Redirected when surfing

Solved
By doda69
Sep 26, 2011
  1. i'm new at this and have run endless scans from different companies and i'm still redirected every time i'm on the net ..can anyone help me?
  2. LookinAround

    LookinAround TechSpot Chancellor Posts: 8,267   +148

    For malware help, follow the 6 steps provided HERE. Create a new thread in the Malware removal forum. Be sure you PASTE all your logs (do not attach them). The experts there will take care of you
  3. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    step #2

    Malwarebytes' Anti-Malware 1.51.2.1300
    []

    Database version: 7622

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    9/27/2011 12:15:26 PM
    mbam-log-2011-09-27 (12-15-25).txt

    Scan type: Quick scan
    Objects scanned: 225996
    Time elapsed: 23 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  4. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    what happen?

    I was doing step three when in the middle of the scan the comp rebooted .

    just for your info i have norten as my security
  5. LookinAround

    LookinAround TechSpot Chancellor Posts: 8,267   +148

    doda69

    To get proper attention for your problem, you should create a NEW thread in the Malware Forum HERE. The malware experts look at the malware forums for virus questions/help. Or maybe i'll ask the mods to move this current thread to the malware forum

    You should be in the malware forum for malware help
  6. mailpup

    mailpup TS Special Forces Posts: 8,276   +176

    Moved to Virus and Malware.
  7. Broni

    Broni Malware Annihilator Posts: 45,158   +242

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  8. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    steps 2-& 3

    Malwarebytes' Anti-Malware 1.51.2.1300


    Database version: 7622

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    9/27/2011 12:15:26 PM
    mbam-log-2011-09-27 (12-15-25).txt

