[Active] Internet Explorer pop ups

cymikey10 · Dec 8, 2010

hi there
I am having a problem with my internet explorer poping up with random advertisements. It only does it when i have closed all running software an dont use my comuter for a few minutes they then start to pop up.
I have run malwarebytes and combofix which i will post the logs down the page.
I tried to run Eset NOD32 Online AntiVirus Scanner but this was asking if proxy was set up?
I will try to run gmer and dds if this helps and post the logs on here.

Combofix log

ComboFix 10-12-06.04 - michael 09/11/2010 22:41:05.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.446.155 [GMT 0:00]
Running from: J:\ComboFix.exe
AV: Norton 360 Premier Edition *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-10-09 to 2010-11-09 )))))))))))))))))))))))))))))))
.

2012-04-12 08:59 . 2012-04-12 09:37 -------- d-----w- C:\Mum n Dads Laptop Files
2012-03-15 20:28 . 2012-03-15 20:28 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Help
2012-03-15 20:25 . 2012-03-15 20:25 5248 ----a-w- c:\windows\system32\giveio.sys
2012-03-15 20:22 . 2012-03-15 20:32 -------- d-----w- c:\program files\SSC Service Utility
2012-03-11 16:37 . 2012-03-11 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\MGS
2012-03-03 14:48 . 2012-03-03 14:48 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Scansoft
2012-02-26 20:25 . 2012-02-26 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2012-02-26 20:24 . 2012-02-26 20:24 -------- d-----w- c:\documents and settings\michael\Application Data\Nuance
2012-02-26 19:59 . 2012-02-26 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2012-02-26 19:59 . 2010-07-16 18:59 -------- d-----w- c:\windows\speech
2012-02-21 22:16 . 2012-02-21 22:16 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\WinAVI
2012-02-21 22:16 . 2012-02-27 16:36 -------- d-----w- c:\program files\WinAVI Video Converter
2010-11-09 13:25 . 2010-11-09 13:21 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-11-09 13:25 . 2010-11-09 13:22 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-09 13:24 . 2010-11-09 13:22 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-11-09 13:23 . 2010-11-09 13:23 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-09 13:23 . 2010-11-09 13:23 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-09 13:23 . 2010-11-09 15:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-11-09 13:23 . 2010-11-09 13:23 -------- d-----w- c:\program files\Symantec
2010-11-09 13:20 . 2010-11-09 22:02 -------- d-----w- c:\windows\system32\drivers\N360
2010-11-09 13:20 . 2010-11-09 13:21 -------- d-----w- c:\program files\Norton 360 Premier Edition
2010-11-09 13:20 . 2010-11-09 13:20 -------- d-----w- c:\program files\Windows Sidebar
2010-11-09 13:20 . 2010-11-09 13:20 -------- d-----w- c:\program files\NortonInstaller
2010-11-07 15:11 . 2007-04-08 16:38 946312 ----a-w- c:\windows\system32\wPDFViewplus01.dll
2010-11-07 15:10 . 2010-11-07 15:11 -------- d-----w- c:\program files\XSPPlat
2010-11-07 15:06 . 2010-11-07 15:06 186880 ----a-w- c:\windows\Gmirea.exe
2010-11-07 14:50 . 2010-11-07 14:57 -------- d-----w- c:\documents and settings\michael\Application Data\iktsoft
2010-11-02 16:23 . 2006-12-02 06:22 479232 ----a-w- c:\windows\system32\msvcm80.dll
2010-11-02 16:23 . 2010-11-02 16:23 -------- d-----w- c:\program files\MyXOFT
2010-11-02 16:15 . 2010-11-08 14:52 -------- d-----w- c:\program files\Music Trio
2010-11-02 15:55 . 2010-11-02 15:55 -------- d-----w- c:\documents and settings\michael\Application Data\Doblon
2010-11-02 15:23 . 2010-11-02 15:23 -------- d-----w- c:\program files\Doblon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-28 18:15 . 2010-07-13 15:37 2672 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-10-28 18:15 . 2010-07-13 15:37 88 --sh--r- c:\documents and settings\All Users\Application Data\03BEF1D2A8.sys
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-09-18 11:23 . 2009-05-19 09:23 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-05-19 09:23 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-05-19 09:23 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-05-19 09:23 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2005-12-05 11:41 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2009-05-19 09:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2009-05-19 09:21 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2009-05-19 09:19 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2005-12-05 11:41 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-06-15 11:31 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2005-12-05 11:41 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2005-12-05 11:41 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-02-25 10:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2009-05-19 09:19 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-12-05 11:41 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2009-05-19 09:24 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-07-08 1953887]
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2010-02-06 4853760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-12-30 523408]
"OW1T3CYG7T"="c:\windows\Gmirea.exe" [2010-11-07 186880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" [2005-10-31 163840]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AOL_Demo"="c:\applications\Tool\AOL Demo\DSGDemo.exe" [2005-12-01 177178]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 22:43 59240]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [09/11/2010 15:26 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [09/11/2010 15:25 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [09/11/2010 15:25 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101201.001\IDSXpx86.sys [09/11/2010 13:43 341944]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [07/03/2010 11:11 390528]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [23/03/2010 18:26 711352]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [23/03/2010 18:26 711352]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/11/2010 19:03 102448]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [07/08/2003 16:42 6528]
S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe [09/11/2010 15:24 117640]
S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/02/2010 09:47 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-11-09 c:\windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
- c:\windows\Gmirea.exe [2010-11-07 15:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-09 23:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3296923419-416603358-497765969-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA0DB758-EF64-6991-E085-D0FCE315193A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jadihbnhefjddgapgnpp"=hex:6b,61,66,6b,61,62,6f,64,6a,69,67,62,65,68,6f,64,70,
67,6e,6e,65,6a,00,00
"iajebdmfkcagbiijok"=hex:6b,61,66,6b,61,62,6f,64,6a,69,67,62,65,68,6f,64,70,67,
6e,6e,65,6a,00,7c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(14640)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-09 23:25:03
ComboFix-quarantined-files.txt 2010-11-09 23:24

Pre-Run: 21,554,262,016 bytes free
Post-Run: 21,735,727,104 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - DEFF2C2C31F03C3FD4BD88F194199A52

Malwarebytes log before deleting viruses produced this log >>

Malwarebytes' Anti-Malware 1.44
Database version: 3788
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/11/2010 00:47:43
mbam-log-2010-11-09 (00-47-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 204185
Time elapsed: 3 hour(s), 59 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\michael\Local Settings\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Then when i scanned again it produced this log >>

Malwarebytes' Anti-Malware 1.44
Database version: 3788
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/11/2010 18:36:52
mbam-log-2010-11-09 (18-36-52).txt

Scan type: Full Scan (C:\|)
Objects scanned: 184926
Time elapsed: 2 hour(s), 41 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Now m,alwarebytes does not find anything.
Hope someone can help
Thanks
Michael

Bobbye · Dec 8, 2010

Here are the steps we ask you to follow:
If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Please note: There is a post in the Virus and Malware forum that specifically instructs not to use Combofix unless instructed to do so by your helper.

We need one log- not before and after unless something is done within a program that produces a new log. You don't have to run Mbam again. Understand that cleaning program are also run in a specific order, not randomly.

Please run DDS (2 logs) and GMER.

cymikey10 · Dec 8, 2010

Thanks for the fast reply.
I used combofix as i have previously had a virus similar and i used to use combofix for this but this time the method did not work. Iave done as you asked and have posted the logs below. I would also like to add the threat that norton 360 keeps popping up with constantly saying an intrusion attempt was blocked. aplication path \device\harddiskvolume1\windows\gmirea.exe.

DDS log >>>

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 24/02/2010 22:37:44
System Uptime: 10/11/2010 01:03:18 (18 hours ago)

Motherboard: DIXONSXP | | P4M800P7MB
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Socket 775 | 3054/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 73 GiB total, 19.956 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP126: 08/08/2010 08:53:24 - System Checkpoint
RP127: 09/08/2010 19:23:20 - System Checkpoint
RP128: 10/08/2010 19:51:12 - System Checkpoint
RP129: 11/08/2010 20:51:24 - System Checkpoint
RP130: 12/08/2010 21:27:15 - System Checkpoint
RP131: 13/08/2010 22:27:13 - System Checkpoint
RP132: 14/08/2010 23:53:43 - System Checkpoint
RP133: 16/08/2010 00:03:15 - System Checkpoint
RP134: 17/08/2010 00:51:44 - System Checkpoint
RP135: 18/08/2010 04:41:09 - System Checkpoint
RP136: 19/08/2010 21:36:02 - Software Distribution Service 3.0
RP137: 20/08/2010 22:12:02 - System Checkpoint
RP138: 22/08/2010 18:24:09 - System Checkpoint
RP139: 24/08/2010 14:49:32 - System Checkpoint
RP140: 25/08/2010 16:21:31 - System Checkpoint
RP141: 26/08/2010 16:45:02 - System Checkpoint
RP142: 27/08/2010 14:45:16 - Installed Corel Paint Shop Pro Photo X2.
RP143: 28/08/2010 15:33:33 - System Checkpoint
RP144: 29/08/2010 15:57:04 - System Checkpoint
RP145: 30/08/2010 16:58:05 - System Checkpoint
RP146: 01/09/2010 03:00:21 - Software Distribution Service 3.0
RP147: 02/09/2010 03:09:06 - System Checkpoint
RP148: 03/09/2010 04:21:06 - System Checkpoint
RP149: 04/09/2010 05:09:07 - System Checkpoint
RP150: 05/09/2010 05:13:39 - System Checkpoint
RP151: 06/09/2010 05:30:21 - System Checkpoint
RP152: 07/09/2010 05:57:08 - System Checkpoint
RP153: 08/09/2010 03:00:21 - Software Distribution Service 3.0
RP154: 09/09/2010 03:09:08 - System Checkpoint
RP155: 10/09/2010 03:45:07 - System Checkpoint
RP156: 11/09/2010 03:57:09 - System Checkpoint
RP157: 12/09/2010 04:09:10 - System Checkpoint
RP158: 13/09/2010 04:48:45 - System Checkpoint
RP159: 14/09/2010 05:44:37 - System Checkpoint
RP160: 16/09/2010 01:38:14 - System Checkpoint
RP161: 16/09/2010 03:00:21 - Software Distribution Service 3.0
RP162: 16/09/2010 03:27:31 - Installed Rapport
RP163: 17/09/2010 14:07:22 - System Checkpoint
RP164: 18/09/2010 16:37:31 - System Checkpoint
RP165: 22/09/2010 22:30:15 - System Checkpoint
RP166: 24/09/2010 01:27:33 - System Checkpoint
RP167: 25/09/2010 02:53:35 - System Checkpoint
RP168: 26/09/2010 05:12:06 - System Checkpoint
RP169: 27/09/2010 17:18:50 - System Checkpoint
RP170: 02/10/2010 20:56:06 - System Checkpoint
RP171: 04/10/2010 02:10:51 - System Checkpoint
RP172: 05/10/2010 02:49:22 - System Checkpoint
RP173: 06/10/2010 16:32:11 - System Checkpoint
RP174: 07/10/2010 19:55:24 - System Checkpoint
RP175: 08/10/2010 12:00:26 - Removed Adobe Reader 7.0
RP176: 08/10/2010 12:01:22 - Installed Adobe Reader 9.
RP177: 09/10/2010 16:12:37 - System Checkpoint
RP178: 10/10/2010 21:01:56 - System Checkpoint
RP179: 11/10/2010 22:34:07 - System Checkpoint
RP180: 13/10/2010 00:36:38 - System Checkpoint
RP181: 14/10/2010 01:46:40 - System Checkpoint
RP182: 14/10/2010 03:00:23 - Software Distribution Service 3.0
RP183: 15/10/2010 04:53:38 - System Checkpoint
RP184: 16/10/2010 05:32:21 - System Checkpoint
RP185: 17/10/2010 06:24:43 - System Checkpoint
RP186: 18/10/2010 09:25:13 - System Checkpoint
RP187: 19/10/2010 09:25:43 - System Checkpoint
RP188: 20/10/2010 10:49:23 - System Checkpoint
RP189: 21/10/2010 13:49:22 - System Checkpoint
RP190: 22/10/2010 16:17:51 - System Checkpoint
RP191: 31/10/2010 13:49:53 - System Checkpoint
RP192: 01/11/2010 14:38:22 - System Checkpoint
RP193: 02/11/2010 19:36:18 - System Checkpoint
RP194: 03/11/2010 19:43:11 - System Checkpoint
RP195: 09/11/2010 13:08:39 - Removed Cypress USB Mass Storage Driver Installation
RP196: 09/11/2010 13:08:52 - Removed Napster
RP197: 09/11/2010 15:08:57 - Norton 360 Registry Clean
RP198: 10/11/2010 00:06:07 - IObit Uninstaller RestorePoint

