e6d02bdcdc185d5527a8097e\System.Web.Entity.Design.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b921d1cffcd5e80ea14c51db967edd6\System.Web.DynamicData.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\702b506e56d3a7051aea7822cd915c7f\System.Web.Abstractions.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\503ccbb50e9c06c2f0b02ad8c3f2d100\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\ac53723e41898bc0e8a591c2e4f6f39b\System.Net.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\4a3a674008d8102c1aa5b3fc18251ef7\System.Management.Instrumentation.ni.dll
+ 2011-06-16 07:25 . 2011-06-16 07:25 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7f5f5bfd5f8d6587c96870751a6eb44d\System.IO.Log.ni.dll
+ 2011-06-16 07:25 . 2011-06-16 07:25 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\de1bf796614ca11afd9fab95edb1b4e2\System.IdentityModel.Selectors.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.Wrapper.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll
+ 2011-06-16 07:23 . 2011-06-16 07:23 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\1af8683e05c42eb32f46578fe5a8f83f\System.Drawing.Design.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\791a6643b70542b148d977ff42f2f2ef\System.DirectoryServices.Protocols.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\31759ad8be21735f0a369c37514c2efc\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\df507a4500e73fa4cfc13f65a1c9055e\System.Data.Services.Client.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d1778fffc09d783bc90512b65d35be66\System.Data.Services.Design.ni.dll
+ 2011-06-16 07:27 . 2011-06-16 07:27 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a47a8bf16370c93b3c6a471e48cc67a\System.Data.Entity.Design.ni.dll
+ 2011-06-16 07:27 . 2011-06-16 07:27 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\50492d147392c238edc5a614beccb91b\System.Data.DataSetExtensions.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll
+ 2011-06-16 07:27 . 2011-06-16 07:27 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\77015cc1e6d9e7d20e63903777afd6df\System.AddIn.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6ca41c7917119c3a9de0bcdca525001d\SMSvcHost.ni.exe
+ 2011-06-16 07:26 . 2011-06-16 07:26 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8ff6d395f8861384bc9bfbe34cafb64e\SMDiagnostics.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\67dc00c24e551003f6dacb73fe9cf881\ServiceModelReg.ni.exe
+ 2011-06-16 07:23 . 2011-06-16 07:23 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e468e9265c844f74577530e4df71f120\PresentationFramework.Aero.ni.dll
+ 2011-06-16 07:23 . 2011-06-16 07:23 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\959709491c71caef88fb41b0eb159714\PresentationFramework.Classic.ni.dll
+ 2011-06-16 07:23 . 2011-06-16 07:23 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\807b62468c2893ee943dffff63a34d8d\PresentationFramework.Royale.ni.dll
+ 2011-06-16 07:23 . 2011-06-16 07:23 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6cf82f370413a2cd1e6bc54060334753\PresentationFramework.Luna.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\0add35a0fbe0c381c998b651c5979902\MSBuild.ni.exe
+ 2011-06-16 07:26 . 2011-06-16 07:26 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\667dc256d9eb3577f2514c89c5974aff\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d5561a4ad04c22f0eb5acf4736c7936e\Microsoft.Build.Utilities.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1a0623063225521aa43044314cc5e721\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\530f98922474a31636c34fa3db9a63ba\Microsoft.Build.Engine.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\7e75fca3ca1f36df8ac624190d9cd283\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\c0f5f3c318a92212bbe3b413eeb2b374\ComSvcConfig.ni.exe
+ 2011-06-16 07:25 . 2011-06-16 07:25 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\0524928cbd0a686db3960ef688d0d37e\AspNetMMCExt.ni.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2011-05-14 00:04 . 2011-05-14 00:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 00:04 . 2011-05-14 00:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 1168896 c:\windows\system32\urlmon.dll
+ 2005-08-16 10:18 . 2011-04-25 15:51 3608576 c:\windows\system32\mshtml.dll
+ 2007-08-13 22:54 . 2011-04-25 15:51 6076416 c:\windows\system32\ieframe.dll
