Inactive Firefox redirects / Pup.bitminer/kwrd.dll virus found

Status
Not open for further replies.
M

MW3Killer

Posts: 36   +0
Hello, I have been using Malwarebytes it detects pup.bitminer virus says it removes it but I re-run Malwarebytes and it still finds it and Firefox continues to redirect, please help. Here is a log file of combofix just ran 2 minutes ago thank you.

I broke it up into two pieces as suggested on another related post.

please help...thank you
MW3
 
ComboFix 11-12-27.01 - BlackOps 12/27/2011 8:19.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1741 [GMT -7:00]
Running from: c:\users\BlackOps\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))
.
.
2011-12-27 15:29 . 2011-12-27 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-19 17:08 . 2011-12-22 14:32 -------- d-----w- c:\windows\system32\SPReview
2011-12-19 17:07 . 2011-12-19 17:07 -------- d-----w- c:\windows\system32\EventProviders
2011-12-16 01:05 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2011-12-14 22:38 . 2011-11-05 05:37 451072 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-12-14 22:38 . 2011-11-05 04:30 163328 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2011-12-14 22:38 . 2011-11-05 03:32 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 22:38 . 2011-11-05 02:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-14 22:35 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 22:30 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 22:30 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 22:30 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 22:30 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 22:30 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-13 16:31 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5517AED4-C9B0-422F-B7F5-A05E09ECF769}\mpengine.dll
2011-12-02 21:13 . 2011-12-02 21:13 -------- d-----w- c:\users\BlackOps\AppData\Local\Logitech® Webcam Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 17:25 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-19 17:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-03 16:12 . 2009-08-18 19:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-12-03 16:12 . 2009-08-18 18:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-29 16:29 . 2011-11-09 19:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-23 01:53 . 2011-09-23 01:53 1732809 ----a-w- c:\program files\cdm20814_setup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-21_03.57.32 )))))))))))))))))))))))))))))))))))))))))

Edit: Lengthy SnapShot entries have been reviewed and deleted by Bobbye..
 
Edit: Lengthy SnapShot entries reviewed and deleted by Bobbye.

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"cdloader"="c:\users\BlackOps\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-23 563760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1068227813-752040018-3191100409-1000Core.job
- c:\users\BlackOps\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 20:43]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1068227813-752040018-3191100409-1000UA.job
- c:\users\BlackOps\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 20:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\BlackOps\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\BlackOps\AppData\Roaming\Mozilla\Firefox\Profiles\hm20z9j9.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-27 08:31:40
ComboFix-quarantined-files.txt 2011-12-27 15:31
ComboFix2.txt 2011-12-21 04:04
.
Pre-Run: 137,100,533,760 bytes free
Post-Run: 136,721,268,736 bytes free
.
- - End Of File - - 7CC94EDA7EF0E8427CFDCFE52BBE4254
 
Is there some reason why you didn't follow the directions in the preliminary thread?
Did you miss the sticky about not running Combofix unless instructed to do so by your helper.?

You mentioned being a 'low level techie' wanting to help- if you want to get to a higher 'level' then you need to follow directions. This is vital in malware cleaning- so let's start over:
-------------------------
Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
--------------------------
Since you ran Combofix, I am going to set up some script to remove some entries. Please do not use any other cleaning or scanning tools unless I direct you to do so.
Note: After I review the SnapShot section in Combofix, I will be deleting the entries.
===================================
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
=====================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
Hello, I didn't follow because I didn't see the sticky. I jumped directly to where I saw the Malware virus section and was just reading the same types of problems and assumed I would save a step. Yes as mentioned I am a low level guy so I'm sorry if I am anxious to help further/speed the process as I know this can cause bigger problems for my system.
 