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 9.2
CCleaner
Corel Paint Shop Pro Photo X2
Cross Stitch Professional Platinum Demo (No save, print only ex
DivX Setup
DSS DJ 5.6
Epson Easy Photo Print 2
Epson Event Manager
EPSON Scan
Epson Stylus SX110_TX110 Manual
EPSON SX110 Series Printer Uninstall
EPSON Web-To-Page
ESET Online Scanner v3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImagXpress
Karaoke CD+G Creator Pro
Magic ISO Maker v5.5 (build 0274)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MP3 Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Norton 360 Premier Edition
OCA Client history tool install
On2 VP7 Personal Edition
Photo Story 3 for Windows
Power2Go 4.0
PowerDVD
PowerISO
QuickTime
Rapport
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Roxio Burn Engine
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shareaza 2.5.2.0
SSC Service Utility v4.30
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VC80CRTRedist - 8.0.50727.4053
VIA/S3G Display Driver
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WYSIWYG Web Builder 6
Xiph.Org Open Codecs 0.84.17338

==== Event Viewer Messages From Past Week ========

10/11/2010 01:04:16, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'EraserUtilRebootDrv.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
09/11/2010 23:37:42, error: System Error [1003] - Error code 10000050, parameter1 f790dc42, parameter2 00000008, parameter3 80541804, parameter4 00000000.
09/11/2010 22:33:26, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
09/11/2010 22:32:52, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
09/11/2010 19:22:48, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IDSxpx86
09/11/2010 15:23:40, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
09/11/2010 13:39:29, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Norton 360 service, but this action failed with the following error: An instance of the service is already running.
09/11/2010 13:37:30, error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09/11/2010 12:22:10, error: W32Time [34] - The time service has detected that the system time needs to be changed by +2418974 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.102:123->207.46.197.32:123) is working properly.
07/11/2010 19:47:35, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort2.
07/11/2010 13:23:02, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
07/11/2010 13:22:24, error: W32Time [34] - The time service has detected that the system time needs to be changed by +2418976 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.102:123->207.46.197.32:123) is working properly.
03/11/2010 09:40:04, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

==== End Of File ===========================

DDS >>>>

DDS (Ver_10-12-05.01) - NTFSx86
Run by michael at 19:47:01.26 on 10/11/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.446.53 [GMT 0:00]

AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Gmirea.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE
J:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\razawebhook32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\3.8.0.41\IPSBHO.DLL
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
uRun: [Shareaza] "c:\program files\shareaza\Shareaza.exe" -tray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
uRun: [OW1T3CYG7T] c:\windows\Gmirea.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON SX110 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifbe.exe /fu "c:\docume~1\michael\locals~1\temp\E_S72.tmp" /EF "HKCU"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AOL_Demo] c:\applications\tool\aol demo\DSGDemo.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267102204078
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360 premier edition\engine\3.8.0.41\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-11-9 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-11-9 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-11-9 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20101208.001\IDSXpx86.sys [2010-11-10 341944]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-7 390528]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2003-8-7 6528]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20101207.039\NAVENG.SYS [2010-11-10 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20101207.039\NAVEX15.SYS [2010-11-10 1371184]
S2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\3.8.0.41\ccSvcHst.exe [2010-11-9 117640]
S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10910.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10910.sys [?]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2012-04-12 08:59:56 -------- d-----w- C:\Mum n Dads Laptop Files
2012-03-15 20:28:03 -------- d-----w- c:\docume~1\michael\locals~1\applic~1\Help
2012-03-15 20:25:15 5248 ----a-w- c:\windows\system32\giveio.sys
2012-03-15 20:22:23 -------- d-----w- c:\program files\SSC Service Utility
2012-03-11 16:37:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\MGS
2012-03-03 14:48:41 -------- d-----w- c:\docume~1\michael\locals~1\applic~1\Scansoft
2012-02-26 20:55:49 -------- d-----w- c:\windows\pss
2012-02-26 20:24:44 -------- d-----w- c:\docume~1\michael\applic~1\Nuance
2012-02-26 19:59:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nuance
2012-02-26 19:59:26 -------- d-----w- c:\windows\speech
2012-02-21 22:16:49 -------- d-----w- c:\docume~1\michael\locals~1\applic~1\WinAVI
2012-02-21 22:16:12 -------- d-----w- c:\program files\WinAVI Video Converter
2010-11-10 12:45:46 -------- d-----w- c:\program files\ESET
2010-11-09 23:52:05 -------- d-----w- c:\docume~1\michael\applic~1\IObit
2010-11-09 23:31:19 -------- d-----w- C:\65ebec1e42c6f30e94598e9f346c
2010-11-09 22:36:28 -------- d-sha-r- C:\cmdcons
2010-11-09 22:30:47 89088 ----a-w- c:\windows\MBR.exe
2010-11-09 22:30:46 98816 ----a-w- c:\windows\sed.exe
2010-11-09 22:30:46 256512 ----a-w- c:\windows\PEV.exe
2010-11-09 22:30:46 161792 ----a-w- c:\windows\SWREG.exe
2010-11-09 15:26:01 217136 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symtdi.sys
2010-11-09 15:26:00 89904 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symfw.sys
2010-11-09 15:26:00 48688 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symndisv.sys
2010-11-09 15:26:00 36400 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symndis.sys
2010-11-09 15:26:00 33072 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symids.sys
2010-11-09 15:26:00 310320 ----a-w- c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys
2010-11-09 15:25:59 482432 ----a-w- c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys
2010-11-09 15:25:59 43696 ----a-w- c:\windows\system32\drivers\n360\0308000.029\srtspx.sys
2010-11-09 15:25:59 308272 ----a-w- c:\windows\system32\drivers\n360\0308000.029\srtsp.sys
2010-11-09 15:25:58 259632 ----a-w- c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys
2010-11-09 15:24:05 -------- d-----w- c:\windows\system32\drivers\n360\0308000.029
2010-11-09 13:25:21 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-11-09 13:25:20 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-09 13:24:24 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-11-09 13:23:53 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-09 13:23:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-09 13:23:51 -------- d-----w- c:\program files\Symantec
2010-11-09 13:23:51 -------- d-----w- c:\program files\common files\Symantec Shared
2010-11-09 13:20:37 -------- d-----w- c:\windows\system32\drivers\N360
2010-11-09 13:20:32 -------- d-----w- c:\program files\Norton 360 Premier Edition
2010-11-09 13:20:06 -------- d-----w- c:\program files\NortonInstaller
2010-11-07 15:11:42 946312 ----a-w- c:\windows\system32\wPDFViewplus01.dll
2010-11-07 15:10:08 -------- d-----w- c:\program files\XSPPlat
2010-11-07 15:06:54 186880 ----a-w- c:\windows\Gmirea.exe
2010-11-07 14:50:41 -------- d-----w- c:\docume~1\michael\applic~1\iktsoft
2010-11-02 16:23:10 479232 ----a-w- c:\windows\system32\msvcm80.dll
2010-11-02 16:23:09 -------- d-----w- c:\program files\MyXOFT
2010-11-02 16:15:50 -------- d-----w- c:\program files\Music Trio
2010-11-02 15:55:39 -------- d-----w- c:\docume~1\michael\applic~1\Doblon
2010-11-02 15:23:34 -------- d-----w- c:\program files\Doblon

==================== Find3M ====================

2010-10-28 18:27:24 2620 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-10-28 18:15:23 2672 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-10-28 18:15:17 88 --sh--r- c:\docume~1\alluse~1\applic~1\03BEF1D2A8.sys
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 16:05:29 88 --sh--r- c:\windows\system32\6B2458520D.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 19:49:18.18 ===============

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-10 19:55:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 HDS728080PLAT20 rev.PF2OA2AA
Running: hc0314r8.exe; Driver: C:\DOCUME~1\michael\LOCALS~1\Temp\pxtdypow.sys

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Thanks for reading.
Kind regards
Michael

cymikey10 · Dec 8, 2010

09/11/2010 12:22:10, error: W32Time [34] - The time service has detected that the system time needs to be changed by +2418974 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.102:123->207.46.197.32:123) is working properly.

I do apologise for the dates being out on my computer, i hope this does not complicate things.

Bobbye · Dec 9, 2010

Don't apologize! Correct the time problem and rescan. I have to know when a scan was actually done and your computer depends on the time being correctly set:

To check and correct time settings:

Right click on the clock> Adjust Date/Time> Be sure the correct date and time are showing on the screen that comes up> Make sure your correct time zone is set and that 'adjust for daylight savings time' boxes are set> When you get to the Internet Time Server, click on Update now and wait for it.