+ 2006-05-10 05:25 . 2011-04-25 15:51 1168896 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-19 15:06 . 2011-04-25 15:51 3608576 c:\windows\system32\dllcache\mshtml.dll
+ 2008-05-17 03:22 . 2011-04-25 15:51 6076416 c:\windows\system32\dllcache\ieframe.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-06-09 21:13 . 2011-06-09 21:13 1094656 c:\windows\Installer\3ad254c.msi
+ 2011-04-29 16:31 . 2011-04-29 16:31 9006080 c:\windows\Installer\24ad274d.msp
+ 2011-04-29 16:28 . 2011-04-29 16:28 1995264 c:\windows\Installer\24ad2736.msp
+ 2011-04-29 16:33 . 2011-04-29 16:33 8173568 c:\windows\Installer\24ad2718.msp
+ 2011-01-19 03:36 . 2011-01-19 03:36 2687488 c:\windows\Installer\24ad2701.msp
- 2009-10-07 03:16 . 2011-05-11 07:05 1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-10-07 03:16 . 2011-06-16 07:22 1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-10-07 03:16 . 2011-06-16 07:22 1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
- 2009-10-07 03:16 . 2011-05-11 07:05 1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-06-16 07:22 . 2011-02-17 19:00 1168384 c:\windows\ie7updates\KB2530548-IE7\urlmon.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 3607040 c:\windows\ie7updates\KB2530548-IE7\mshtml.dll
+ 2011-06-16 07:22 . 2011-02-17 19:00 6075904 c:\windows\ie7updates\KB2530548-IE7\ieframe.dll
+ 2011-06-16 07:21 . 2011-06-16 07:21 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsBase.ni.dll
+ 2011-06-16 07:24 . 2011-06-16 07:24 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\901c3796073853746fecd8979c679494\UIAutomationClientsideProviders.ni.dll
+ 2011-06-16 07:21 . 2011-06-16 07:21 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
+ 2011-06-16 07:24 . 2011-06-16 07:24 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
+ 2011-06-16 07:29 . 2011-06-16 07:29 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\2877dda3e0f0faeba527b4bf1efe9cb5\System.WorkflowServices.ni.dll
+ 2011-06-16 07:29 . 2011-06-16 07:29 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d7cb3697989fe6fa3a08d2821d38aa5e\System.Workflow.Runtime.ni.dll
+ 2011-06-16 07:29 . 2011-06-16 07:29 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\4ac04107c35485d415f9e1bebfd155dd\System.Workflow.ComponentModel.ni.dll
+ 2011-06-16 07:29 . 2011-06-16 07:29 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\2169feb8bd57d96e621fa26d9391d463\System.Workflow.Activities.ni.dll
+ 2011-06-16 07:29 . 2011-06-16 07:29 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\bdad1c0f4eb846543b234353fd2b926f\System.Web.Mobile.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\647bfe6da40e8160b967c41424901dc8\System.Web.Extensions.ni.dll
+ 2011-06-16 07:24 . 2011-06-16 07:24 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2047e63293e067b351b8f0e038253f33\System.Speech.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ead07662976fb7094811461c568643d5\System.ServiceModel.Web.ni.dll
+ 2011-06-16 07:25 . 2011-06-16 07:25 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c889a45c82004537f1620dd3b211af66\System.Runtime.Serialization.ni.dll
+ 2011-06-16 07:23 . 2011-06-16 07:23 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\c64aa916251a45206a805ab6488b9255\System.Printing.ni.dll
+ 2011-06-16 07:25 . 2011-06-16 07:25 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a8039af85f459c19c041313f9fe0d7e8\System.IdentityModel.ni.dll
+ 2011-06-16 07:23 . 2011-06-16 07:23 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\55211bc8f4fcff47c05bfc3020d97148\System.DirectoryServices.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f9ff2fb342cd5102e2d95883b3433a5d\System.Deployment.ni.dll
+ 2011-06-16 07:23 . 2011-06-16 07:23 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef31ab37b0d7c3c1a6d72646966c8911\System.Data.SqlXml.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f945e9c32c775bb604ab83d8933f1b2c\System.Data.Services.ni.dll
+ 2011-06-16 07:23 . 2011-06-16 07:23 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\283e9bf48e17bdb34acdc93bd5721be0\System.Data.Linq.ni.dll
+ 2011-06-16 07:27 . 2011-06-16 07:27 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\368c85cccea8a1206be5c849fd6614e3\System.Data.Entity.ni.dll
+ 2011-06-16 07:23 . 2011-06-16 07:23 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd2e04dfab2993479ae17ea3fa4f6222\System.Core.ni.dll