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122703

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/27/2011 10:59:33 AM
mbam-log-2011-12-27 (10-59-33).txt

Scan type: Quick scan
Objects scanned: 179642
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Hello,

Step #3: I can not turn off windows firewall, it says Im not using the recommended settings it does not allow me to turn off or on. It does not show the proper window to click on the "off/on", when I click on anything it says error. I am in administrator mode.

??????
 
You don't need to disable the Windows Firewall. It is referring more toward a 3rd party firewall such as Comodo or Zone Alarm
 
Hi,

So it ran on start up, and created a blank log "nothing to copy and paste".

I clicked scan and after the scan it said there were no changes to the system and did not create a log file.

Do I proceed to the next step?

In the Gmer tab "processes" I see a program running EKIJ5000MUI.EXE and RtknGUI64.exe running they look abnormal to me just saying.

thank you
 
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by BlackOps at 17:33:47 on 2011-12-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1534 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [cdloader] "C:\Users\BlackOps\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to MP3 Converter - C:\Users\BlackOps\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7B3B2FC5-9B1B-44F3-A8FE-287D5EE8EBB5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7B3B2FC5-9B1B-44F3-A8FE-287D5EE8EBB5}\23138343530716971303D6F6E64786C697572796E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7B3B2FC5-9B1B-44F3-A8FE-287D5EE8EBB5}\84F43505944514C4D27455543545 : DhcpNameServer = 10.202.0.6
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BlackOps\AppData\Roaming\Mozilla\Firefox\Profiles\hm20z9j9.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\BlackOps\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-7-8 98208]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-6-25 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-1-22 563760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-12-21 03:13:19 98816 ----a-w- C:\Windows\sed.exe
2011-12-21 03:13:19 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-21 03:13:19 256000 ----a-w- C:\Windows\PEV.exe
2011-12-21 03:13:19 208896 ----a-w- C:\Windows\MBR.exe
2011-12-19 17:08:58 -------- d-----w- C:\Windows\System32\SPReview
2011-12-19 17:07:17 -------- d-----w- C:\Windows\System32\EventProviders
2011-12-16 01:05:55 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-12-14 22:38:59 451072 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2011-12-14 22:38:59 163328 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2011-12-14 22:38:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-14 22:38:58 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 22:35:31 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-14 22:30:27 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-14 22:30:24 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-14 22:30:24 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-14 22:30:12 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 22:30:12 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-13 16:31:07 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5517AED4-C9B0-422F-B7F5-A05E09ECF769}\mpengine.dll
2011-12-02 21:13:40 -------- d-----w- C:\Users\BlackOps\AppData\Local\Logitech® Webcam Software
.
==================== Find3M ====================
.
2011-12-19 17:25:12 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-12-19 17:25:12 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-23 01:53:59 1732809 ----a-w- C:\Program Files\cdm20814_setup.exe
.
============= FINISH: 17:34:20.96 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/26/2010 3:36:02 PM
System Uptime: 12/27/2011 3:01:43 AM (14 hours ago)
.
Motherboard: Hewlett-Packard | | 1605
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 216 GiB total, 127.643 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 2.325 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP283: 12/19/2011 10:08:48 AM - Windows 7 Service Pack 1
RP284: 12/21/2011 7:08:11 AM - Windows Update
RP285: 12/22/2011 7:12:45 AM - Restore Operation
RP286: 12/27/2011 8:18:37 AM - ComboFix created restore point
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Dreamweaver CS5.5
Adobe Fireworks CS5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator CS5.1
Adobe Media Player
Adobe Reader 9.4.6 MUI
Adobe Shockwave Player 11.5
Adobe Widget Browser
Apple Application Support
Audacity 1.3.12
AVS Image Converter 2.1.1.168
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Build-a-lot 2
CameraHelperMsi
Chuzzle Deluxe