The antivirus program and any auto-update you have are time sensitive.

cymikey10 · Dec 9, 2010

I have followed your instructions to correct the time and rescanned my computer, here are the logs created.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-09 21:43:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 HDS728080PLAT20 rev.PF2OA2AA
Running: hc0314r8.exe; Driver: C:\DOCUME~1\michael\LOCALS~1\Temp\pxtdypow.sys

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 24/02/2010 22:37:44
System Uptime: 08/12/2010 00:59:31 (45 hours ago)

Motherboard: DIXONSXP | | P4M800P7MB
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Socket 775 | 3054/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 73 GiB total, 21.083 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP156: 11/09/2010 03:57:09 - System Checkpoint
RP157: 12/09/2010 04:09:10 - System Checkpoint
RP158: 13/09/2010 04:48:45 - System Checkpoint
RP159: 14/09/2010 05:44:37 - System Checkpoint
RP160: 16/09/2010 01:38:14 - System Checkpoint
RP161: 16/09/2010 03:00:21 - Software Distribution Service 3.0
RP162: 16/09/2010 03:27:31 - Installed Rapport
RP163: 17/09/2010 14:07:22 - System Checkpoint
RP164: 18/09/2010 16:37:31 - System Checkpoint
RP165: 22/09/2010 22:30:15 - System Checkpoint
RP166: 24/09/2010 01:27:33 - System Checkpoint
RP167: 25/09/2010 02:53:35 - System Checkpoint
RP168: 26/09/2010 05:12:06 - System Checkpoint
RP169: 27/09/2010 17:18:50 - System Checkpoint
RP170: 02/10/2010 20:56:06 - System Checkpoint
RP171: 04/10/2010 02:10:51 - System Checkpoint
RP172: 05/10/2010 02:49:22 - System Checkpoint
RP173: 06/10/2010 16:32:11 - System Checkpoint
RP174: 07/10/2010 19:55:24 - System Checkpoint
RP175: 08/10/2010 12:00:26 - Removed Adobe Reader 7.0
RP176: 08/10/2010 12:01:22 - Installed Adobe Reader 9.
RP177: 09/10/2010 16:12:37 - System Checkpoint
RP178: 10/10/2010 21:01:56 - System Checkpoint
RP179: 11/10/2010 22:34:07 - System Checkpoint
RP180: 13/10/2010 00:36:38 - System Checkpoint
RP181: 14/10/2010 01:46:40 - System Checkpoint
RP182: 14/10/2010 03:00:23 - Software Distribution Service 3.0
RP183: 15/10/2010 04:53:38 - System Checkpoint
RP184: 16/10/2010 05:32:21 - System Checkpoint
RP185: 17/10/2010 06:24:43 - System Checkpoint
RP186: 18/10/2010 09:25:13 - System Checkpoint
RP187: 19/10/2010 09:25:43 - System Checkpoint
RP188: 20/10/2010 10:49:23 - System Checkpoint
RP189: 21/10/2010 13:49:22 - System Checkpoint
RP190: 22/10/2010 16:17:51 - System Checkpoint
RP191: 31/10/2010 13:49:53 - System Checkpoint
RP192: 01/11/2010 14:38:22 - System Checkpoint
RP193: 02/11/2010 19:36:18 - System Checkpoint
RP194: 03/11/2010 19:43:11 - System Checkpoint
RP195: 09/11/2010 13:08:39 - Removed Cypress USB Mass Storage Driver Installation
RP196: 09/11/2010 13:08:52 - Removed Napster
RP197: 09/11/2010 15:08:57 - Norton 360 Registry Clean
RP198: 10/11/2010 00:06:07 - IObit Uninstaller RestorePoint
RP199: 09/12/2010 11:23:27 - System Checkpoint
RP200: 09/12/2010 13:12:00 - Installed WinStitch Demo Version

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 9.2
CCleaner
Corel Paint Shop Pro Photo X2
Cross Stitch Professional Platinum Demo (No save, print only ex
DivX Setup
DSS DJ 5.6
Epson Easy Photo Print 2
Epson Event Manager
EPSON Scan
Epson Stylus SX110_TX110 Manual
EPSON SX110 Series Printer Uninstall
EPSON Web-To-Page
ESET Online Scanner v3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImagXpress
Karaoke CD+G Creator Pro
Magic ISO Maker v5.5 (build 0274)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MP3 Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
myriaCross Converter 1.01.05
neroxml
Norton 360 Premier Edition
OCA Client history tool install
On2 VP7 Personal Edition
Photo Story 3 for Windows
Power2Go 4.0
PowerDVD
PowerISO
QuickTime
Rapport
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Roxio Burn Engine
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shareaza 2.5.2.0
SSC Service Utility v4.30
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VC80CRTRedist - 8.0.50727.4053
VIA/S3G Display Driver
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinStitch Demo Version
WYSIWYG Web Builder 6
Xiph.Org Open Codecs 0.84.17338

==== Event Viewer Messages From Past Week ========

09/12/2010 20:38:54, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort2.
09/12/2010 08:55:28, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.

==== End Of File ===========================

DDS (Ver_10-12-05.01) - NTFSx86
Run by michael at 21:09:48.87 on 09/12/2010
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============

C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\Gmirea.exe
J:\dds.scr
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\razawebhook32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\3.8.0.41\IPSBHO.DLL
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
uRun: [Shareaza] "c:\program files\shareaza\Shareaza.exe" -tray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
uRun: [OW1T3CYG7T] c:\windows\Gmirea.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON SX110 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifbe.exe /fu "c:\docume~1\michael\locals~1\temp\E_S72.tmp" /EF "HKCU"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AOL_Demo] c:\applications\tool\aol demo\DSGDemo.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267102204078
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360 premier edition\engine\3.8.0.41\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R? EraserUtilDrv10910;EraserUtilDrv10910
R? FXDRV;FXDRV
R? N360;Norton 360
S? BHDrvx86;Symantec Heuristics Driver
S? ccHP;Symantec Hash Provider
S? genmcmnUSB;USB Scroll Mouse Driver
S? IDSxpx86;IDSxpx86
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? RapportBuka;RapportBuka
S? RapportCerberus_19917;RapportCerberus_19917
S? RapportKELL;RapportKELL
S? RapportMgmtService;Rapport Management Service
S? RapportPG;RapportPG
S? SymEFA;Symantec Extended File Attributes

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2012-04-12 08:59:56 -------- d-----w- C:\Mum n Dads Laptop Files
2012-03-15 20:28:03 -------- d-----w- c:\docume~1\michael\locals~1\applic~1\Help
2012-03-15 20:25:15 5248 ----a-w- c:\windows\system32\giveio.sys
2012-03-15 20:22:23 -------- d-----w- c:\program files\SSC Service Utility
2012-03-11 16:37:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\MGS
2012-03-03 14:48:41 -------- d-----w- c:\docume~1\michael\locals~1\applic~1\Scansoft
2012-02-26 20:55:49 -------- d-----w- c:\windows\pss
2012-02-26 20:24:44 -------- d-----w- c:\docume~1\michael\applic~1\Nuance
2012-02-26 19:59:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nuance
2012-02-26 19:59:26 -------- d-----w- c:\windows\speech
2012-02-21 22:16:49 -------- d-----w- c:\docume~1\michael\locals~1\applic~1\WinAVI
2012-02-21 22:16:12 -------- d-----w- c:\program files\WinAVI Video Converter
2010-12-09 13:21:18 -------- d-----w- c:\docume~1\michael\applic~1\myriaCrossConv
2010-12-09 13:21:16 -------- d-----w- c:\program files\myriaCrossConv
2010-12-09 13:12:09 -------- d-----w- c:\program files\WinStitch Demo Version
2010-11-10 12:45:46 -------- d-----w- c:\program files\ESET
2010-11-09 23:52:05 -------- d-----w- c:\docume~1\michael\applic~1\IObit
2010-11-09 23:31:19 -------- d-----w- C:\65ebec1e42c6f30e94598e9f346c
2010-11-09 22:36:28 -------- d-sha-r- C:\cmdcons
2010-11-09 22:30:47 89088 ----a-w- c:\windows\MBR.exe
2010-11-09 22:30:46 98816 ----a-w- c:\windows\sed.exe
2010-11-09 22:30:46 256512 ----a-w- c:\windows\PEV.exe
2010-11-09 22:30:46 161792 ----a-w- c:\windows\SWREG.exe

==================== Find3M ====================

2010-11-09 13:23:51 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-09 13:21:38 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-11-07 15:06:24 186880 ----a-w- c:\windows\Gmirea.exe
2010-10-28 18:27:24 2620 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-10-28 18:15:23 2672 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-10-28 18:15:17 88 --sh--r- c:\docume~1\alluse~1\applic~1\03BEF1D2A8.sys
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

============= FINISH: 21:12:59.14 ===============

Bobbye · Dec 10, 2010

Thank you. The correct time setting should make the system work better.

It appears you have another language on the system- is that correct? I was going to ask you about this process:

an intrusion attempt was blocked. aplication path \device\harddiskvolume1\windows\gmirea.exe.

I see the entry in the log but attempt to identify only gives non-English sites.

I am setting up some script for you to run to remove some entries. While I am doing that, please run the 2 following scans:

Run Eset NOD32 Online AntiVirus scan HERE

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the Active X control to install

Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.

Click Start

Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked

Click Scan

Wait for the scan to finish

Re-enable your Antivirus software.

A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

==============================================
Uninstall ComboFix and all Backups of the files it deleted

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
========================================
Download Combofix from one of these locations and save to your desktop:

Link 1
Link 2

Double click combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Query- Recovery Console image

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

.Click on Yes, to continue scanning for malware

.If Combofix asks you to update the program, allow

.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

.Close any open browsers.

.Double click combofix.exe & follow the prompts to run.

When the scan completes it will open a text window. Please paste that log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

cymikey10 · Dec 10, 2010

Hi,
I have no knowledge of another language on the system that seems very unusual to me. The gmirea.exe is sending norton anti-virus into overdrive with constant attempts to block it.
Anyways i will now run the scans and reply as soon as possible.
Thanks
Michael

cymikey10 · Dec 11, 2010

The ESET scan log >>>>>

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=41217
esets_scanner_update returned -1 esets_gle=41217
esets_scanner_update returned -1 esets_gle=1
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=aeca6894733d204eab5436c8d88f2e6f
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-11 07:01:18
# local_time=2010-12-11 07:01:18 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3589 16777174 100 100 2678554 27991920 0 0
# compatibility_mode=8192 67108863 100 0 2641783 2641783 0 0
# scanned=87162
# found=3
# cleaned=0
# scan_time=19567

C:\System Volume Information\_restore{3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP197\A0038260.exe Win32/PrimeCasino application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\Gmirea.exe Win32/TrojanDownloader.FakeAlert.AQI trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} Win32/TrojanDownloader.FakeAlert.AQI trojan 00000000000000000000000000000000 I

Combofix on its way asap.

cymikey10 · Dec 11, 2010

combofix log >>>>

ComboFix 10-12-10.01 - michael 11/12/2010 14:15:35.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.446.142 [GMT 0:00]
Running from: c:\documents and settings\michael\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.

2012-04-12 08:59 . 2012-04-12 09:37 -------- d-----w- C:\Mum n Dads Laptop Files
2012-03-15 20:28 . 2012-03-15 20:28 -------- d--h--w- c:\documents and settings\michael\Local Settings\Application Data\Help
2012-03-15 20:25 . 2012-03-15 20:25 5248 ----a-w- c:\windows\system32\giveio.sys
2012-03-15 20:22 . 2012-03-15 20:32 -------- d-----w- c:\program files\SSC Service Utility
2012-03-11 16:37 . 2012-03-11 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\MGS
2012-03-03 14:48 . 2012-03-03 14:48 -------- d--h--w- c:\documents and settings\michael\Local Settings\Application Data\Scansoft
2012-02-26 20:25 . 2012-02-26 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2012-02-26 20:24 . 2012-02-26 20:24 -------- d--h--w- c:\documents and settings\michael\Application Data\Nuance
2012-02-26 19:59 . 2012-02-26 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2012-02-26 19:59 . 2010-07-16 18:59 -------- d-----w- c:\windows\speech
2012-02-21 22:16 . 2012-02-21 22:16 -------- d--h--w- c:\documents and settings\michael\Local Settings\Application Data\WinAVI
2012-02-21 22:16 . 2012-02-27 16:36 -------- d-----w- c:\program files\WinAVI Video Converter
2010-12-11 14:01 . 2010-12-11 14:01 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Symantec
2010-12-10 22:09 . 2010-12-11 00:03 -------- d--h--w- c:\documents and settings\michael\Local Settings\Application Data\Corel
2010-12-10 20:53 . 2010-12-10 20:58 -------- d--h--w- c:\documents and settings\michael\Local Settings\Application Data\Ahead
2010-12-10 20:46 . 2010-12-10 21:02 -------- d--h--w- c:\documents and settings\michael\Application Data\Ahead
2010-12-10 20:45 . 2010-12-10 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-12-10 20:40 . 2010-12-10 20:43 -------- d-----w- c:\program files\Common Files\Ahead
2010-12-10 20:40 . 2010-12-10 20:40 -------- d-----w- c:\program files\Nero
2010-12-10 19:23 . 2010-12-10 19:25 -------- d-----w- C:\cf879e36f8bf4533509e6ebb38882192
2010-12-10 17:23 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-12-10 17:23 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-10 17:22 . 2008-10-15 06:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-12-10 17:22 . 2010-12-10 17:22 -------- d-----w- c:\windows\Logs
2010-12-10 13:15 . 2010-04-12 03:01 47616 ----a-r- c:\windows\system32\LGScsiCommandService.exe
2010-12-10 13:15 . 2009-09-23 07:05 24576 ----a-r- c:\windows\system32\SendScsiCmd.dll
2010-12-09 13:21 . 2010-12-09 13:21 -------- d--h--w- c:\documents and settings\michael\Application Data\myriaCrossConv
2010-12-09 13:21 . 2010-12-09 13:22 -------- d-----w- c:\program files\myriaCrossConv
2010-12-09 13:12 . 2010-12-09 13:40 -------- d-----w- c:\program files\WinStitch Demo Version

