Wifes AOL/AIM Email Hacked?

[MSM0075]

A few weeks ago my wife mentioned to me that people were writing her back saying 'why are you sending me links to viagra sites' shes like huh? so she checks her outbox and sure enough those links were sent to everyone on her contact list. Its happend multipule times. She just changed all her passwords for all her internet accounts. Havn't noticed anything else suspisious... I scaned for virus' with Norton and came up with nothing but 13 'Tracking Cookies'....

What else should I do? Why do you think this happend?

 

[deanj20]

Someone got her password. I believe bots can try to brute-force their way into email accounts. If you have a weak password, it will likely be cracked.

I use a simple substitution cipher for common words to create strong (or at least "stronger") passwords:

A=4
B=8
C=<
D=D OR C|
E=3
F=F OR |=
G=6
H=H OR |-|
I=1 OR !
J=J
K=K OR |<
L=1 OR |
M=M OR |\/|
N=N OR |\|
O=0
P=P
Q=2
R=R
S=5 OR $ or z
T=T
U=U OR |_|
V=V OR \/
W=W OR \/\/
X=X OR ><
Y=Y OR '/
Z=Z OR 2

So some random word like 'sombrero' become '$0m8r3r0' and 'pickles' becomes 'p!<|<13z'. I started using this method nine years ago, and I'm yet to have a password cracked.

Here's a cool free site to check your password strength: http://www.passwordmeter.com/
see how your measures up (my examples above get 62% and 90% respectively)

Hope that helps.

 

[johnb35]

Just because you have nortons installed doesn't mean you are clean from infections. I suggest you perform the following procedure.

Please download Malwarebytes' Anti-Malware from here, here, here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If you continue to experience problems after doing this, please post a HijackThis log by doing the following:

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

Either you are infected or someone has cracked the passord for her account and is sending the email.

 

[MSM0075]

Please download Malwarebytes' Anti-Malware

I have downloaded installed, updated, and ran last night. Did not find anything.

I did scan with BitDefender and found over 90 files infected, like music and some console emulators...??

 

[johnb35]

Then most likely you still have some hidden infections. Please do the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

 

[MSM0075]

Malwarebytes' Anti-Malware 1.44
Database version: 3907
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/23/2010 10:27:16 PM
mbam-log-2010-03-23 (22-27-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 158501
Time elapsed: 1 hour(s), 1 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[MSM0075]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:17 PM, on 3/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250197055730
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6041 bytes



I Scaned ONLY, No actions taken.

 

[MSM0075]

And for ComboFix...

ComboFix 10-03-24.02 - Nicole 03/24/2010 23:19:19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.246 [GMT -4:00]
Running from: c:\documents and settings\Nicole\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((( Files Created from 2010-02-25 to 2010-03-25 )))))))))))))))))))))))))))))))
.

2010-03-25 03:04 . 2010-03-25 03:04 -------- d-----w- c:\program files\Trend Micro
2010-03-25 03:03 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-25 03:03 . 2010-03-25 03:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-25 03:03 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 02:53 . 2010-03-25 02:53 -------- d-----w- c:\windows\LastGood
2010-03-25 02:41 . 2010-03-25 02:41 -------- d-----w- c:\program files\MSXML 4.0
2010-03-25 02:21 . 2010-03-25 02:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-25 02:17 . 2010-03-25 02:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-25 02:03 . 2010-03-25 02:03 0 ----a-w- c:\windows\system32\wsbl.dat
2010-03-24 02:42 . 2010-03-25 02:34 -------- d-----w- c:\program files\BitDefender
2010-03-24 02:31 . 2010-03-24 02:31 -------- d-----w- c:\windows\BDOSCAN8
2010-03-24 01:22 . 2010-03-24 01:22 -------- d-----w- c:\documents and settings\Nicole\Application Data\Malwarebytes
2010-03-24 01:21 . 2010-03-24 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-14 20:24 . 2010-03-25 02:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-14 20:23 . 2010-03-14 20:23 -------- d-----w- c:\program files\Windows Sidebar
2010-03-14 20:23 . 2010-03-25 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-14 20:23 . 2010-03-14 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-11 10:11 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-25 02:34 . 2009-09-07 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-03-25 02:34 . 2009-09-07 01:27 -------- d-----w- c:\program files\Common Files\BitDefender
2010-02-09 22:57 . 2008-08-17 20:55 -------- d-----w- c:\program files\Java
2010-02-09 22:54 . 2010-02-09 22:54 152576 ----a-w- c:\documents and settings\Nicole\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-09 22:54 . 2008-08-31 12:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-09 22:53 . 2009-11-28 02:54 79488 ----a-w- c:\documents and settings\Nicole\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-09 22:25 . 2009-09-07 01:36 81984 ----a-w- c:\windows\system32\bdod.bin
2010-02-09 22:24 . 2008-08-17 01:51 -------- d-----w- c:\program files\Common Files\AOL
2010-02-09 22:23 . 2008-08-16 22:50 -------- d-----w- c:\program files\ACD Systems
2009-12-31 16:50 . 2006-02-28 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-04 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/16/2008 9:51 PM 24652]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [8/15/2008 7:59 PM 222720]
S3 PCX500MP;Cisco 350 Series Lower Device Filter;c:\windows\system32\drivers\pcx500mp.sys [8/5/2002 2:46 PM 4990]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 23:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2564)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-24 23:28:41
ComboFix-quarantined-files.txt 2010-03-25 03:28