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conduit Engine
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Energy Star Digital Logo
erLT
Escape Rosecliff Island
ESU for Microsoft Windows 7
FATE
Final Drive Nitro
Free Audio CD Burner version 1.4.7
Free YouTube to MP3 Converter version 3.10.11.923
GM Service Manual v05
Google Chrome
Heroes of Hellas 2 - Olympia
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
ImgBurn
Inkscape 0.48.2
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 26
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LAME v3.98.3 for Audacity
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
magicJack
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon File Uploader 2
Nikon Message Center 2
PDF Settings CS5
Penguins!
PhotoNow!
Picture Control Utility
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Recovery Manager
Roxio CinemaNow 2.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
SignBlazer Elements for USCutter release 6.0.21
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
uTorrentBar Toolbar
ViewNX 2
Virtual Families
Virtual Villagers - The Secret City
VMware Player
Wheel of Fortune 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Detect
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
12/27/2011 8:29:03 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/27/2011 8:28:25 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/27/2011 5:10:35 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user BlackOps-HP\BlackOps (61) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
12/27/2011 1:08:15 PM, Error: Service Control Manager [7034] - The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).
12/26/2011 2:10:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtVOsdService service.
12/26/2011 1:31:51 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/26/2011 1:31:48 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
12/26/2011 1:31:47 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/26/2011 1:31:46 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/22/2011 8:03:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
12/22/2011 1:02:50 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/22/2011 1:02:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/22/2011 1:02:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/22/2011 1:02:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/22/2011 1:02:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/22/2011 1:02:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/22/2011 1:02:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/22/2011 1:02:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
12/22/2011 1:02:26 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/22/2011 1:02:26 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2011 1:02:26 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2011 1:02:26 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/22/2011 1:02:26 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/22/2011 1:02:26 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2011 1:02:26 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/22/2011 1:02:26 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/22/2011 1:02:26 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2011 1:02:26 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2011 1:02:26 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/22/2011 1:02:26 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
12/20/2011 9:02:49 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/20/2011 8:59:33 PM, Error: Service Control Manager [7000] - The RtVOsdService Installer service failed to start due to the following error: A device attached to the system is not functioning.
12/20/2011 8:59:33 PM, Error: Service Control Manager [7000] - The HP Wireless Assistant Service service failed to start due to the following error: A device attached to the system is not functioning.
12/20/2011 8:59:32 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: A device attached to the system is not functioning.
12/20/2011 7:23:27 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/20/2011 2:17:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
12/20/2011 11:56:46 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/20/2011 11:56:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/20/2011 11:56:46 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 11:56:46 AM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
12/20/2011 11:56:46 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
12/20/2011 11:01:16 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user BlackOps-HP\BlackOps (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
.
==== End Of File ===========================
 