+ 2011-06-16 07:23 . 2011-06-16 07:23 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4f82a0a1b4405ef61dfa088d11161e35\ReachFramework.ni.dll
+ 2011-06-16 07:23 . 2011-06-16 07:23 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\148505f5b0307230de5d355f10d30a20\PresentationUI.ni.dll
+ 2011-06-16 07:21 . 2011-06-16 07:21 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\1fab86af683c04bdb0aaf65ce7fcd9e5\PresentationBuildTasks.ni.dll
+ 2011-06-16 07:27 . 2011-06-16 07:27 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7292ca9d793cb71cf3d41ae663e7139b\Microsoft.VisualBasic.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\abaf7a180354ed5ec099fb69339b538a\Microsoft.Transactions.Bridge.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b41db9f2897f538203911026bb0abd5d\Microsoft.JScript.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a91940f9033c7910f3f64c061571cec9\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\5195a94327ccef45d202776e932e847b\Microsoft.Build.Tasks.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3efbca53acdd34586bd7f6f87e71ed62\Microsoft.Build.Engine.ni.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-06-16 07:18 . 2011-06-16 07:18 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-06-16 07:19 . 2011-06-16 07:19 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-04-13 07:10 . 2011-04-13 07:10 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2006-02-18 16:46 . 2011-06-16 07:11 47716296 c:\windows\system32\MRT.exe
+ 2011-03-28 07:27 . 2011-03-28 07:27 15456256 c:\windows\Installer\24ad275a.msp
+ 2011-06-16 07:24 . 2011-06-16 07:24 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll
+ 2011-06-16 07:28 . 2011-06-16 07:28 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.Web.ni.dll
+ 2011-06-16 07:26 . 2011-06-16 07:26 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll
+ 2011-06-16 07:23 . 2011-06-16 07:23 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\ee914f59ad8211e0b6734dccffd9986e\System.Design.ni.dll
+ 2011-06-16 07:23 . 2011-06-16 07:23 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\999df2b262da53356dda514512bb7bb8\PresentationFramework.ni.dll
+ 2011-06-16 07:22 . 2011-06-16 07:22 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\caafa254739e326b0cf55eed815b4333\PresentationCore.ni.dll
+ 2011-06-16 07:21 . 2011-06-16 07:21 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\Go\CTCMSGo.exe" [2005-10-19 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\documents and settings\Hannah Schwarz\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1139112684\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1139112684\\ee\\aim6.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/9/2010 9:53 AM 136360]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/24/2008 7:57 PM 24652]
R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [7/15/2002 11:39 PM 26496]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ROGERS~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\ROGERS~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ROGERS~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\ROGERS~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/2/2010 9:34 PM 135664]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [10/25/2004 5:09 PM 331776]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/2/2010 9:34 PM 135664]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [6/2/2007 2:11 PM 396192]
S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [6/2/2007 2:11 PM 10752]
S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [6/2/2007 2:11 PM 19904]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/6/2007 12:12 AM 682232]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 01:34]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 01:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 207.69.188.186 207.69.188.187
FF - ProfilePath - c:\documents and settings\Roger Schwarz\Application Data\Mozilla\Firefox\Profiles\jhemn4a5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 15:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1452)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-06-23 15:16:31
ComboFix-quarantined-files.txt 2011-06-23 19:16
ComboFix2.txt 2011-06-09 21:06
.
Pre-Run: 54,141,190,144 bytes free
Post-Run: 54,138,875,904 bytes free
.
- - End Of File - - 7DB28BAD77C33E7000AAF617DA0B122C

HiJackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:31:36 PM, on 6/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17098)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8730 bytes
MalWare
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6931
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
6/24/2011 8:35:59 AM
mbam-log-2011-06-24 (08-35-59).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 330670
Time elapsed: 54 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Qoobox\quarantine\C\documents and settings\all users\application data\17686308.exe.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP1443\A0228470.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

 

[johnb35]

rschwarz

Let me know if there is a folder in c:\temp named smtmp. You may need to enable show hidden files and folders to view this.

 

[rschwarz]

rschwarz

Let me know if there is a folder in c:\temp named smtmp. You may need to enable show hidden files and folders to view this.

There isn't any temp folder at c:\. There is a temp folder at C:\WINDOWS\temp, but that doesn't have a smtmp folder.

 

[johnb35]

ok. This is where I recommend using system restore to set your system back a few days prior to being infected to where everything is working like it should. After doing the system restore you still need to rescan your system with malwarebytes and have it remove anything it finds.

 

[rschwarz]

ok. This is where I recommend using system restore to set your system back a few days prior to being infected to where everything is working like it should. After doing the system restore you still need to rescan your system with malwarebytes and have it remove anything it finds.

System restore doesn't show up. I've gone to start/accessories/system tools, but the only program within system tools is Internet Explorer (which seems weird itself).

 

[johnb35]

navigate to here.

C:\WINDOWS\system32\Restore and run rstrui.exe, which is system restore.

 

[johnb35]

Hi John,

thanks so much for giving the malware program and the steps to get rid of the virus. You saved my computer today

i've also run the "unhide.exe" program which unhide all the files and folders.

But i still have one problem *hope that you can help* (or anyone pls)
All the program in my Windows menus has dissapears.
The program is stil there in the Programs folder, but i just can't seem them on Windows menu [e.g Start > All Programs > Itunes > (Empty)]

Do you have any solution on how i can fix that?

Thanks again for ya help

cutyhammy,

Is this a business/company pc? If so, you will need to take it to the network admin of the company and have them take care of it. We will not be liable for company machines.

 

[rschwarz]

navigate to here.

C:\WINDOWS\system32\Restore and run rstrui.exe, which is system restore.

I ran system restore and the programs in the menu are still listed as empty. I tried restoring the computor to several reset points, including the earliest date available (April 2, 2011), to no use.

Each time i ran the system restore, it said that it was incomplete and that no changes were made on my computer.

Ugh.

 

[johnb35]

I ran system restore and the programs in the menu are still listed as empty. I tried restoring the computor to several reset points, including the earliest date available (April 2, 2011), to no use.

Each time i ran the system restore, it said that it was incomplete and that no changes were made on my computer.

Ugh.

Then unfortunately, its looks like you will have to reinstall windows on this machine. Unfortunately unhide.exe doesn't work 100 percent on all machines, and everyone should know that system restore isn't very reliable. You may want to invest in a program called Acronis true image. You can set it to create an exact image of your drive at certain points to where if you ever have to reinstall windows you can be back up and running within less than 10 minutes or so after starting the process. Afterwards, all your programs and data will be back where they were.

 

[rschwarz]

Then unfortunately, its looks like you will have to reinstall windows on this machine. Unfortunately unhide.exe doesn't work 100 percent on all machines, and everyone should know that system restore isn't very reliable. You may want to invest in a program called Acronis true image. You can set it to create an exact image of your drive at certain points to where if you ever have to reinstall windows you can be back up and running within less than 10 minutes or so after starting the process. Afterwards, all your programs and data will be back where they were.

John,

OK, I'll try reinstalling Windows. In any case, thanks for all of your help. I'm just so impressed how much help you give people on this forum. I've really appreciated it. thanks again.

 

[litefoot]

I've been attempting to restore the factory default over the last few days but I'm having problems. When I do it from Windows, it has to reboot before it runs, and I'm getting the same blue screen on startup. I tried doing Alt and F10 from the reboot, which is supposed to take you into an Acer menu to allow you to start it outside Windows, but this combination of keys doesn't seem to work. Will keep trying and keep you updated.