Pre-Run: 22,042,107,904 bytes free
Post-Run: 22,414,639,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AFECBAE0FCB67775A1858901C4BEDBFF

It said I had Norton running....but I removed it and rebooted ealier...
Also program had me install Windows Recovery Console....

 

[johnb35]

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

FILE::
c:\windows\system32\wsbl.dat
c:\windows\system32\bdod.bin

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

 

[MSM0075]

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

FILE::
c:\windows\system32\wsbl.dat
c:\windows\system32\bdod.bin

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

What does this do?

 

[MSM0075]

Made new Text doc.
Draged to ComboFix
Combofix wanted to update, updated, closed combofix, reopend with txt...(incase reloaded without txt attatched)

Deleting Files:
c:\windows\system32\bdod.bin
c:\windows\system32\wsbl.dat

Prepairing Log Report.....

 

[MSM0075]

ComboFix 10-03-25.04 - Nicole 03/25/2010 20:02:57.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.263 [GMT -4:00]
Running from: c:\documents and settings\Nicole\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nicole\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FILE ::
"c:\windows\system32\bdod.bin"
"c:\windows\system32\wsbl.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bdod.bin
c:\windows\system32\wsbl.dat

.
((((((((((((((((((((((((( Files Created from 2010-02-26 to 2010-03-26 )))))))))))))))))))))))))))))))
.