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.28.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
BlackOps :: BLACKOPS-HP [administrator]

12/28/2011 9:11:20 AM
mbam-log-2011-12-28 (09-11-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 428819
Time elapsed: 57 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Hello, although it show's there is no Virus as I am posting this my Firefox wants to redirect to another page, because I "turned on" the notify me before redirecting I know it want's to redirect to a page which will launch the virus.

MW3
 
I know it want's to redirect to a page which will launch the virus.
Click to expand...

Not necessarily. Depending on what the malware is, it may be launched whenever you boot. And while the presence of some malware can 'cause' a redirect, it does not mean that page has the virus.

The fact that Combofix removed c:\windows\system32\java.exe would indicate the presence of a Worm- possibly My Doom.
--------------------------------------------------
Let's see if Eset can pick it up:
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
==========================================
When you have finished, I'd like you to run Combofix again. Update it first. If it gives you an error message that it has expired, do this:
Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
--------------------------------
Then download and run again:
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    ***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=================================
There are some errors in the Event Viewer that should show in Combofix but I'm not seeing them in the scan you ran.

New Holiday Notice! I will not be working on the threads Sat. Dec. 31 or Sunday Jan. 1 I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that.

Please do not send a PM during those days.
 
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.E trojan
C:\System Volume Information\SystemRestore\FRStaging\Windows\assembly\temp\U\80000032.@ probably a variant of Win32/Olmarik.AVQ trojan
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\consrv.dll Win64/Sirefef.E trojan
C:\Windows\assembly\temp\U\80000032.@ probably a variant of Win32/Olmarik.AVQ trojan
 
ComboFix 11-12-30.01 - BlackOps 12/30/2011 13:16:15.3.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1349 [GMT -7:00]
Running from: c:\users\BlackOps\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 20:23 . 2011-12-30 20:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-29 23:43 . 2011-12-29 23:43 -------- d-----w- c:\program files (x86)\ESET
2011-12-19 17:08 . 2011-12-22 14:32 -------- d-----w- c:\windows\system32\SPReview
2011-12-19 17:07 . 2011-12-19 17:07 -------- d-----w- c:\windows\system32\EventProviders
2011-12-16 01:05 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2011-12-14 22:38 . 2011-11-05 05:37 451072 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-12-14 22:38 . 2011-11-05 04:30 163328 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2011-12-14 22:38 . 2011-11-05 03:32 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 22:38 . 2011-11-05 02:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-14 22:35 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 22:30 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 22:30 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 22:30 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 22:30 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 22:30 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-13 16:31 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5517AED4-C9B0-422F-B7F5-A05E09ECF769}\mpengine.dll
2011-12-02 21:13 . 2011-12-02 21:13 -------- d-----w- c:\users\BlackOps\AppData\Local\Logitech® Webcam Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 17:25 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-19 17:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-10 22:24 . 2011-01-18 21:16 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 16:12 . 2009-08-18 19:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-12-03 16:12 . 2009-08-18 18:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-23 01:53 . 2011-09-23 01:53 1732809 ----a-w- c:\program files\cdm20814_setup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"cdloader"="c:\users\BlackOps\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-23 563760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1068227813-752040018-3191100409-1000Core.job
- c:\users\BlackOps\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 20:43]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1068227813-752040018-3191100409-1000UA.job
- c:\users\BlackOps\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 20:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\BlackOps\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\BlackOps\AppData\Roaming\Mozilla\Firefox\Profiles\hm20z9j9.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CF1A69F1-4335-4322-A137-235E3AE36BB0} - c:\program files (x86)\InstallShield Installation Information\{CF1A69F1-4335-4322-A137-235E3AE36BB0}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-30 13:25:32
ComboFix-quarantined-files.txt 2011-12-30 20:25
ComboFix2.txt 2011-12-27 15:31
.
Pre-Run: 141,083,381,760 bytes free
Post-Run: 141,067,665,408 bytes free
.
- - End Of File - - 98D32D1A6D87B8018588816030076D13
 
Only 1 new entry in Eset. But we have removed same previously. We will have to track down the source:
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files 
C:\Windows\assembly\temp\U\80000032.@
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=========================================
It appears that some of the Services are not set up correctly with their dependencies. We will look into that Monday
 
All processes killed
========== FILES ==========
File/Folder C:\Windows\assembly\temp\U\80000032.@ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: BlackOps
->Temp folder emptied: 25718939 bytes
->Temporary Internet Files folder emptied: 22665394 bytes
->Java cache emptied: 63860 bytes
->FireFox cache emptied: 424474970 bytes
->Google Chrome cache emptied: 202896051 bytes
->Flash cache emptied: 161900 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15869729 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 660.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 01022012_121611

Files moved on Reboot...
C:\Users\BlackOps\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM-3869943886\vmware-usbarb-SYSTEM-2000.log moved successfully.

Registry entries deleted on Reboot...
 
An FYI: From OTM> Total Files Cleaned = 660.00 mb! That's a lot of file! Suggest you increase the maintenance of deleting temporary internet files and Cookies, disc cleanup, Error Check and Defrag. The more of these excess files on a system can slow it down and also, possibly expose the system to malware.
===========================================
P2P- 'file sharing' Warning:
I note a lot of processes running for uTorrentBar Toolbarand the Conduit Engine.