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-09 13:23 . 2010-11-09 13:23 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-09 13:23 . 2010-11-09 13:23 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-09 13:22 . 2010-11-09 15:26 217136 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symtdi.sys
2010-11-09 13:22 . 2010-11-09 15:26 89904 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symfw.sys
2010-11-09 13:22 . 2010-11-09 15:26 48688 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symndisv.sys
2010-11-09 13:22 . 2010-11-09 15:26 36400 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symndis.sys
2010-11-09 13:22 . 2010-11-09 15:26 33072 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symids.sys
2010-11-09 13:22 . 2010-11-09 15:26 310320 ----a-w- c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys
2010-11-09 13:22 . 2010-11-09 13:24 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-11-09 13:22 . 2010-11-09 15:25 43696 ----a-w- c:\windows\system32\drivers\N360\0308000.029\srtspx.sys
2010-11-09 13:22 . 2010-11-09 15:25 308272 ----a-w- c:\windows\system32\drivers\N360\0308000.029\srtsp.sys
2010-11-09 13:22 . 2010-11-09 15:25 482432 ----a-w- c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys
2010-11-09 13:22 . 2010-11-09 15:25 259632 ----a-w- c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys
2010-11-09 13:22 . 2010-11-09 13:25 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-09 13:21 . 2010-11-09 13:25 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-11-07 15:06 . 2010-11-07 15:06 186880 ----a-w- c:\windows\Gmirea.exe
2010-10-28 18:15 . 2010-07-13 15:37 2672 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-10-28 18:15 . 2010-07-13 15:37 88 --sh--r- c:\documents and settings\All Users\Application Data\03BEF1D2A8.sys
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-09-18 11:23 . 2009-05-19 09:23 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-05-19 09:23 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-05-19 09:23 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-05-19 09:23 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-09_23.00.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 00:02 . 2009-07-12 00:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 00:05 . 2009-07-12 00:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 00:05 . 2009-07-12 00:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-06-11 10:17 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2010-06-11 10:17 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
+ 2005-12-05 11:41 . 2010-12-11 06:08 71482 c:\windows\system32\perfc009.dat
+ 2007-05-16 09:18 . 2007-05-16 09:18 95864 c:\windows\system32\NeroCo.dll
+ 2005-12-05 11:41 . 2008-05-19 06:33 18944 c:\windows\system32\msisip.dll
+ 2005-12-05 11:41 . 2008-05-19 01:57 95744 c:\windows\system32\msiexec.exe
+ 2007-07-03 19:10 . 2007-07-03 19:10 11304 c:\windows\system32\drivers\imagedrv.sys
+ 2008-05-19 06:33 . 2008-05-19 06:33 18944 c:\windows\system32\dllcache\msisip.dll
+ 2008-05-19 01:57 . 2008-05-19 01:57 95744 c:\windows\system32\dllcache\msiexec.exe
+ 2010-04-07 23:57 . 2010-04-07 23:57 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2010-04-07 22:48 . 2010-04-07 22:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-07 23:57 . 2010-04-07 23:57 17256 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2010-12-10 20:44 . 2010-12-10 20:44 25214 c:\windows\Installer\{CF097717-F174-4144-954A-FBC4BF301033}\ARPPRODUCTICON.exe
+ 2010-12-09 13:13 . 2010-12-09 13:13 22486 c:\windows\Installer\{A4F323A5-B6CA-4BA5-8C49-29D4AAD0EC9D}\ext.exe
+ 2010-12-10 19:46 . 2010-12-10 19:46 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\45fe90943708016ccfe56c98c1778a9e\UIAutomationProvider.ni.dll
+ 2010-12-10 20:24 . 2010-12-10 20:24 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\84745fd77ba5b3ca8837297f5258951b\System.Windows.Presentation.ni.dll
+ 2010-12-10 19:43 . 2010-12-10 19:43 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\5c39259018bf82fbaab6a6a8962ce7ad\PresentationFontCache.ni.exe
+ 2010-12-10 19:42 . 2010-12-10 19:42 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\b69dfbadf2bd9c5315f7e44d0ce5f48a\PresentationCFFRasterizer.ni.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-12-11 05:55 . 2010-12-11 05:55 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-05-14 02:14 . 2010-05-14 02:14 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-12-10 19:26 . 2010-12-10 19:26 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-12-11 05:55 . 2010-12-11 05:55 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-12-11 05:59 . 2010-12-11 05:59 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-09-08 02:05 . 2010-09-08 02:05 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-12-11 05:56 . 2010-12-11 05:56 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-12-11 06:00 . 2010-12-11 06:00 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-12-11 06:00 . 2010-12-11 06:00 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-09-08 02:05 . 2010-09-08 02:05 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-12-11 06:00 . 2010-12-11 06:00 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-12-11 06:00 . 2010-12-11 06:00 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-12-11 05:59 . 2010-12-11 05:59 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-12-11 05:56 . 2010-12-11 05:56 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-12-11 05:58 . 2010-12-11 05:58 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-12-11 06:00 . 2010-12-11 06:00 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-12-11 05:55 . 2010-12-11 05:55 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-12-11 06:00 . 2010-12-11 06:00 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2005-12-05 11:41 . 2008-04-17 01:43 2560 c:\windows\system32\msimsg.dll
- 2010-03-01 09:01 . 2010-10-28 18:27 2620 c:\windows\system32\KGyGaAvL.sys
+ 2010-03-01 09:01 . 2010-12-11 00:02 2620 c:\windows\system32\KGyGaAvL.sys
+ 2008-04-17 01:43 . 2008-04-17 01:43 2560 c:\windows\system32\dllcache\msimsg.dll
+ 2010-12-11 05:56 . 2010-12-11 05:56 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-12-11 05:58 . 2010-12-11 05:58 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-09-08 02:05 . 2010-09-08 02:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-09-08 02:04 . 2010-09-08 02:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-12-11 05:59 . 2010-12-11 05:59 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-12-11 06:00 . 2010-12-11 06:00 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-12-11 05:57 . 2010-12-11 05:57 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-12-11 05:57 . 2010-12-11 05:57 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 00:05 . 2009-07-12 00:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2007-04-23 16:42 . 2007-04-23 16:42 972336 c:\windows\UNRecode.exe
+ 2007-06-26 14:12 . 2007-06-26 14:12 972072 c:\windows\UNNeroVision.exe
+ 2007-02-28 16:41 . 2007-02-28 16:41 972336 c:\windows\UNNeroShowTime.exe
+ 2007-06-27 19:05 . 2007-06-27 19:05 972072 c:\windows\UNNeroMediaHome.exe
+ 2007-03-20 21:22 . 2007-03-20 21:22 972336 c:\windows\UNNeroBackItUp.exe
+ 2000-10-02 00:00 . 2000-10-02 00:00 119568 c:\windows\system32\VB6FR.DLL
+ 2005-12-05 11:41 . 2010-12-11 06:08 441546 c:\windows\system32\perfh009.dat
+ 2005-12-05 11:41 . 2008-05-19 06:33 332800 c:\windows\system32\msihnd.dll
- 2005-12-05 04:48 . 2010-11-09 12:21 148400 c:\windows\system32\FNTCACHE.DAT
+ 2005-12-05 04:48 . 2010-12-11 13:42 148400 c:\windows\system32\FNTCACHE.DAT
+ 2007-07-03 19:10 . 2007-07-03 19:10 132904 c:\windows\system32\drivers\imagesrv.sys
+ 2008-05-19 06:33 . 2008-05-19 06:33 332800 c:\windows\system32\dllcache\msihnd.dll
- 2010-02-25 13:18 . 2010-02-25 13:18 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2010-12-10 19:28 . 2010-12-10 19:28 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
- 2010-03-30 23:16 . 2010-03-30 23:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-03-30 01:06 . 2010-03-30 01:06 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
- 2010-04-07 22:48 . 2010-04-07 22:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-07 23:57 . 2010-04-07 23:57 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2010-04-07 22:48 . 2010-04-07 22:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-07 23:57 . 2010-04-07 23:57 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-12-10 17:21 . 2010-12-10 17:21 219648 c:\windows\Installer\dcf8eec.msi
+ 2010-12-09 13:13 . 2010-12-09 13:13 660992 c:\windows\Installer\7c22c95.msi
+ 2010-12-09 13:13 . 2010-12-09 13:13 292878 c:\windows\Installer\{A4F323A5-B6CA-4BA5-8C49-29D4AAD0EC9D}\controlPanelIcon.exe
+ 2010-12-10 19:46 . 2010-12-10 19:46 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\228ebdddc05adb27269dcdf38de7624f\WindowsFormsIntegration.ni.dll
+ 2010-12-10 19:46 . 2010-12-10 19:46 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\2f5f8176b4bc93ae50cdd9fbe7734cda\UIAutomationClient.ni.dll
+ 2010-12-10 20:24 . 2010-12-10 20:24 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a6d27554fe4d3a8007ae36a82d9238a0\System.Web.Extensions.Design.ni.dll
+ 2010-12-10 20:24 . 2010-12-10 20:24 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\a5bf21476abfb5de16f604b677ee4709\System.Web.Entity.ni.dll
+ 2010-12-10 20:24 . 2010-12-10 20:24 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\17c27d3041182d006e281d878ca04805\System.Web.Entity.Design.ni.dll
+ 2010-12-10 20:24 . 2010-12-10 20:24 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ca0ba7bd725fdbb0775fdaae7f166922\System.Web.DynamicData.ni.dll
+ 2010-12-10 19:49 . 2010-12-10 19:49 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7590cef249cbced892e5ae88a460ee7e\System.IO.Log.ni.dll
+ 2010-12-10 19:49 . 2010-12-10 19:49 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\3fa9e7876b4bdffb2ced7714cdb0ffc2\System.IdentityModel.Selectors.ni.dll
+ 2010-12-10 20:13 . 2010-12-10 20:13 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\2f9be72dc9b3fef5eb4ad17d77c770c0\SMSvcHost.ni.exe
+ 2010-12-10 20:13 . 2010-12-10 20:13 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\60631a32aa897e77172d6d92540f7ed2\SMDiagnostics.ni.dll
+ 2010-12-10 20:12 . 2010-12-10 20:12 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5e999d4cc2ee886578eedc2d8443c564\ServiceModelReg.ni.exe
+ 2010-12-10 19:45 . 2010-12-10 19:45 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ddd004a87d940b58ae99c93ed1cf4fca\PresentationFramework.Luna.ni.dll
+ 2010-12-10 19:45 . 2010-12-10 19:45 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cbb581129b3a3d4c28da8a1143567473\PresentationFramework.Classic.ni.dll
+ 2010-12-10 19:45 . 2010-12-10 19:45 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0c33fb20e785a30c3cf2f3ab8e556896\PresentationFramework.Royale.ni.dll
+ 2010-12-10 19:45 . 2010-12-10 19:45 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\05075a3984f571564b846f050e23bb9b\PresentationFramework.Aero.ni.dll
+ 2010-12-10 20:12 . 2010-12-10 20:12 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\053aaaeb3a5c0e790b7098e45af7943c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-12-10 20:11 . 2010-12-10 20:11 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\d808af04281946dae01e2bdbf68d4020\ComSvcConfig.ni.exe
- 2010-09-08 02:04 . 2010-09-08 02:04 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-12-11 05:55 . 2010-12-11 05:55 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-12-11 05:55 . 2010-12-11 05:55 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-12-11 06:02 . 2010-12-11 06:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-12-10 19:26 . 2010-12-10 19:26 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2010-05-14 02:14 . 2010-05-14 02:14 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-12-11 05:57 . 2010-12-11 05:57 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-12-11 05:57 . 2010-12-11 05:57 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-12-11 05:57 . 2010-12-11 05:57 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-12-11 05:57 . 2010-12-11 05:57 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-12-10 19:26 . 2010-12-10 19:26 442368 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-12-11 05:56 . 2010-12-11 05:56 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-12-11 05:58 . 2010-12-11 05:58 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-12-11 05:57 . 2010-12-11 05:57 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-12-11 06:00 . 2010-12-11 06:00 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-09-08 02:05 . 2010-09-08 02:05 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-12-11 06:02 . 2010-12-11 06:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-09-08 02:05 . 2010-09-08 02:05 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-12-11 06:01 . 2010-12-11 06:01 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-09-08 02:05 . 2010-09-08 02:05 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-12-11 05:59 . 2010-12-11 05:59 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-09-08 02:05 . 2010-09-08 02:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-05-14 02:14 . 2010-05-14 02:14 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-12-10 19:26 . 2010-12-10 19:26 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-12-11 05:56 . 2010-12-11 05:56 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-12-11 05:56 . 2010-12-11 05:56 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-12-11 05:57 . 2010-12-11 05:57 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-12-11 05:57 . 2010-12-11 05:57 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-12-11 06:00 . 2010-12-11 06:00 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-12-11 05:59 . 2010-12-11 05:59 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-12-11 05:55 . 2010-12-11 05:55 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-12-11 05:57 . 2010-12-11 05:57 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-12-11 05:57 . 2010-12-11 05:57 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-12-11 05:57 . 2010-12-11 05:57 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2005-12-05 11:41 . 2008-05-19 06:33 4445184 c:\windows\system32\msi.dll
+ 2008-05-19 06:33 . 2008-05-19 06:33 4445184 c:\windows\system32\dllcache\msi.dll
+ 2010-04-07 23:57 . 2010-04-07 23:57 5988352 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-12-10 20:44 . 2010-12-10 20:44 6425600 c:\windows\Installer\e8495f0.msi
+ 2009-02-05 02:35 . 2009-02-05 02:35 1847296 c:\windows\Installer\dcf8ef3.msp
+ 2009-02-05 02:47 . 2009-02-05 02:47 3762176 c:\windows\Installer\dcf8ef2.msp
+ 2010-12-10 19:42 . 2010-12-10 19:42 3346944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\ea0fe802a8d6273584fd0d8d83d6b41d\WindowsBase.ni.dll
+ 2010-12-10 19:46 . 2010-12-10 19:46 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b4f167b8ccc14707daf8a8c69a405088\UIAutomationClientsideProviders.ni.dll
+ 2010-12-10 20:24 . 2010-12-10 20:24 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\f2e18b90264824d1e712455d498ed2e2\System.WorkflowServices.ni.dll
+ 2010-12-10 20:24 . 2010-12-10 20:24 2403840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\41a7effc0106a6540154b3aaffc13839\System.Web.Extensions.ni.dll
+ 2010-12-10 20:23 . 2010-12-10 20:23 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\738b2083f10ecf382c79ba9cef7c925f\System.ServiceModel.Web.ni.dll
+ 2010-12-10 19:50 . 2010-12-10 19:50 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb02f4c55bd1221dff95b8f47028b110\System.Runtime.Serialization.ni.dll
+ 2010-12-10 19:46 . 2010-12-10 19:46 1039872 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\dcf1b87de50756d8ba09edbddbd6d28c\System.Printing.ni.dll
+ 2010-12-10 19:49 . 2010-12-10 19:49 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\76bfd39192229553f41ce5b47e612e85\System.IdentityModel.ni.dll
+ 2010-12-10 20:17 . 2010-12-10 20:17 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\acd989c1bb0e029fd9977b2831a13606\System.Data.Services.ni.dll
+ 2010-12-10 19:45 . 2010-12-10 19:45 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44c365291bef4d0b6405e36aed6946c0\System.Data.Linq.ni.dll
+ 2010-12-10 20:16 . 2010-12-10 20:16 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\3a7df9a71c9ca92aabd4d25d9a33f2f1\System.Data.Entity.ni.dll
+ 2010-12-10 19:45 . 2010-12-10 19:45 2132480 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\0f8348b87c4ba0db21300776cd32dcd7\ReachFramework.ni.dll
+ 2010-12-10 19:45 . 2010-12-10 19:45 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\e81d048e9786bdac57fed08798e7e5a4\PresentationUI.ni.dll
+ 2010-12-10 20:12 . 2010-12-10 20:12 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\62e0c26ec987543dc8a565031966f38c\Microsoft.Transactions.Bridge.ni.dll
- 2010-06-13 02:08 . 2010-06-13 02:08 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-12-10 19:26 . 2010-12-10 19:26 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-12-11 05:55 . 2010-12-11 05:55 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-09-08 02:06 . 2010-09-08 02:06 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-12-10 19:29 . 2010-12-10 19:29 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-12-10 19:26 . 2010-12-10 19:26 5988352 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2010-09-08 02:04 . 2010-09-08 02:04 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-12-11 05:55 . 2010-12-11 05:55 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-06-13 02:08 . 2010-06-13 02:08 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-12-10 19:26 . 2010-12-10 19:26 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2010-09-08 02:05 . 2010-09-08 02:05 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-12-11 06:01 . 2010-12-11 06:01 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-12-10 19:26 . 2010-12-10 19:26 4218880 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2010-02-25 12:15 . 2010-10-14 02:00 35758536 c:\windows\system32\MRT.exe
+ 2010-02-25 12:15 . 2010-11-02 16:47 35758536 c:\windows\system32\MRT.exe
+ 2010-12-10 20:10 . 2010-12-10 20:10 17472000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0f3a3e28edaed5ce0557d47a16d00ac3\System.ServiceModel.ni.dll
+ 2010-12-10 19:44 . 2010-12-10 19:44 14337536 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\587a2ac10537e302fbc41824838c3527\PresentationFramework.ni.dll
+ 2010-12-10 19:43 . 2010-12-10 19:43 12236288 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ff22625699b842663d9f04d4c9dc85a4\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-07-08 1953887]
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2010-02-06 4853760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-12-30 523408]
"OW1T3CYG7T"="c:\windows\Gmirea.exe" [2010-11-07 186880]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" [2005-10-31 163840]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AOL_Demo"="c:\applications\Tool\AOL Demo\DSGDemo.exe" [2005-12-01 177178]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 22:43 59240]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [09/11/2010 15:26 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [09/11/2010 15:25 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [09/11/2010 15:25 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101208.001\IDSXpx86.sys [10/11/2010 05:34 341944]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [07/03/2010 11:11 390528]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [10/12/2010 13:15 47616]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/12/2010 15:30 102448]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [07/08/2003 16:42 6528]
S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe [09/11/2010 15:24 117640]
S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/02/2010 09:47 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-12-11 c:\windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
- c:\windows\Gmirea.exe [2010-11-07 15:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 14:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3296923419-416603358-497765969-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA0DB758-EF64-6991-E085-D0FCE315193A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jadihbnhefjddgapgnpp"=hex:6b,61,66,6b,61,62,6f,64,6a,69,67,62,65,68,6f,64,70,
67,6e,6e,65,6a,00,00
"iajebdmfkcagbiijok"=hex:6b,61,66,6b,61,62,6f,64,6a,69,67,62,65,68,6f,64,70,67,
6e,6e,65,6a,00,7c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(14696)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-11 15:23:47
ComboFix-quarantined-files.txt 2010-12-11 15:23
ComboFix2.txt 2010-11-09 23:25