2010-03-25 03:04 . 2010-03-25 03:04 -------- d-----w- c:\program files\Trend Micro
2010-03-25 03:03 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-25 03:03 . 2010-03-25 03:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-25 03:03 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 02:41 . 2010-03-25 02:41 -------- d-----w- c:\program files\MSXML 4.0
2010-03-25 02:21 . 2010-03-25 02:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-25 02:17 . 2010-03-25 02:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-25 02:03 . 2010-03-25 02:03 0 ----a-w- c:\windows\system32\phar_unmip.dat
2010-03-24 02:42 . 2010-03-25 02:34 -------- d-----w- c:\program files\BitDefender
2010-03-24 02:31 . 2010-03-24 02:31 -------- d-----w- c:\windows\BDOSCAN8
2010-03-24 01:22 . 2010-03-24 01:22 -------- d-----w- c:\documents and settings\Nicole\Application Data\Malwarebytes
2010-03-24 01:21 . 2010-03-24 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-14 20:24 . 2010-03-25 02:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-14 20:23 . 2010-03-14 20:23 -------- d-----w- c:\program files\Windows Sidebar
2010-03-14 20:23 . 2010-03-25 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-14 20:23 . 2010-03-14 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-11 10:11 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-25 02:34 . 2009-09-07 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-03-25 02:34 . 2009-09-07 01:27 -------- d-----w- c:\program files\Common Files\BitDefender
2010-02-09 22:57 . 2008-08-17 20:55 -------- d-----w- c:\program files\Java
2010-02-09 22:54 . 2010-02-09 22:54 152576 ----a-w- c:\documents and settings\Nicole\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-09 22:54 . 2008-08-31 12:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-09 22:53 . 2009-11-28 02:54 79488 ----a-w- c:\documents and settings\Nicole\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-09 22:24 . 2008-08-17 01:51 -------- d-----w- c:\program files\Common Files\AOL
2010-02-09 22:23 . 2008-08-16 22:50 -------- d-----w- c:\program files\ACD Systems
2009-12-31 16:50 . 2006-02-28 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-25_03.25.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-25 23:57 . 2010-03-25 23:57 16384 c:\windows\Temp\Perflib_Perfdata_118.dat
+ 2010-03-25 10:26 . 2010-03-25 10:26 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\40b120f2dfe24d822d37e5a7c29c5695\WindowsLiveWriter.ni.exe
+ 2010-03-25 10:27 . 2010-03-25 10:27 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e0ad81c6d71b369410d1f9a3eb9b41ec\WindowsLive.Writer.Api.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\87a11190cb0c9ecfd20b607bff6690fb\System.Windows.Presentation.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\6a6a72d2ee8849a5ad7a80af36563ed5\System.Web.DynamicData.Design.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\1c25e1eb925bf9c0b526ead78e3e1abc\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\96443722953c690747a82d31bd1c549f\System.AddIn.Contract.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\6c4bf544cfa75f913df49142acab1b7c\Microsoft.Vsa.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\40575d1feefd37cdfd213fc51f26a194\Microsoft.VisualC.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f557a86223e3622629cce620e5d5615c\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e8004f4d8ec8a1bd131d10826939c3d4\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e7c09f2f6031744dbf8c87c9e482fac7\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d91557a8d7da1b1377ff12bf695d2977\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d7e3f822df90750bbbd5397ea0829cf6\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 16384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d531e1ad1f8278ede189614618978ee3\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 18432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bcebf038559d2b61a953caa6efb335ac\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ba5cb8e68159a50a1aee54dd0a632c70\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b3842fe4b155ccb8ad47b7caa05c4efb\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 30720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b19d9c792c910a6839c6822d9a5c9a5b\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 16384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b1132beff74f67ef0f971de2c93ccc13\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ab724083569ad4df4366e22a63b3cac0\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 32768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a7ac84e0437ddc69da3a3c7217443bb1\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 16896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a59e1585973c1bd445f50faf1f1da607\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a347a3aeed43e8c79ff0d1c6f1274c77\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 33280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\98654704b6ee75d176a2b7c615daa842\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 16896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\925dda0ce843a83384437e362ea376c9\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 16896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\91d1bc8f07a1249c54e2a8be8fd0bd00\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8c02349f1eddb48ec8c45f4d1e3fa457\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\80eca55dd9d1ae96594685b7f98616b4\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 28672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7e257052484fc73e496c94d6faad8ef8\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\71e8e8835fd50399055c7b5716a96081\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6e89046881efddc52c4bea4ced1e8b16\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\65a30ad9fcd0f5ab2632e792aa553ad8\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 20992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5e8c72ed9c23ad6a556bd5b1ceda7eac\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5d99fbbefe8c7cb89d220c92a3f3c97e\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 33792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\563aeda031c8c73dfdeeee258d4e53bd\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\51c11a1c28aea32c39d24c10e2c4ae73\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 35840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4ea3d0dd77c25ae3d6f5d7531fec135b\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4ac467ec4aacc9f357bf9dbf0461389f\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\45330074194c2ce3f788e26d85d3a580\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\39a00c2b298cdb91e233d03769fba0f7\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\347c32079ed04f5cd475bc1854ec50b7\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 45568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\33cef4305c2ab1762004af88efff77f8\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 28672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2f402df8b47ae125c06a4c81f5f2c0ac\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 37376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2d3b9f2b161b0ad1157ac115412d7ca7\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\287f4976b4ea35f373f696121d24027a\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\185284868454771aec8c5c4874d4dacb\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\173d2d4d9ea9b8b6a2e8dd9cd632ac30\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 30720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\158a2580ced9f9a3fee754396e54f020\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 16384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\13d02cb87a472ae281e095ec9c715120\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 16384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\07aef82c3d4b06be126d58af4a9a8125\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0663de6addbe6cd7497f2f4c34b0cd29\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 35840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0372e727bfa18a36be641facccc3ce5e\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\5754fc85021b2f65836ba422521631eb\Microsoft.Build.Framework.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0cb37ad30660eed74e9f8e28640c019f\Microsoft.Build.Framework.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\36bb2dd711974ad0bce057d2bc9c4592\dfsvc.ni.exe
+ 2010-03-25 10:26 . 2010-03-25 10:26 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\16548a271b624211b7d1bd2956faed85\Accessibility.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\76212f0eaf908ddc457b7c09fdc00013\WsatConfig.ni.exe
+ 2010-03-25 10:27 . 2010-03-25 10:27 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\3cfe764685cef4c5ab857aa41e78ce59\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fe1ffbb405ceca8bf8054f4f8a3f3015\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f0ac3d4fa5f5d738469ff03154b6712d\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e2d1e32ebd0bc082dcbf9ad9aeae6bad\WindowsLive.Writer.Interop.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dab3e1ce648159e22453ed7d574e3ac1\WindowsLive.Writer.SpellChecker.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\da6977b17f481a0ae26705a557575c50\WindowsLive.Writer.BrowserControl.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c6757002b491fee891b35ecf40f51e5e\WindowsLive.Writer.Instrumentation.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b86a82999631a9993a3ec4a479f8418f\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9d40ea1d3d43429d87c047959129d147\WindowsLive.Writer.Mshtml.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\81962c0712122cdc2c23b5a15231da67\WindowsLive.Writer.Passport.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5c2557658b86506c4195beac62b3b868\WindowsLive.Writer.Extensibility.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5a43924b260badd98136b2ad8e9c1220\WindowsLive.Writer.Localization.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4e6c1c5d9aa959320cc2164dfd9dbcfb\WindowsLive.Writer.FileDestinations.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\407475589a5d7c8be074a67e56e8a5ea\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3fd4c2a54fc9301191058755ae5b918b\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2524e4503991a55cdf0b2624d3ef9946\WindowsLive.Writer.Controls.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 145920