Conduit Toolbar controversy
As of late 2010, the release of a new version of the uTorrent client has caused controversy. The installation now includes adware in the form of the Conduit Engine, which installs a toolbar and makes homepage and default search engine changes to the user's browser. While most have had the option to opt-out of this feature, some users have reported that this installation is made without the user's consent, either installing this software and making these changes without notifying the user, or still going ahead after the user has explicitly opted out. In addition, there have been complaints that the software is extremely difficult to remove once installed.

Additionally, the Conduit Engine is now part of every Community Toolbar installation. Conduit Engine replaces the My Stuff feature..The Conduit Platform enables web publishers to create and publish a branded, customized Community Toolbar.

Anything you can put on a website can also be deployed on a Community Toolbar and offered to your users wherever they are on the web, including: applications, content, gadgets, feeds, social media tools, personal account data, games, services, links, and more.
------------------------------
I suggest that you uninstall both uTorrent Toolbar and the Conduit Engine
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers
=====================================.
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
DSS::
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}].
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
===============================================
Please go on to my next reply.
 
I'd like you to check the Service settings and their Dependencies. It looks like they need some tuning up. The best place on the entire internet- IMO- when working with Services is the BLACK VIPER site: http://www.blackviper.com/2010/12/17/black-vipers-windows-7-service-pack-1-service-configurations/

This is a great learning experience. It is time consuming, but if the Services and their Dependencies aren't set correctly, the system won't work right- malware or no malware!

But once they are set correctly, you rarely need to go back and set them again.
 
Hi Bobbye,

After following your steps, it automatically launches combofix it states there is a new version would I like to update?

Wasn't sure because of the drag and drop CFScript..?