Pre-Run: 20,399,464,448 bytes free
Post-Run: 22,940,008,448 bytes free

- - End Of File - - 704B1EB8A4462D9988D7FF38DD6B1B50

Bobbye · Dec 11, 2010

It looks like you got the Fake Alert Trojan Downloader on 11/07/2010. It is also in the scheduled tasks folder. You did a torrent download of a program named XSPPlat. Whether it was the program or the site where you did the download, please understand that you infected the system doing file sharing. And the malware has been reporting on you since 11/07/2010, with connections to the internet. I don't know how much damage it's done or what information of yours might have been taken. But I would consider the system compromised and advise you to reformat and reinstall.
============================================
P2P or 'file sharing' Warning:

As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.

Malware writers use these program to include malicious content.

Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.

The 'sharing' also includes malware that the shared system has on it.

Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
=======================================
You can remove the present entries, but since it's in memory, you can expect it back
========================================
Please download OTMovit by Old Timer and save to your desktop.
Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
:Processes	
:Files 
C:\WINDOWS\Gmirea.exe 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.

Click the red Moveit! button.

A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=====================================
Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
Code:
File::
c:\windows\Gmirea.exe
Folder::
c:\program files\XSPPlat
c:\documents and settings\michael\Application Data\iktsoft

DDS:: 
uRun: [OW1T3CYG7T] c:\windows\Gmirea.exe
mRun: [AOL_Demo] c:\applications\tool\aol demo\DSGDemo.exe

RegNull::
[HKEY_USERS\S-1-5-21-3296923419-416603358-497765969-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA0DB758-EF64-6991-E085-D0FCE315193A}*]

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OW1T3CYG7T"=-
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Control Panel> Scheduled Tasks> Remove from here:
c:\windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
- c:\windows\Gmirea.exe [2010-11-07 15:06]

cymikey10 · Dec 12, 2010

Hi there,
I ran OTMoveit and the log is below but i have had some problems with the combofix script.
I copied and pasted the script and followed your instructions and when i dropped the txt file into combofix many pop ups came saying the file path maybe wrong or i do not have permission to open it (or along those lines) When i clicked ok to them all - around 10 of them - combofix went through its usual scans then my computer screen refreshed but didnt load explorer back up, i left this screen with just my background image on for an hour or so to make sure combofix wasnt running in the background then opened task manager to check the current processes. I tried to run explorer but it told me there wasnt enough resources to run this. I eventually restarted my computer through task manager normally and checked c:/combofix.txt to find the only combofix file has the my computer icon with c:\ drive inside it when i open it. The computer itself seems to be running normal so far but i dont want to try running combofix again or removing gmire.exe from the scheduled tasks until i got some advice from you.
Thanks

OTMovit log >>>>

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\WINDOWS\Gmirea.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: michael
->Temp folder emptied: 1334857 bytes
->Temporary Internet Files folder emptied: 10626328 bytes
->Flash cache emptied: 1993344 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 555520 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132146 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65712312 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 77.00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 12122010_213605

Files moved on Reboot...
File C:\WINDOWS\temp\JETC166.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_5f8.dat moved successfully.