 

[MSM0075]

c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\cd1079f4cde453ac6b1a72a488688aec\WindowsLive.Client.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\43dff2d60cc1e2d83207d115d6ebd5da\System.Xml.Linq.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bbbbee6aee8efc2a3fe36297df61558c\System.Web.Routing.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\4918daec30cc88a92e9089d6e6ddf65b\System.Web.RegularExpressions.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1abbdbd4a1de53b702bae22e4714b95d\System.Web.Extensions.Design.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\adaa9f715be2debd2b11674077f3afda\System.Web.Entity.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\23a843aedd80a0f43e0baa1986bcd83f\System.Web.Entity.Design.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a68617197d12be5a9a8bb91b4e7873ec\System.Web.DynamicData.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\8ff474534be27f40db5c17fee04a9fe7\System.Web.Abstractions.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9aa6ef5e5d40a8b8fb2850ee4a3e7bb3\System.Transactions.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b74d61184e254ac814bb3ceae5cc1095\System.ServiceProcess.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3ef9383bddd7283406d0ba7303f38e46\System.Security.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\aab1f5149537a106a50b1508d9b18eb5\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bb055968cb987dffa2f558cc5a2713f7\System.Runtime.Remoting.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\90e7b21b6f94a25cb4470ac854999479\System.Net.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\d7ad7924159136fb7e13cfdf3d01cf21\System.Management.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\7081191709ba39f5b18f2f52f61c6aab\System.Management.Instrumentation.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 181248 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\fafc03597676e65dfb8f4697ac647c62\System.Management.Automation.resources.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 188928 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\f32313a8dec56494438c80f5d54305f6\System.Management.Automation.resources.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 169984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\ea77ee92b00cbefb83da28fce1b67019\System.Management.Automation.resources.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 169472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\ddc0417f8addef49288190f918af1dac\System.Management.Automation.resources.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 154624 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\c6e875d1a64aea766fbdd75037851222\System.Management.Automation.resources.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 154112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\c5de04699aa38a2dabea09019dea086d\System.Management.Automation.resources.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 177664 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\892b5420690274f0e84073f1e52428bf\System.Management.Automation.resources.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 221184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\84b0a0d2a43a3e3d7a530b46bb49bdee\System.Management.Automation.resources.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\646fab05d237a943021a9ceaa6c32c7b\System.Management.Automation.resources.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 172544 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\0d8ad65fa89646d47bfc0fd29a015f6e\System.Management.Automation.resources.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\09c54e2aad75149a41492bd38567ae26\System.Management.Automation.resources.ni.dll
+ 2010-03-25 10:25 . 2010-03-25 10:25 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\c88bdc0770617f2bec70e82b2877712e\System.IO.Log.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\9830b36108b5acc8bfecd4b523ae6422\System.IdentityModel.Selectors.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\34bd8d1c5589efe26dfd69cfef05888c\System.EnterpriseServices.Wrapper.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\34bd8d1c5589efe26dfd69cfef05888c\System.EnterpriseServices.ni.dll
+ 2010-03-25 10:28 . 2010-03-25 10:28 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2e171d3863d31c9760be4a76d7a41842\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\26c2dd48768ead8ab6981c502c33a16b\System.DirectoryServices.Protocols.ni.dll
+ 2010-03-25 10:28 . 2010-03-25 10:28 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a157c98a0bd61c92cc324ccb085c0c2f\System.Data.Services.Client.ni.dll
+ 2010-03-25 10:28 . 2010-03-25 10:28 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\43ebb69f9f13b4d50877a718fe7e2fec\System.Data.Services.Design.ni.dll
+ 2010-03-25 10:28 . 2010-03-25 10:28 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\6f40c0b03a35585ad314a0459ebd3721\System.Data.Entity.Design.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\67b8b52a93087400d9c8efa36d28ba0f\System.Data.DataSetExtensions.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\33f46842f1687b027c3471ca1ba6e929\System.Configuration.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\d5f4012b6c896418365813c53c5e46ce\System.Configuration.Install.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\338d4c7d84af692ae64bdee6e66bd04a\System.AddIn.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\57b773ae9a151b61e0d669e8bbc64275\SMSvcHost.ni.exe