Thanks,
MW3
 
ComboFix 11-12-30.01 - BlackOps 01/02/2012 20:12:35.4.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1820 [GMT -7:00]
Running from: c:\users\BlackOps\Desktop\ComboFix.exe
Command switches used :: c:\users\BlackOps\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))
.
.
2012-01-03 03:19 . 2012-01-03 03:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-02 19:16 . 2012-01-02 19:16 -------- d-----w- C:\_OTM
2011-12-29 23:43 . 2011-12-29 23:43 -------- d-----w- c:\program files (x86)\ESET
2011-12-19 17:08 . 2011-12-22 14:32 -------- d-----w- c:\windows\system32\SPReview
2011-12-19 17:07 . 2011-12-19 17:07 -------- d-----w- c:\windows\system32\EventProviders
2011-12-16 01:05 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2011-12-14 22:38 . 2011-11-05 05:37 451072 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-12-14 22:38 . 2011-11-05 04:30 163328 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2011-12-14 22:38 . 2011-11-05 03:32 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 22:38 . 2011-11-05 02:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-14 22:35 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 22:30 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 22:30 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 22:30 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 22:30 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 22:30 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-13 16:31 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5517AED4-C9B0-422F-B7F5-A05E09ECF769}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 17:25 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-19 17:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-10 22:24 . 2011-01-18 21:16 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 16:12 . 2009-08-18 19:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-12-03 16:12 . 2009-08-18 18:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-23 01:53 . 2011-09-23 01:53 1732809 ----a-w- c:\program files\cdm20814_setup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-30_20.23.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-02 19:18 . 2012-01-02 19:18 13354 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-12-28 04:38 . 2011-12-28 04:38 13354 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 05:10 . 2011-12-28 15:20 51210 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-02 19:21 51210 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-26 22:37 . 2012-01-02 19:21 15620 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1068227813-752040018-3191100409-1000_UserData.bin
- 2010-11-27 05:29 . 2011-12-21 14:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-27 05:29 . 2012-01-02 15:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-21 14:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-02 15:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-01-02 19:22 91512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-11-26 22:35 . 2012-01-03 03:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-26 22:35 . 2011-12-30 20:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-26 22:35 . 2011-12-30 20:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-26 22:35 . 2012-01-03 03:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-01 23:31 . 2011-12-25 20:40 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-01-01 23:31 . 2011-12-25 20:42 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2011-10-14 10:05 . 2011-10-14 10:05 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-02 15:41 . 2012-01-02 15:41 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-02 15:41 . 2012-01-02 15:41 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-02 19:06 . 2012-01-02 19:06 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c13d7fb161ed4d7da730a70375b07c9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
+ 2012-01-02 19:19 . 2012-01-02 19:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-28 15:12 . 2011-12-28 15:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-02 19:19 . 2012-01-02 19:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-28 15:12 . 2011-12-28 15:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2011-12-28 15:13 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-02 19:19 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-27 04:12 . 2011-12-31 17:39 251188 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-11-27 00:15 . 2012-01-03 02:07 364056 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-12-28 15:17 627540 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-02 19:24 627540 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-28 15:17 108152 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-02 19:24 108152 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-01-02 19:18 318096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-28 04:38 318096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-26 12:47 . 2011-12-26 12:47 261912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
+ 2012-01-01 23:31 . 2011-12-25 20:40 746256 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2011-12-26 11:39 . 2011-12-26 11:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2012-01-01 23:31 . 2011-12-25 20:42 437520 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-02 15:41 . 2012-01-02 15:41 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-02 15:41 . 2012-01-02 15:41 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-02 15:41 . 2012-01-02 15:41 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-02 15:41 . 2012-01-02 15:41 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-02 15:41 . 2012-01-02 15:41 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-02 19:06 . 2012-01-02 19:06 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f715b47c2f0440ea23a71f1076b0af2b\System.Web.Routing.ni.dll
+ 2012-01-02 19:06 . 2012-01-02 19:06 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d258f45340e6e538a19a56d1165b750f\System.Web.Entity.ni.dll
+ 2012-01-02 19:06 . 2012-01-02 19:06 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\6f6d11e33e2f3f6bddd4c33809340a48\System.Web.Entity.Design.ni.dll
+ 2012-01-02 19:06 . 2012-01-02 19:06 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bca38e802e2b45f80f8fbde2b54ce0a2\System.Web.DynamicData.ni.dll
+ 2012-01-02 19:06 . 2012-01-02 19:06 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\0e411c30fc2caebb55813b8fa0689d42\System.Web.Abstractions.ni.dll
+ 2012-01-02 19:07 . 2012-01-02 19:07 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\2a0ae9220a0e524be9b0cf37cac3ea97\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-01-02 19:07 . 2012-01-02 19:07 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\590ec087241e8debdeec14281553221c\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-01-02 19:07 . 2012-01-02 19:07 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4eaabda367d9db584c20dc37a3e10c32\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-01-02 19:07 . 2012-01-02 19:07 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3b1c52add166f4d0c75749b580d6e6d6\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll
+ 2012-01-02 15:44 . 2012-01-02 15:44 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll
- 2009-07-14 04:54 . 2011-12-28 15:13 3178496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-02 19:19 3178496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-02 19:19 1753088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-28 15:13 1753088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:45 . 2012-01-02 19:22 7100862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-12-21 14:32 7100862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-01-01 23:31 . 2011-12-25 20:40 5263360 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2012-01-01 23:31 . 2011-12-25 20:42 5255168 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
 