Registry entries deleted on Reboot...

Bobbye · Dec 12, 2010

Please try running the s cript in Combofixagain. There are entries that need to be removed.

Keep in mind:

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

cymikey10 · Dec 13, 2010

Thanks ive run combofix without any issues this time and here is the log >>>>

ComboFix 10-12-12.03 - michael 13/12/2010 12:31:57.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.446.88 [GMT 0:00]
Running from: c:\documents and settings\michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\michael\Desktop\CFScript.txt
AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\Gmirea.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\michael\Application Data\iktsoft
c:\program files\XSPPlat
c:\program files\XSPPlat\system\EVEN22.BMP
c:\program files\XSPPlat\system\EVEN24.BMP
c:\program files\XSPPlat\system\EVEN4.BMP
c:\program files\XSPPlat\system\EVEN6.BMP
c:\program files\XSPPlat\system\EVEN8.BMP
c:\program files\XSPPlat\system\EVENR10.BMP
c:\program files\XSPPlat\system\EVENR12.BMP
c:\program files\XSPPlat\system\EVENR14.BMP
c:\program files\XSPPlat\system\EVENR16.BMP
c:\program files\XSPPlat\system\EVENR18.BMP
c:\program files\XSPPlat\system\EVENR2.BMP
c:\program files\XSPPlat\system\EVENR20.BMP
c:\program files\XSPPlat\system\EVENR22.BMP
c:\program files\XSPPlat\system\EVENR24.BMP
c:\program files\XSPPlat\system\EVENR4.BMP
c:\program files\XSPPlat\system\EVENR6.BMP
c:\program files\XSPPlat\system\EVENR8.BMP
c:\program files\XSPPlat\system\EVENRS10.BMP
c:\program files\XSPPlat\system\EVENRS12.BMP
c:\program files\XSPPlat\system\EVENRS14.BMP
c:\program files\XSPPlat\system\EVENRS16.BMP
c:\program files\XSPPlat\system\EVENRS18.BMP
c:\program files\XSPPlat\system\EVENRS2.BMP
c:\program files\XSPPlat\system\EVENRS20.BMP
c:\program files\XSPPlat\system\EVENRS22.BMP
c:\program files\XSPPlat\system\EVENRS24.BMP
c:\program files\XSPPlat\system\EVENRS4.BMP
c:\program files\XSPPlat\system\EVENRS6.BMP
c:\program files\XSPPlat\system\EVENRS8.BMP
c:\program files\XSPPlat\system\F0.WMF
c:\program files\XSPPlat\system\F0Z10.BMP
c:\program files\XSPPlat\system\F0Z12.BMP
c:\program files\XSPPlat\system\F0Z14.BMP
c:\program files\XSPPlat\system\F0Z16.BMP
c:\program files\XSPPlat\system\F0Z18.BMP
c:\program files\XSPPlat\system\F0Z2.BMP
c:\program files\XSPPlat\system\F0Z20.BMP
c:\program files\XSPPlat\system\F0Z22.BMP
c:\program files\XSPPlat\system\F0Z24.BMP
c:\program files\XSPPlat\system\F0Z4.BMP
c:\program files\XSPPlat\system\F0Z6.BMP
c:\program files\XSPPlat\system\F0Z8.BMP
c:\program files\XSPPlat\system\F1.WMF
c:\program files\XSPPlat\system\F10Z10.BMP
c:\program files\XSPPlat\system\F10Z12.BMP
c:\program files\XSPPlat\system\F10Z14.BMP
c:\program files\XSPPlat\system\F10Z16.BMP
c:\program files\XSPPlat\system\F10Z18.BMP
c:\program files\XSPPlat\system\F10Z2.BMP
c:\program files\XSPPlat\system\F10Z20.BMP
c:\program files\XSPPlat\system\F10Z22.BMP
c:\program files\XSPPlat\system\F10Z24.BMP
c:\program files\XSPPlat\system\F10Z4.BMP
c:\program files\XSPPlat\system\F10Z6.BMP
c:\program files\XSPPlat\system\F10Z8.BMP
c:\program files\XSPPlat\system\F1Z10.BMP
c:\program files\XSPPlat\system\F1Z12.BMP
c:\program files\XSPPlat\system\F1Z14.BMP
c:\program files\XSPPlat\system\F1Z16.BMP
c:\program files\XSPPlat\system\F1Z18.BMP
c:\program files\XSPPlat\system\F1Z2.BMP
c:\program files\XSPPlat\system\F1Z20.BMP
c:\program files\XSPPlat\system\F1Z22.BMP
c:\program files\XSPPlat\system\F1Z24.BMP
c:\program files\XSPPlat\system\F1Z4.BMP
c:\program files\XSPPlat\system\F1Z6.BMP
c:\program files\XSPPlat\system\F1Z8.BMP
c:\program files\XSPPlat\system\F2.WMF
c:\program files\XSPPlat\system\F2Z10.BMP
c:\program files\XSPPlat\system\F2Z12.BMP
c:\program files\XSPPlat\system\F2Z14.BMP
c:\program files\XSPPlat\system\F2Z16.BMP
c:\program files\XSPPlat\system\F2Z18.BMP
c:\program files\XSPPlat\system\F2Z2.BMP
c:\program files\XSPPlat\system\F2Z20.BMP
c:\program files\XSPPlat\system\F2Z22.BMP
c:\program files\XSPPlat\system\F2Z24.BMP
c:\program files\XSPPlat\system\F2Z4.BMP
c:\program files\XSPPlat\system\F2Z6.BMP
c:\program files\XSPPlat\system\F2Z8.BMP
c:\program files\XSPPlat\system\F3.WMF
c:\program files\XSPPlat\system\F3Z10.BMP
c:\program files\XSPPlat\system\F3Z12.BMP
c:\program files\XSPPlat\system\F3Z14.BMP
c:\program files\XSPPlat\system\F3Z16.BMP
c:\program files\XSPPlat\system\F3Z18.BMP
c:\program files\XSPPlat\system\F3Z2.BMP
c:\program files\XSPPlat\system\F3Z20.BMP
c:\program files\XSPPlat\system\F3Z22.BMP
c:\program files\XSPPlat\system\F3Z24.BMP
c:\program files\XSPPlat\system\F3Z4.BMP
c:\program files\XSPPlat\system\F3Z6.BMP
c:\program files\XSPPlat\system\F3Z8.BMP
c:\program files\XSPPlat\system\F4.WMF
c:\program files\XSPPlat\system\F4Z10.BMP
c:\program files\XSPPlat\system\F4Z12.BMP
c:\program files\XSPPlat\system\F4Z14.BMP
c:\program files\XSPPlat\system\F4Z16.BMP
c:\program files\XSPPlat\system\F4Z18.BMP
c:\program files\XSPPlat\system\F4Z2.BMP
c:\program files\XSPPlat\system\F4Z20.BMP
c:\program files\XSPPlat\system\F4Z22.BMP
c:\program files\XSPPlat\system\F4Z24.BMP
c:\program files\XSPPlat\system\F4Z4.BMP
c:\program files\XSPPlat\system\F4Z6.BMP
c:\program files\XSPPlat\system\F4Z8.BMP
c:\program files\XSPPlat\system\F5.WMF
c:\program files\XSPPlat\system\F5Z10.BMP
c:\program files\XSPPlat\system\F5Z12.BMP
c:\program files\XSPPlat\system\F5Z14.BMP
c:\program files\XSPPlat\system\F5Z16.BMP
c:\program files\XSPPlat\system\F5Z18.BMP
c:\program files\XSPPlat\system\F5Z2.BMP
c:\program files\XSPPlat\system\F5Z20.BMP
c:\program files\XSPPlat\system\F5Z22.BMP
c:\program files\XSPPlat\system\F5Z24.BMP
c:\program files\XSPPlat\system\F5Z4.BMP
c:\program files\XSPPlat\system\F5Z6.BMP
c:\program files\XSPPlat\system\F5Z8.BMP
c:\program files\XSPPlat\system\F6.WMF
c:\program files\XSPPlat\system\F6Z10.BMP
c:\program files\XSPPlat\system\F6Z12.BMP
c:\program files\XSPPlat\system\F6Z14.BMP
c:\program files\XSPPlat\system\F6Z16.BMP
c:\program files\XSPPlat\system\F6Z18.BMP
c:\program files\XSPPlat\system\F6Z2.BMP
c:\program files\XSPPlat\system\F6Z20.BMP
c:\program files\XSPPlat\system\F6Z22.BMP
c:\program files\XSPPlat\system\F6Z24.BMP
c:\program files\XSPPlat\system\F6Z4.BMP
c:\program files\XSPPlat\system\F6Z6.BMP
c:\program files\XSPPlat\system\F6Z8.BMP
c:\program files\XSPPlat\system\F7.WMF
c:\program files\XSPPlat\system\F7Z10.BMP
c:\program files\XSPPlat\system\F7Z12.BMP
c:\program files\XSPPlat\system\F7Z14.BMP
c:\program files\XSPPlat\system\F7Z16.BMP
c:\program files\XSPPlat\system\F7Z18.BMP
c:\program files\XSPPlat\system\F7Z2.BMP
c:\program files\XSPPlat\system\F7Z20.BMP
c:\program files\XSPPlat\system\F7Z22.BMP
c:\program files\XSPPlat\system\F7Z24.BMP
c:\program files\XSPPlat\system\F7Z4.BMP
c:\program files\XSPPlat\system\F7Z6.BMP
c:\program files\XSPPlat\system\F7Z8.BMP
c:\program files\XSPPlat\system\F8.WMF
c:\program files\XSPPlat\system\F8Z10.BMP
c:\program files\XSPPlat\system\F8Z12.BMP
c:\program files\XSPPlat\system\F8Z14.BMP
c:\program files\XSPPlat\system\F8Z16.BMP
c:\program files\XSPPlat\system\F8Z18.BMP
c:\program files\XSPPlat\system\F8Z2.BMP
c:\program files\XSPPlat\system\F8Z20.BMP
c:\program files\XSPPlat\system\F8Z22.BMP
c:\program files\XSPPlat\system\F8Z24.BMP
c:\program files\XSPPlat\system\F8Z4.BMP
c:\program files\XSPPlat\system\F8Z6.BMP
c:\program files\XSPPlat\system\F8Z8.BMP
c:\program files\XSPPlat\system\F9.WMF
c:\program files\XSPPlat\system\F9Z10.BMP
c:\program files\XSPPlat\system\F9Z12.BMP
c:\program files\XSPPlat\system\F9Z14.BMP
c:\program files\XSPPlat\system\F9Z16.BMP
c:\program files\XSPPlat\system\F9Z18.BMP
c:\program files\XSPPlat\system\F9Z2.BMP
c:\program files\XSPPlat\system\F9Z20.BMP
c:\program files\XSPPlat\system\F9Z22.BMP
c:\program files\XSPPlat\system\F9Z24.BMP
c:\program files\XSPPlat\system\F9Z4.BMP
c:\program files\XSPPlat\system\F9Z6.BMP
c:\program files\XSPPlat\system\F9Z8.BMP
c:\program files\XSPPlat\system\Fs10z10.bmp
c:\program files\XSPPlat\system\Fs10z12.bmp
c:\program files\XSPPlat\system\Fs10z14.bmp
c:\program files\XSPPlat\system\Fs10z16.bmp
c:\program files\XSPPlat\system\Fs10z18.bmp
c:\program files\XSPPlat\system\Fs10z2.bmp
c:\program files\XSPPlat\system\Fs10z20.bmp
c:\program files\XSPPlat\system\Fs10z22.bmp
c:\program files\XSPPlat\system\Fs10z24.bmp
c:\program files\XSPPlat\system\Fs10z4.bmp
c:\program files\XSPPlat\system\Fs10z6.bmp
c:\program files\XSPPlat\system\Fs10z8.bmp
c:\program files\XSPPlat\system\Fs9z10.bmp
c:\program files\XSPPlat\system\Fs9z12.bmp