I'm still having this problem. If I do it from Windows, I get the blue screen. I can only do it from bootup by using the factory disks.

I am frequently getting the the blue screen on bootup now, and after auto restart it takes me into Startup Repair. I have to do this a few times before I can actually get past the blue screen and into Windows. I don't know if this is a memory problem or related to the virus. On getting into Windows the following pop box appears:

Windows has recovered from an unexpected shutdown

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: be
BCP1: 81B278E0
BCP2: 01B27161
BCP3: 80599BFC
BCP4: 0000000B
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini062811-01.dmp
C:\Users\Andrew\AppData\Local\Temp\WER-419190-0.sysdata.xml
C:\Users\Andrew\AppData\Local\Temp\WER253B.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

I ran eset again (I haven't been able to load any security websites again until tonight) and curiously I now have only 1000 infected files instead of the 5000 I mentioned earlier. I have a log file. It's too long to paste in here. You mentioned an email address earlier - would it be OK for me to email it? The first instances of infected files in the log are all in the Acer eRecovery Management folder - a sign that the factory disks could be infected?

I ran Windows malicious software recovery again and did a quick scan only. I found 6 threats which I removed. I then ran it again and found another 6 threats which I removed.

 

[johnb35]

I would say your recovery cd's are infected then. I would call up acer and have them send you new recovery cd's.

 

[cello]

System Restore

OK, so I had the same virus this very evening, out of nowhere. Here's what it did (but there seems to be no doubt it's the same) :

-- It hid the contents of my C:. Not the other partitions, just C.
-- Emptied the Config Panel, and the Desktop (except for the IE icon)
-- Crippled IE, replacing the pages, 99% of the time, by spam
-- DEACTIVATED both my AV and all my anti-spywares (and made it impossible to start any of them again)
-- prevented any further installation of any type of program ("Setup denied access" or something)
-- Bombarded me with the same stupid messages which other users have reported
-- SAFE MODE was totally useless, because crippled as well (the first time I've seen that) : none of my AV programs worked, and IE in Networking was as hijacked as in Normal Mode
-- the virus messed up the "System Restore" option you get when you boot with F8 : S-R seemed to work but booted the computer in less than 30 seconds with no change
-- And the virus slowed down my comp tremendously during anything I tried to do.


But I killed this little s*** eventually, without reinstalling Windows (actually I couldn't... my DVD drive is dead.) : a REAL System Restore was enough. I had to find how to get to it, though, since the Control Panel was blank.

There was actually a few links to it in the "Windows Help" menu, which still worked. You can probably find a way to get to them in "Normal Mode", but as it happened I did it in "Safe Mode". So :

-- Restart you computer, and press F8 until you get the boot choices, choose "Safe Mode"

-- Go make yourself a cup of coffee

-- When "Safe Mode" is finally ready, a "Help menu" is already opened on the right side of the desktop (entitled "What is Safe Mode ?"). In there, you'll easily find "System Restore" in a few clicks (check out the "tools" section, if memory serves ; no keyword search required, just click your way through the main menu, you'll quickly find SR.)

I chose my Restore Point : it took forever (about 20 mns !!!) to restore my settings, so long that I thought my computer had frozen, but it worked.

Right now I'm having Avast (Malwarebytes and Ad-Aware are next) scanning C: ; it's been an hour, and it's still finding traces of the Trojan. But in the meantime, my computer works perfectly.

If I'm repeating here what may have been said before on this thread, 'm sorry . I didn't read most of the other posts.

 

[djbulgogi]

Hi Johnb35,

I successfully eliminated the virus with your help (I was around pages 2-5 of this thread).

My laptop however has become drastically slower and almost every operation is bogged down (rebooting takes about 3 -4 minutes). This is a new machine I bought 3.5 months ago as well so it should not be performing this poorly.

Will posting logs help you discover possible problems? Which logs do you want me to post if so, let me know and thanks!