+ 2010-03-25 10:26 . 2010-03-25 10:26 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\c047fb6624ebfd95bdbc916e0068e6e9\SMDiagnostics.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\ce9e424d230401a889211771dec6b896\ServiceModelReg.ni.exe
+ 2010-03-25 10:27 . 2010-03-25 10:27 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\9f2d92e6bde466705c09e3ecf53878a5\MSBuild.ni.exe
+ 2010-03-25 10:25 . 2010-03-25 10:25 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\49805534376724ae137ff41cda393d19\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9e64552e502e83ea9f36a635da673f2a\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7a87e180c6853689a6962cfabf5a4a22\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\263801f28bdfc6390257bfd325c791d4\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0b22303173840a037788ee88b4f664cc\Microsoft.PowerShell.Security.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\caf2207b404aa5bcb77833e3302fc5b6\Microsoft.Build.Utilities.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\74290c786353b8f4341550847169adb1\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ecad09aa540d7011ff615077bba756c9\Microsoft.Build.Engine.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d326c3841b68b469dc70eab552dc0764\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\7966bb0eeae06d6e0a0999f7e57945c3\CustomMarshalers.ni.dll
+ 2010-03-25 10:25 . 2010-03-25 10:25 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\aa863a2ee18166e2c56f9b310352b160\ComSvcConfig.ni.exe
+ 2010-03-25 10:26 . 2010-03-25 10:26 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\ab21507db0a8b7a8b8bd86f468bed2d4\AspNetMMCExt.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bb29db714cd9e02fc81c2c4c9e8f02bc\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\94955e7aa3de2831287efe8332434242\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\93ea9de52afb1bcc60d26c6581b7a59f\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ad2b413a977164493c9498e6eea9836a\System.WorkflowServices.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\56f5b5b7fbb513b20a8c42d6ede20716\System.Workflow.Runtime.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\4428b243d69bdd25c325fcf5a4d9f1eb\System.Workflow.ComponentModel.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\1133d8b77e7e94edc069d95e93eb0531\System.Workflow.Activities.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\affca324d68452f7827a9be5e355e445\System.Web.Services.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\dec2660e1581be57dacf9c6104e8d252\System.Web.Mobile.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\9c987fc21a6763c2bd5b1f7ec5b5b153\System.Web.Extensions.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9195677eb52d4545a918a70636cacaac\System.ServiceModel.Web.ni.dll
+ 2010-03-25 10:25 . 2010-03-25 10:25 2344960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0f1d3fc0f9bd72295c053a66090472e1\System.Runtime.Serialization.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\a61c36c0207c5c67294c2e53fb3f55c7\System.Management.Automation.ni.dll
+ 2010-03-25 10:25 . 2010-03-25 10:25 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3b589e5c7262c5564668e893ed5fa347\System.IdentityModel.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\3102dd31a0e81701ab4c3e3627210885\System.DirectoryServices.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\299b46ce8a9cd708aad0b34a6817c3c9\System.Deployment.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0f4ca76e1a55a8b10a169e26fb5ae852\System.Data.SqlXml.ni.dll
+ 2010-03-25 10:28 . 2010-03-25 10:28 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\6d3af39f54f52966f62c89d88ea2d106\System.Data.Services.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\d97e96e4d4075c86d51ff133fd0dbd1c\System.Data.OracleClient.ni.dll
+ 2010-03-25 10:28 . 2010-03-25 10:28 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\f0ffa7c1091f11d9b3442926e44f2756\System.Data.Entity.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\16fc2faef3984a77e7ee02cafd94c5f4\Microsoft.VisualBasic.ni.dll
+ 2010-03-25 10:25 . 2010-03-25 10:25 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\01bf250452829c199bdc583e3e007685\Microsoft.Transactions.Bridge.ni.dll
+ 2010-03-25 10:29 . 2010-03-25 10:29 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\1d4ab5c6748b01243403b915fb76e068\Microsoft.JScript.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e5581e288bb26364dc6d4987251dfdf5\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\19627bc5e3955d69e007b4c4f49489db\Microsoft.Build.Tasks.ni.dll
+ 2010-03-25 10:27 . 2010-03-25 10:27 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e25766aa55cbe4b36e3c6b1a498beb0d\Microsoft.Build.Engine.ni.dll
+ 2010-03-25 10:26 . 2010-03-25 10:26 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3d959bc1e5bef926783107fd981701b6\System.Web.ni.dll
+ 2010-03-25 10:25 . 2010-03-25 10:25 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\737db428238916034602919cb948166c\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-04 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/16/2008 9:51 PM 24652]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [8/15/2008 7:59 PM 222720]
S3 PCX500MP;Cisco 350 Series Lower Device Filter;c:\windows\system32\drivers\pcx500mp.sys [8/5/2002 2:46 PM 4990]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 20:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-25 20:11:58
ComboFix-quarantined-files.txt 2010-03-26 00:11
ComboFix2.txt 2010-03-25 03:28