c:\program files\XSPPlat\system\Fs9z14.bmp
c:\program files\XSPPlat\system\Fs9z16.bmp
c:\program files\XSPPlat\system\Fs9z18.bmp
c:\program files\XSPPlat\system\Fs9z2.bmp
c:\program files\XSPPlat\system\Fs9z20.bmp
c:\program files\XSPPlat\system\Fs9z22.bmp
c:\program files\XSPPlat\system\Fs9z24.bmp
c:\program files\XSPPlat\system\Fs9z4.bmp
c:\program files\XSPPlat\system\Fs9z6.bmp
c:\program files\XSPPlat\system\Fs9z8.bmp
c:\program files\XSPPlat\system\hlpindex_en.txt
c:\program files\XSPPlat\system\K10.BMP
c:\program files\XSPPlat\system\K12.BMP
c:\program files\XSPPlat\system\K14.BMP
c:\program files\XSPPlat\system\K16.BMP
c:\program files\XSPPlat\system\K18.BMP
c:\program files\XSPPlat\system\K2.BMP
c:\program files\XSPPlat\system\K20.BMP
c:\program files\XSPPlat\system\K22.BMP
c:\program files\XSPPlat\system\K24.BMP
c:\program files\XSPPlat\system\K4.BMP
c:\program files\XSPPlat\system\K6.BMP
c:\program files\XSPPlat\system\K8.BMP
c:\program files\XSPPlat\system\KB10.BMP
c:\program files\XSPPlat\system\KB12.BMP
c:\program files\XSPPlat\system\KB14.BMP
c:\program files\XSPPlat\system\KB16.BMP
c:\program files\XSPPlat\system\KB18.BMP
c:\program files\XSPPlat\system\KB2.BMP
c:\program files\XSPPlat\system\KB20.BMP
c:\program files\XSPPlat\system\KB22.BMP
c:\program files\XSPPlat\system\KB24.BMP
c:\program files\XSPPlat\system\KB4.BMP
c:\program files\XSPPlat\system\KB6.BMP
c:\program files\XSPPlat\system\KB8.BMP
c:\program files\XSPPlat\system\PA10.BMP
c:\program files\XSPPlat\system\PA12.BMP
c:\program files\XSPPlat\system\PA14.BMP
c:\program files\XSPPlat\system\PA16.BMP
c:\program files\XSPPlat\system\PA18.BMP
c:\program files\XSPPlat\system\PA2.BMP
c:\program files\XSPPlat\system\PA20.BMP
c:\program files\XSPPlat\system\PA22.BMP
c:\program files\XSPPlat\system\PA24.BMP
c:\program files\XSPPlat\system\PA4.BMP
c:\program files\XSPPlat\system\PA6.BMP
c:\program files\XSPPlat\system\PA8.BMP
c:\program files\XSPPlat\system\PLAS10.BMP
c:\program files\XSPPlat\system\PLAS12.BMP
c:\program files\XSPPlat\system\PLAS14.BMP
c:\program files\XSPPlat\system\PLAS16.BMP
c:\program files\XSPPlat\system\PLAS18.BMP
c:\program files\XSPPlat\system\PLAS2.BMP
c:\program files\XSPPlat\system\PLAS20.BMP
c:\program files\XSPPlat\system\PLAS22.BMP
c:\program files\XSPPlat\system\PLAS24.BMP
c:\program files\XSPPlat\system\PLAS4.BMP
c:\program files\XSPPlat\system\PLAS6.BMP
c:\program files\XSPPlat\system\PLAS8.BMP
c:\program files\XSPPlat\system\PLASR10.BMP
c:\program files\XSPPlat\system\PLASR12.BMP
c:\program files\XSPPlat\system\PLASR14.BMP
c:\program files\XSPPlat\system\PLASR16.BMP
c:\program files\XSPPlat\system\PLASR18.BMP
c:\program files\XSPPlat\system\PLASR2.BMP
c:\program files\XSPPlat\system\PLASR20.BMP
c:\program files\XSPPlat\system\PLASR22.BMP
c:\program files\XSPPlat\system\PLASR24.BMP
c:\program files\XSPPlat\system\PLASR4.BMP
c:\program files\XSPPlat\system\PLASR6.BMP
c:\program files\XSPPlat\system\PLASR8.BMP
c:\program files\XSPPlat\system\PT10.BMP
c:\program files\XSPPlat\system\PT12.BMP
c:\program files\XSPPlat\system\PT14.BMP
c:\program files\XSPPlat\system\PT16.BMP
c:\program files\XSPPlat\system\PT18.BMP
c:\program files\XSPPlat\system\PT2.BMP
c:\program files\XSPPlat\system\PT20.BMP
c:\program files\XSPPlat\system\PT22.BMP
c:\program files\XSPPlat\system\PT24.BMP
c:\program files\XSPPlat\system\PT4.BMP
c:\program files\XSPPlat\system\PT6.BMP
c:\program files\XSPPlat\system\PT8.BMP
c:\program files\XSPPlat\system\PX10.BMP
c:\program files\XSPPlat\system\PX12.BMP
c:\program files\XSPPlat\system\PX14.BMP
c:\program files\XSPPlat\system\PX16.BMP
c:\program files\XSPPlat\system\PX18.BMP
c:\program files\XSPPlat\system\PX2.BMP
c:\program files\XSPPlat\system\PX20.BMP
c:\program files\XSPPlat\system\PX22.BMP
c:\program files\XSPPlat\system\PX24.BMP
c:\program files\XSPPlat\system\PX4.BMP
c:\program files\XSPPlat\system\PX6.BMP
c:\program files\XSPPlat\system\PX8.BMP
c:\program files\XSPPlat\system\RUG10.BMP
c:\program files\XSPPlat\system\RUG12.BMP
c:\program files\XSPPlat\system\RUG14.BMP
c:\program files\XSPPlat\system\RUG16.BMP
c:\program files\XSPPlat\system\RUG18.BMP
c:\program files\XSPPlat\system\RUG2.BMP
c:\program files\XSPPlat\system\RUG20.BMP
c:\program files\XSPPlat\system\RUG22.BMP
c:\program files\XSPPlat\system\RUG24.BMP
c:\program files\XSPPlat\system\RUG4.BMP
c:\program files\XSPPlat\system\RUG6.BMP
c:\program files\XSPPlat\system\RUG8.BMP
c:\program files\XSPPlat\system\RUGR10.BMP
c:\program files\XSPPlat\system\RUGR12.BMP
c:\program files\XSPPlat\system\RUGR14.BMP
c:\program files\XSPPlat\system\RUGR16.BMP
c:\program files\XSPPlat\system\RUGR18.BMP
c:\program files\XSPPlat\system\RUGR2.BMP
c:\program files\XSPPlat\system\RUGR20.BMP
c:\program files\XSPPlat\system\RUGR22.BMP
c:\program files\XSPPlat\system\RUGR24.BMP
c:\program files\XSPPlat\system\RUGR4.BMP
c:\program files\XSPPlat\system\RUGR6.BMP
c:\program files\XSPPlat\system\RUGR8.BMP
c:\program files\XSPPlat\system\SPLITH.BMP
c:\program files\XSPPlat\system\SPLITV.BMP
c:\program files\XSPPlat\system\SWEB.WMF
c:\program files\XSPPlat\system\T10.BMP
c:\program files\XSPPlat\system\T12.BMP
c:\program files\XSPPlat\system\T14.BMP
c:\program files\XSPPlat\system\T16.BMP
c:\program files\XSPPlat\system\T18.BMP
c:\program files\XSPPlat\system\T2.BMP
c:\program files\XSPPlat\system\T20.BMP
c:\program files\XSPPlat\system\T22.BMP
c:\program files\XSPPlat\system\T24.BMP
c:\program files\XSPPlat\system\T4.BMP
c:\program files\XSPPlat\system\T6.BMP
c:\program files\XSPPlat\system\T8.BMP
c:\program files\XSPPlat\system\TAP10.BMP
c:\program files\XSPPlat\system\TAP12.BMP
c:\program files\XSPPlat\system\TAP14.BMP
c:\program files\XSPPlat\system\TAP16.BMP
c:\program files\XSPPlat\system\TAP18.BMP
c:\program files\XSPPlat\system\TAP2.BMP
c:\program files\XSPPlat\system\TAP20.BMP
c:\program files\XSPPlat\system\TAP22.BMP
c:\program files\XSPPlat\system\TAP24.BMP
c:\program files\XSPPlat\system\TAP4.BMP
c:\program files\XSPPlat\system\TAP6.BMP
c:\program files\XSPPlat\system\TAP8.BMP
c:\program files\XSPPlat\system\TAPR10.BMP
c:\program files\XSPPlat\system\TAPR12.BMP
c:\program files\XSPPlat\system\TAPR14.BMP
c:\program files\XSPPlat\system\TAPR16.BMP
c:\program files\XSPPlat\system\TAPR18.BMP
c:\program files\XSPPlat\system\TAPR2.BMP
c:\program files\XSPPlat\system\TAPR20.BMP
c:\program files\XSPPlat\system\TAPR22.BMP
c:\program files\XSPPlat\system\TAPR24.BMP
c:\program files\XSPPlat\system\TAPR28.BMP
c:\program files\XSPPlat\system\TAPR4.BMP
c:\program files\XSPPlat\system\TAPR6.BMP
c:\program files\XSPPlat\system\TAPR8.BMP
c:\program files\XSPPlat\system\TARGET.WMF
c:\program files\XSPPlat\system\TARGET2.WMF
c:\program files\XSPPlat\system\X10.BMP
c:\program files\XSPPlat\system\X12.BMP
c:\program files\XSPPlat\system\X14.BMP
c:\program files\XSPPlat\system\X16.BMP
c:\program files\XSPPlat\system\X18.BMP
c:\program files\XSPPlat\system\X2.BMP
c:\program files\XSPPlat\system\X20.BMP
c:\program files\XSPPlat\system\X22.BMP
c:\program files\XSPPlat\system\X24.BMP
c:\program files\XSPPlat\system\X4.BMP
c:\program files\XSPPlat\system\X6.BMP
c:\program files\XSPPlat\system\X8.BMP
c:\program files\XSPPlat\Tapimatic Rug Wool.rng
c:\program files\XSPPlat\templates\default.bak
c:\program files\XSPPlat\templates\DEFAULT.RTF
c:\program files\XSPPlat\templates\default.xsp
c:\program files\XSPPlat\templates\DEFAULT2.RTF
c:\program files\XSPPlat\templates\DISPLAY.TXT
c:\program files\XSPPlat\templates\nostrands.RTF
c:\program files\XSPPlat\templates\PRINT.TXT
c:\program files\XSPPlat\templates\PUBKEY.RTF
c:\program files\XSPPlat\templates\pubkey_2cols.RTF
c:\program files\XSPPlat\templates\smallKEY.RTF
c:\program files\XSPPlat\templates\strands.RTF
c:\program files\XSPPlat\test.xsf
c:\program files\XSPPlat\Trebla.rng
c:\program files\XSPPlat\Turkey Rug.rng
c:\program files\XSPPlat\TURKEY.RNG
c:\program files\XSPPlat\Turtle.xsp
c:\program files\XSPPlat\unins000.dat
c:\program files\XSPPlat\unins000.exe
c:\program files\XSPPlat\V and H.rng
c:\program files\XSPPlat\VandH2003.rng
c:\program files\XSPPlat\variegated_demo.rng
c:\program files\XSPPlat\Venus.rng
c:\program files\XSPPlat\Vital Link Metallic.rng
c:\program files\XSPPlat\Vital Link Rayon.rng
c:\program files\XSPPlat\xsp2003.cnt
c:\program files\XSPPlat\xsp2003.hlp
c:\program files\XSPPlat\xspplat.pdf
c:\program files\XSPPlat\Xstitch.exe
c:\program files\XSPPlat\Xstitch.mld
c:\program files\XSPPlat\Xstitch.url

.
((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
.