bly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-14 10:05 . 2011-10-14 10:05 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-02 15:41 . 2012-01-02 15:41 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-02 15:42 . 2012-01-02 15:42 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-02 15:41 . 2012-01-02 15:41 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-02 15:41 . 2012-01-02 15:41 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-10-14 10:04 . 2011-10-14 10:04 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-12-26 13:24 . 2011-12-26 13:24 8835072 c:\windows\Installer\19d8423e.msp
+ 2012-01-02 19:07 . 2012-01-02 19:07 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\455567dae39910d806447b77ee657a85\System.WorkflowServices.ni.dll
+ 2012-01-02 15:47 . 2012-01-02 15:47 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\45339e741d73e8f1f9393df8163c8c00\System.Workflow.Runtime.ni.dll
+ 2012-01-02 15:46 . 2012-01-02 15:46 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\48ef2f59740ad3d438d0514b335dd334\System.Workflow.ComponentModel.ni.dll
+ 2012-01-02 15:46 . 2012-01-02 15:46 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\7972e04df268430da009e63e90ff4ca9\System.Workflow.Activities.ni.dll
+ 2012-01-02 15:46 . 2012-01-02 15:46 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\8d374a0a9c49f485a7ce6e89ec354b4c\System.Web.Services.ni.dll
+ 2012-01-02 19:07 . 2012-01-02 19:07 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\91ecefc70d74ed44e5139ea2929adbb8\System.Web.Mobile.ni.dll
+ 2012-01-02 19:06 . 2012-01-02 19:06 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\71da5a6d09e12eb94be32935e4a8d5a2\System.Web.Extensions.ni.dll
+ 2012-01-02 19:06 . 2012-01-02 19:06 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2bb91a2edcc92d2bb79007e7d2ddc2ae\System.Web.Extensions.Design.ni.dll
+ 2012-01-02 19:06 . 2012-01-02 19:06 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\3a6ac85c04453976c0f3a7c6a64ec43a\System.ServiceModel.Web.ni.dll
+ 2012-01-02 15:45 . 2012-01-02 15:45 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\d12c2299179cb05591cf08c8712a6495\System.Runtime.Remoting.ni.dll
+ 2012-01-02 16:37 . 2012-01-02 16:37 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\1f90d38a42906a776be313d9720e350d\System.IdentityModel.ni.dll
+ 2012-01-02 19:06 . 2012-01-02 19:06 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\1d2c369d8e2d6f95c99ca90aca273418\System.Data.Services.ni.dll
+ 2012-01-02 19:06 . 2012-01-02 19:06 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7bd7d91dc9abd73f2506bb7a0292373\System.Data.Entity.Design.ni.dll
+ 2012-01-02 19:05 . 2012-01-02 19:05 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\53fcf7f34708a9482d3e4059ce29608c\MIGUIControls.ni.dll
+ 2012-01-02 19:06 . 2012-01-02 19:06 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\486ff8cee09c8c63aa9c60ff4f5feafa\Microsoft.VisualBasic.ni.dll
+ 2012-01-02 19:06 . 2012-01-02 19:06 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b68f19bf3f3d545547d2b680eb54a660\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-02 16:38 . 2012-01-02 16:38 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7e81f50c34dec17b90bfebec5929853a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-02 16:37 . 2012-01-02 16:37 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\65a892a923b49b062bd8fc97254940d3\Microsoft.MediaCenter.ni.dll
+ 2012-01-02 19:06 . 2012-01-02 19:06 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\33fd1381f221898a53253303cb7e5380\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-01-02 19:07 . 2012-01-02 19:07 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\12fd01d72bfb92687b063b77870fc622\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-01-02 19:07 . 2012-01-02 19:07 2018304 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0ce538ce264f7048670ce6003de60dd4\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
+ 2012-01-02 15:45 . 2012-01-02 15:45 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ad68aa9e6fa1ec8005e1f604579a76be\System.Workflow.Runtime.ni.dll
+ 2012-01-02 15:45 . 2012-01-02 15:45 4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\00b0a14ef5cb0154db7989da39a7f1e5\System.Workflow.ComponentModel.ni.dll
+ 2012-01-02 15:45 . 2012-01-02 15:45 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\54873f241a4ad6d2a13e48d2da444538\System.Workflow.Activities.ni.dll
+ 2012-01-02 15:45 . 2012-01-02 15:45 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\be4f1d78d06979df7fd08dedf0d8c804\System.Web.Services.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-01 23:31 . 2011-12-25 20:42 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-05-25 14:17 . 2010-11-05 01:53 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-01 23:31 . 2011-12-25 20:40 5263360 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-01 23:31 . 2011-12-25 20:42 5255168 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-11-27 05:09 . 2012-01-02 19:18 24715388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1068227813-752040018-3191100409-1000-8192.dat
+ 2012-01-02 15:46 . 2012-01-02 15:46 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\ab920a032a9b63aa07f26c5592d7c72c\System.Web.ni.dll
+ 2012-01-02 16:37 . 2012-01-02 16:37 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\4bf05a9a1aebde89033c40b9e51af495\System.ServiceModel.ni.dll
+ 2012-01-02 15:46 . 2012-01-02 15:46 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\665178c1ccfd538896eaa0fff283b6ef\System.Design.ni.dll
+ 2012-01-02 19:05 . 2012-01-02 19:05 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\897b2e70eb1754bf8c557fadd93faf98\ehshell.ni.dll
+ 2012-01-02 15:45 . 2012-01-02 15:45 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
+ 2012-01-02 19:08 . 2012-01-02 19:08 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
+ 2012-01-02 15:45 . 2012-01-02 15:45 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\70f9f6de6dc9611157ed563bdb4e79a4\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"cdloader"="c:\users\BlackOps\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-23 563760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1068227813-752040018-3191100409-1000Core.job
- c:\users\BlackOps\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 20:43]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1068227813-752040018-3191100409-1000UA.job
- c:\users\BlackOps\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 20:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\BlackOps\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\BlackOps\AppData\Roaming\Mozilla\Firefox\Profiles\hm20z9j9.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-02 20:21:05
ComboFix-quarantined-files.txt 2012-01-03 03:21
ComboFix2.txt 2011-12-30 20:25
ComboFix3.txt 2011-12-27 15:31
.
Pre-Run: 140,790,788,096 bytes free
Post-Run: 140,749,783,040 bytes free
.
- - End Of File - - 1AEDB56B5EEA72644921F435080AA15D
 