    Scan type: Quick scan
    Objects scanned: 225996
    Time elapsed: 23 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-28 09:41:01
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1600BB-22GUC0 rev.08.02D08
    Running: cvc7pmoe.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awxcqaoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Owner at 9:54:59 on 2011-09-28
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.227 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: *Disabled*
    FW: AVG Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
    C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
    C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
    C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
    C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ca.yahoo.com/
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.internet-home-page.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
    BHO: Loader Class: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi371a~1\datamngr\BROWSE~1.DLL
    BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
    TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
    mRun: [<NO NAME>]
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [USB Storage Toolbox] c:\program files\usb disk win98 driver\Res.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    IE: &Search
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297374933125
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 213.109.65.90 213.109.73.246 1.1.1.1
    TCP: Interfaces\{354A64A7-4185-40C3-BF23-E824C5A1252B} : DhcpNameServer = 213.109.65.90 213.109.73.246 1.1.1.1
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\hx1qwkps.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-2 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-2 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110920.001\BHDrvx86.sys [2011-9-26 816760]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 NGS;Norman General Security Driver;c:\program files\norman\nvc\bin\ngs.sys [2011-5-3 25032]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-2 136312]
    R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\norton utilities 15\tools\disk doctor\DiskDoctorSrv.exe [2011-4-3 1029480]
    R2 FreemakeUtilsService;Freemake Service;c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2011-8-26 74240]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-8-25 123320]
    R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.8.13\ccSvcHst.exe [2011-8-25 126392]
    R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\norton utilities 15\tools\speeddisk\SpeedDiskSrv.exe [2011-4-3 1037672]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-28 105592]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110927.030\IDSXpx86.sys [2011-9-27 356280]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-5-9 225856]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110927.033\NAVENG.SYS [2011-9-28 86136]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110927.033\NAVEX15.SYS [2011-9-28 1576312]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-28 136176]
    S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-28 136176]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\33.tmp --> c:\windows\system32\33.tmp [?]
    S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2011-4-3 128248]
    S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2011-4-3 108800]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-09-27 21:03:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-27 15:49:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-26 17:25:31 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-09-26 17:25:31 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-09-26 13:47:44 -------- d-----w- c:\program files\Sophos
    2011-09-26 13:23:59 -------- d-----w- c:\documents and settings\owner\application data\thecleaner
    2011-09-26 13:04:44 -------- d-----w- c:\program files\Online TV Player 4
    2011-09-08 04:42:03 -------- d-----w- c:\program files\iPod
    2011-09-03 22:16:01 180224 ----a-r- c:\windows\system32\CNMIUA9.DLL
    2011-08-30 13:00:43 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-08-30 13:00:43 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    .
    ==================== Find3M ====================
    .
    2011-08-27 10:27:00 107 ----a-w- c:\documents and settings\owner\application data\netstat.bat
    2011-08-26 18:12:51 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-07-28 18:53:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-19 15:42:38 1409 ----a-w- c:\windows\QTFont.for
    2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .
    ============= FINISH: 9:55:25.45 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/10/2011 4:44:36 PM
    System Uptime: 9/27/2011 7:19:12 PM (14 hours ago)
    .
    Motherboard: First International Computer, Inc. | | K8MC51G
    Processor: AMD Sempron(tm) Processor 3400+ | Socket 940 | 2009/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 145 GiB total, 104.553 GiB free.
    D: is FIXED (FAT32) - 19 GiB total, 12.166 GiB free.
    E: is FIXED (FAT32) - 4 GiB total, 1.884 GiB free.
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP67: 6/30/2011 11:03:28 AM - Installed Java(TM) 6 Update 26
    RP68: 6/30/2011 1:47:42 PM - Installed calibre
    RP69: 7/1/2011 2:39:46 PM - System Checkpoint
    RP70: 7/2/2011 2:58:33 PM - System Checkpoint
    RP71: 7/3/2011 4:45:41 PM - System Checkpoint
    RP72: 7/4/2011 4:58:32 PM - System Checkpoint
    RP73: 7/5/2011 9:57:08 AM - Installed Windows XP -- Software Updates KB952011.
    RP74: 7/6/2011 5:04:42 PM - System Checkpoint
    RP75: 7/7/2011 5:53:49 PM - System Checkpoint
    RP76: 7/8/2011 6:53:49 PM - System Checkpoint
    RP77: 7/9/2011 7:53:49 PM - System Checkpoint
    RP78: 7/10/2011 8:16:41 PM - System Checkpoint
    RP79: 7/11/2011 8:33:41 PM - System Checkpoint
    RP80: 7/12/2011 8:36:46 PM - System Checkpoint
    RP81: 7/17/2011 9:48:06 PM - System Checkpoint
    RP82: 7/18/2011 9:53:46 PM - System Checkpoint
    RP83: 7/19/2011 9:58:41 PM - System Checkpoint
    RP84: 7/22/2011 12:19:23 PM - System Checkpoint
    RP85: 7/23/2011 4:24:47 PM - System Checkpoint
    RP86: 7/27/2011 7:15:01 PM - System Checkpoint
    RP87: 7/28/2011 8:24:23 PM - System Checkpoint
    RP88: 7/29/2011 9:25:41 PM - System Checkpoint
    RP89: 7/30/2011 9:33:25 PM - System Checkpoint
    RP90: 8/1/2011 8:28:47 AM - System Checkpoint
    RP91: 8/2/2011 8:33:27 AM - System Checkpoint
    RP92: 8/2/2011 2:01:06 PM - Installed iTunes
    RP93: 8/3/2011 4:07:43 PM - System Checkpoint
    RP94: 8/4/2011 4:29:58 PM - System Checkpoint
    RP95: 8/5/2011 5:29:55 PM - System Checkpoint
    RP96: 8/7/2011 12:25:15 PM - System Checkpoint
    RP97: 8/8/2011 1:17:26 PM - System Checkpoint
    RP98: 8/9/2011 1:48:54 PM - System Checkpoint
    RP99: 8/10/2011 2:42:49 PM - System Checkpoint
    RP100: 8/11/2011 4:50:54 PM - System Checkpoint
    RP101: 8/12/2011 5:42:47 PM - System Checkpoint
    RP102: 8/13/2011 6:16:25 PM - System Checkpoint
    RP103: 8/14/2011 6:41:47 PM - System Checkpoint
    RP104: 8/15/2011 8:03:20 PM - System Checkpoint
    RP105: 8/16/2011 8:05:33 PM - System Checkpoint
    RP106: 8/17/2011 9:05:32 PM - System Checkpoint
    RP107: 8/18/2011 10:04:34 PM - System Checkpoint
    RP108: 8/19/2011 11:03:32 PM - System Checkpoint
    RP109: 8/21/2011 12:03:32 AM - System Checkpoint
    RP110: 8/22/2011 1:02:34 AM - System Checkpoint
    RP111: 8/23/2011 1:23:34 AM - System Checkpoint
    RP112: 8/24/2011 2:23:37 AM - System Checkpoint
    RP113: 8/25/2011 2:23:44 AM - System Checkpoint
    RP114: 8/25/2011 10:08:36 AM - Removed MSXML 4.0 SP2 (KB954430)
    RP115: 8/25/2011 10:10:20 AM - Removed MSXML 4.0 SP2 (KB973688)
    RP116: 8/25/2011 10:13:30 AM - Configured Digital Media Reader
    RP117: 8/25/2011 1:40:50 PM - Installed CounterSpy.
    RP118: 8/26/2011 3:05:41 PM - System Checkpoint
    RP119: 8/27/2011 12:59:52 PM - Removed CounterSpy.
    RP120: 8/28/2011 1:49:46 PM - System Checkpoint
    RP121: 8/29/2011 2:10:11 PM - System Checkpoint
    RP122: 8/30/2011 2:50:03 PM - System Checkpoint
    RP123: 8/31/2011 3:25:58 PM - System Checkpoint
    RP124: 9/1/2011 4:25:55 PM - System Checkpoint
    RP125: 9/2/2011 6:47:28 PM - System Checkpoint
    RP126: 9/3/2011 8:15:00 PM - System Checkpoint
    RP127: 9/4/2011 8:25:59 PM - System Checkpoint
    RP128: 9/5/2011 9:13:33 PM - System Checkpoint
    RP129: 9/6/2011 9:13:54 PM - System Checkpoint
    RP130: 9/7/2011 10:13:49 PM - System Checkpoint
    RP131: 9/9/2011 7:13:00 AM - System Checkpoint
    RP132: 9/10/2011 10:19:20 AM - System Checkpoint
    RP133: 9/11/2011 10:30:39 AM - System Checkpoint
    RP134: 9/12/2011 4:15:44 PM - System Checkpoint
    RP135: 9/13/2011 5:04:19 PM - System Checkpoint
    RP136: 9/14/2011 5:04:44 PM - System Checkpoint
    RP137: 9/18/2011 11:39:11 PM - System Checkpoint
    RP138: 9/20/2011 12:13:12 AM - System Checkpoint
    RP139: 9/21/2011 12:43:05 AM - System Checkpoint
    RP140: 9/22/2011 1:10:55 AM - System Checkpoint
    RP141: 9/23/2011 1:29:38 AM - System Checkpoint
    RP142: 9/24/2011 2:29:40 AM - System Checkpoint
    RP143: 9/25/2011 3:29:42 AM - System Checkpoint
    RP144: 9/26/2011 7:39:52 AM - System Checkpoint
    RP145: 9/26/2011 9:13:19 AM - Removed Apple Mobile Device Support
    RP146: 9/26/2011 9:14:07 AM - Removed Apple Software Update
    RP147: 9/26/2011 9:14:36 AM - Removed Apple Application Support
    RP148: 9/26/2011 9:16:24 AM - Removed Napster Burn Engine
    RP149: 9/26/2011 9:16:36 AM - Removed Napster
    RP150: 9/26/2011 12:35:43 PM - Removed iTunes
    RP151: 9/26/2011 1:24:42 PM - Installed iTunes
    RP152: 9/27/2011 1:53:59 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    ĀµTorrent
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    calibre
    Canon MP495 series MP Drivers
    CCleaner
    Conduit Engine
    Digital Media Reader
    Freemake Video Converter version 2.3.4
    Garmin POI Loader
    Garmin USB Drivers
    Garmin WebUpdater
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Windows XP (KB2443685)
    iTunes
    J2SE Runtime Environment 5.0 Update 2
    Java Auto Updater
    Java(TM) 6 Update 26
    KeyScrambler
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Starter Edition 2006
    Microsoft Digital Image Starter Edition 2006 Editor
    Microsoft Digital Image Starter Edition 2006 Library
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox 5.0 (x86 en-US)
    MSN
    MyAshampoo Toolbar
    Norton Internet Security
    Norton PC Checkup
    Norton Utilities 15
    NVIDIA Drivers
    Picasa 3
    PowerDVD
    QuickTime
    RealPlayer Basic
    Realtek AC'97 Audio
    Recovery Software Suite eMachines
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    SoftV92 Data Fax Modem with SmartCP
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB971029)
    USB Disk Win98 Driver
    VLC media player 1.1.7
    WebFldrs XP
    Windows Backup Utility
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows iLivid Toolbar
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    Yahoo! Install Manager
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/27/2011 7:20:21 PM, error: System Error [1003] - Error code 100000d1, parameter1 0000000c, parameter2 00000005, parameter3 00000001, parameter4 f73895f7.
    9/27/2011 5:52:28 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    9/27/2011 5:51:44 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000000, parameter4 f7388876.
    9/27/2011 1:07:43 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 00000400, parameter3 b80817a4, parameter4 00000000.
    9/27/2011 1:06:10 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    9/27/2011 1:00:44 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    9/26/2011 8:37:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
    9/26/2011 8:37:10 AM, error: Service Control Manager [7022] - The Freemake Service service hung on starting.
    .
    ==== End Of File ===========================
    was i to disconet the internet before download of dds?
  9. Broni