2012-04-12 08:59 . 2012-04-12 09:37 -------- d-----w- C:\Mum n Dads Laptop Files
2012-03-15 20:28 . 2012-03-15 20:28 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Help
2012-03-15 20:25 . 2012-03-15 20:25 5248 ----a-w- c:\windows\system32\giveio.sys
2012-03-15 20:22 . 2012-03-15 20:32 -------- d-----w- c:\program files\SSC Service Utility
2012-03-11 16:37 . 2012-03-11 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\MGS
2012-03-03 14:48 . 2012-03-03 14:48 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Scansoft
2012-02-26 20:25 . 2012-02-26 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2012-02-26 20:24 . 2012-02-26 20:24 -------- d-----w- c:\documents and settings\michael\Application Data\Nuance
2012-02-26 19:59 . 2012-02-26 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2012-02-26 19:59 . 2010-07-16 18:59 -------- d-----w- c:\windows\speech
2012-02-21 22:16 . 2012-02-21 22:16 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\WinAVI
2012-02-21 22:16 . 2012-02-27 16:36 -------- d-----w- c:\program files\WinAVI Video Converter
2010-12-12 21:36 . 2010-12-12 21:36 -------- d-----w- C:\_OTM
2010-12-11 14:01 . 2010-12-11 14:01 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Symantec
2010-12-10 22:09 . 2010-12-11 00:03 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Corel
2010-12-10 20:53 . 2010-12-10 20:58 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Ahead
2010-12-10 20:46 . 2010-12-10 21:02 -------- d-----w- c:\documents and settings\michael\Application Data\Ahead
2010-12-10 20:45 . 2010-12-10 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-12-10 20:40 . 2010-12-10 20:43 -------- d-----w- c:\program files\Common Files\Ahead
2010-12-10 20:40 . 2010-12-10 20:40 -------- d-----w- c:\program files\Nero
2010-12-10 19:23 . 2010-12-10 19:25 -------- d-----w- C:\cf879e36f8bf4533509e6ebb38882192
2010-12-10 17:23 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-12-10 17:23 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-10 17:22 . 2008-10-15 06:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-12-10 17:22 . 2010-12-10 17:22 -------- d-----w- c:\windows\Logs
2010-12-10 13:15 . 2010-04-12 03:01 47616 ----a-r- c:\windows\system32\LGScsiCommandService.exe
2010-12-10 13:15 . 2009-09-23 07:05 24576 ----a-r- c:\windows\system32\SendScsiCmd.dll
2010-12-09 13:21 . 2010-12-09 13:21 -------- d-----w- c:\documents and settings\michael\Application Data\myriaCrossConv
2010-12-09 13:21 . 2010-12-09 13:22 -------- d-----w- c:\program files\myriaCrossConv
2010-12-09 13:12 . 2010-12-09 13:40 -------- d-----w- c:\program files\WinStitch Demo Version

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-09 13:23 . 2010-11-09 13:23 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-09 13:23 . 2010-11-09 13:23 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-09 13:22 . 2010-11-09 15:26 217136 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symtdi.sys
2010-11-09 13:22 . 2010-11-09 15:26 89904 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symfw.sys
2010-11-09 13:22 . 2010-11-09 15:26 48688 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symndisv.sys
2010-11-09 13:22 . 2010-11-09 15:26 36400 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symndis.sys
2010-11-09 13:22 . 2010-11-09 15:26 33072 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symids.sys
2010-11-09 13:22 . 2010-11-09 15:26 310320 ----a-w- c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys
2010-11-09 13:22 . 2010-11-09 13:24 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-11-09 13:22 . 2010-11-09 15:25 43696 ----a-w- c:\windows\system32\drivers\N360\0308000.029\srtspx.sys
2010-11-09 13:22 . 2010-11-09 15:25 308272 ----a-w- c:\windows\system32\drivers\N360\0308000.029\srtsp.sys
2010-11-09 13:22 . 2010-11-09 15:25 482432 ----a-w- c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys
2010-11-09 13:22 . 2010-11-09 15:25 259632 ----a-w- c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys
2010-11-09 13:22 . 2010-11-09 13:25 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-09 13:21 . 2010-11-09 13:25 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-10-28 18:15 . 2010-07-13 15:37 2672 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-10-28 18:15 . 2010-07-13 15:37 88 --sh--r- c:\documents and settings\All Users\Application Data\03BEF1D2A8.sys
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-09-18 11:23 . 2009-05-19 09:23 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-05-19 09:23 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-05-19 09:23 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-05-19 09:23 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-12-11_14.42.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-12-05 11:41 . 2010-12-11 06:08 71482 c:\windows\system32\perfc009.dat
+ 2005-12-05 11:41 . 2010-12-13 12:25 71482 c:\windows\system32\perfc009.dat
+ 2010-12-13 12:23 . 2010-12-13 12:23 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-12-11 05:55 . 2010-12-11 05:55 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-12-11 05:55 . 2010-12-11 05:55 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-12-13 12:23 . 2010-12-13 12:23 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-12-11 05:59 . 2010-12-11 05:59 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-12-11 05:56 . 2010-12-11 05:56 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-12-11 06:00 . 2010-12-11 06:00 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-12-11 06:00 . 2010-12-11 06:00 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-12-11 06:00 . 2010-12-11 06:00 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-12-11 06:00 . 2010-12-11 06:00 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-12-11 05:59 . 2010-12-11 05:59 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-12-11 05:56 . 2010-12-11 05:56 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-12-13 12:23 . 2010-12-13 12:23 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-12-11 05:58 . 2010-12-11 05:58 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-12-11 06:00 . 2010-12-11 06:00 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-12-13 12:23 . 2010-12-13 12:23 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-12-11 05:55 . 2010-12-11 05:55 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-12-11 06:00 . 2010-12-11 06:00 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-12-11 05:56 . 2010-12-11 05:56 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-12-11 05:58 . 2010-12-11 05:58 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-12-11 05:59 . 2010-12-11 05:59 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-12-11 06:00 . 2010-12-11 06:00 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-12-11 05:57 . 2010-12-11 05:57 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-12-11 05:57 . 2010-12-11 05:57 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2005-12-05 11:41 . 2010-12-13 12:25 441546 c:\windows\system32\perfh009.dat
- 2005-12-05 11:41 . 2010-12-11 06:08 441546 c:\windows\system32\perfh009.dat
- 2010-12-11 05:55 . 2010-12-11 05:55 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-12-13 12:23 . 2010-12-13 12:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-12-11 05:55 . 2010-12-11 05:55 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-12-13 12:23 . 2010-12-13 12:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-12-11 06:02 . 2010-12-11 06:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-12-11 05:57 . 2010-12-11 05:57 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-12-11 05:57 . 2010-12-11 05:57 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-12-11 05:57 . 2010-12-11 05:57 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-12-11 05:57 . 2010-12-11 05:57 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-12-11 05:56 . 2010-12-11 05:56 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-12-13 12:23 . 2010-12-13 12:23 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-12-11 05:58 . 2010-12-11 05:58 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-12-11 05:57 . 2010-12-11 05:57 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-12-11 06:00 . 2010-12-11 06:00 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-12-11 06:02 . 2010-12-11 06:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-12-11 06:01 . 2010-12-11 06:01 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-12-11 05:59 . 2010-12-11 05:59 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-12-11 05:56 . 2010-12-11 05:56 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-12-11 05:56 . 2010-12-11 05:56 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-12-11 05:57 . 2010-12-11 05:57 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-12-11 05:57 . 2010-12-11 05:57 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-12-11 06:00 . 2010-12-11 06:00 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-12-11 05:59 . 2010-12-11 05:59 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-12-13 12:23 . 2010-12-13 12:23 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-12-11 05:55 . 2010-12-11 05:55 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-12-11 05:57 . 2010-12-11 05:57 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-12-11 05:57 . 2010-12-11 05:57 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-12-11 05:57 . 2010-12-11 05:57 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-12-11 05:55 . 2010-12-11 05:55 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-12-13 12:23 . 2010-12-13 12:23 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-12-13 12:23 . 2010-12-13 12:23 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-12-11 05:55 . 2010-12-11 05:55 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-12-11 06:01 . 2010-12-11 06:01 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-12-13 12:24 . 2010-12-13 12:24 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-07-08 1953887]
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2010-02-06 4853760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-12-30 523408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" [2005-10-31 163840]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 22:43 59240]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [09/11/2010 15:26 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [09/11/2010 15:25 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [09/11/2010 15:25 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101210.001\IDSXpx86.sys [11/12/2010 16:32 341944]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [07/03/2010 11:11 390528]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [10/12/2010 13:15 47616]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/12/2010 15:30 102448]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [07/08/2003 16:42 6528]
S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe [09/11/2010 15:24 117640]
S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/02/2010 09:47 721904]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Cross Stitch Professional Platinum_is1 - c:\program files\XSPPlat\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 12:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
Completion time: 2010-12-13 13:35:21
ComboFix-quarantined-files.txt 2010-12-13 13:34
ComboFix2.txt 2010-12-11 15:24
ComboFix3.txt 2010-11-09 23:25

Pre-Run: 22,760,755,200 bytes free
Post-Run: 22,773,784,576 bytes free

- - End Of File - - 325B501B5237C7B149E43B23B09292FD

Bobbye · Dec 14, 2010

You should be running better now. Please do a new Eset scan.

Follow that with:
Download HijackThis and save to your desktop.

Extract it to a directory on your hard drive called c:\HijackThis.

Then navigate to that directory and double-click on the hijackthis.exe file.

When started click on the Scan button and then the Save Log button to create a log of your information.

The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

TechSpot

[Active] Internet Explorer pop ups

cymikey10 Newcomer, in training

Bobbye Helper on the Fringe

cymikey10 Newcomer, in training

cymikey10 Newcomer, in training

Bobbye Helper on the Fringe

cymikey10 Newcomer, in training

Bobbye Helper on the Fringe

cymikey10 Newcomer, in training

cymikey10 Newcomer, in training

cymikey10 Newcomer, in training

Bobbye Helper on the Fringe

cymikey10 Newcomer, in training

Bobbye Helper on the Fringe

cymikey10 Newcomer, in training

Bobbye Helper on the Fringe