It appears that you may not have copied all of the text in the code box to run through Combofix as the registry entries are still in the current run.

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
KillAll
File::

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
Clearjavacache::

FCopy::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
About this:
my Firefox wants to redirect to another page, because I "turned on" the notify me before redirecting I know it want's to redirect to a page which will launch the virus.
Click to expand...

Tools> Option> Advanced General tab> Accessibility section> "Warn me when web sites try to redirect or reload the page" is a good security feature to keep on all the time. -BUT- getting the warning is not a "redirect" in the sense of malware redirecting to a site other than what you selected, what users refer to as a "Google redirect.".

It can be as simple as a page being turned on a good site. You may not realize it but all those Firefox strips that tell you Firefox has prevented a redirect and has an "allow" button can't be taken as proff of malware or that the redirect is to a 'bad' site. I leave this setting on and if I get the alert, I consider the site I am on and almost always allow it.
================================================
If you put a search term in Google, then choose the site "www.hellohowareyou.com" but instead of that site coming up it loads" www.cometomyparty.com">>>>That's a search redirect Or if the host files have been hijacked and instead of the search being processes with you host files, when you do a search you will be taken to a site in Ethiopia instead, Firefox isn't going to popup that you're being redirected.

Do you understand this difference in the term 'redirect.?
============================================
Please tell me if the problems relted to the malware have been resolved.
 
Status
Not open for further replies.

Similar threads

H
BSOD during youtube video - Windows 7 64 - suspected hardware malfunction
Replies
15
Views
2K
Kshipper
Kshipper
S
Inactive Ransomware virus
Replies
5
Views
2K
Broni
Broni
BrokeennClock
  • Locked
Inactive Virus / Malware
Replies
2
Views
2K
Broni
Broni

Latest posts

Back