Pre-Run: 22,288,273,408 bytes free
Post-Run: 22,245,429,248 bytes free

- - End Of File - - CBEB9018565D1403F66428554248469E

 

[johnb35]

What I had you do was delete some files that combofix couldn't delete. Your system is now clean from malware. I did notice however that there is no antivirus program installed on the system, you need one. Running a computer without virus protection is just asking for problems. The only other thing I see is that viewpoint is installed. Please go into add/remove progams and uninstall anything that viewpoint in it, such as viewpoint manager, viewpoint media player, viewpoint service.

 

[MSM0075]

What I had you do was delete some files that combofix couldn't delete. Your system is now clean from malware. I did notice however that there is no antivirus program installed on the system, you need one. Running a computer without virus protection is just asking for problems. The only other thing I see is that viewpoint is installed. Please go into add/remove progams and uninstall anything that viewpoint in it, such as viewpoint manager, viewpoint media player, viewpoint service.

Where can I learn more details about the steps we just took so I know what to do in case this happens again.

What antivirus software do you recommend? You've given me great advice.

What is Viewpoint, and why is it bad?

 

[johnb35]

Viewpoint software is called foistware, not malware and usually installed with other programs, which AOL is one of them. It's never needed on a system so why have it.

As far as antivirus goes, you can use any one of the 4 major free programs that people like to use.

AVG
AVIRA
AVAST
Microsoft Security Essentials

Look in this link here to actually see what other programs are available, just click on the program to go to the website.

http://www.computerforum.com/166728-list-security-programs-use.html

 

[MSM0075]

Awesome!

And how would I look into the details on the instructions you've given me? So I can understand more on how it works and what to look for?

 

[MSM0075]

I'm installing Microsoft Security Essentails on all my machines. I Imagine that its a decent program? Should I have anything else installed?

 

[johnb35]

I would install Malwarebytes Antimalware as a backup. If you really want to know more about how to deal with infections/viruses then you would need to visit some websites that offer bootcamp to teach you how to use programs to remove the infections.

Visit this post to get the links to some.

http://www.computerforum.com/853855-post10.html

 

[MSM0075]

I would install Malwarebytes Antimalware as a backup. If you really want to know more about how to deal with infections/viruses then you would need to visit some websites that offer bootcamp to teach you how to use programs to remove the infections.

Visit this post to get the links to some.

http://www.computerforum.com/853855-post10.html

Your the man! Thank you so much for your help!

I will Have the three programs installed on each system along with MSE