    Broni Malware Annihilator Posts: 45,158   +242

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  10. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-28 09:41:01
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1600BB-22GUC0 rev.08.02D08
    Running: cvc7pmoe.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awxcqaoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----

    it will not open mbr file dat file
  11. Broni

    Broni Malware Annihilator Posts: 45,158   +242

    I didn't ask for mbr.dat file.
    Please re-read my instructions.
  12. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    that is the only file that came at the end of the scan
  13. Broni

    Broni Malware Annihilator Posts: 45,158   +242

    Did you click on "Save log"?

    Re-read my instructions carefully and redo the scan.
     
  14. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    i ran the scan again this time i haComboFix 11-09-28.06 - Owner 09/28/2011 23:31:14.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.395 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Start Menu\Programs\System Recovery
    c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk
    c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk
    c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\System Recovery.lnk
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\LocalService\Application Data\PriceGong
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\LocalService\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Owner\Application Data\Adobe\plugs
    c:\documents and settings\Owner\Application Data\Adobe\shed
    c:\documents and settings\Owner\Application Data\PriceGong
    c:\documents and settings\Owner\Application Data\PriceGong\Data\1.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\10.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\1707.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\2229.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\2782.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\3620.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\4436.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\4489.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\450.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\83.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\a.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\b.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\c.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\d.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\e.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\f.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\g.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\h.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\i.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\j.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\k.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\l.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\m.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\n.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\o.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\p.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\q.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\r.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\s.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\t.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\u.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\v.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\w.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\wlu.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\x.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\y.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Owner\Application Data\PriceGong\Data\z.txt
    c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
    c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\mmc.exe.959a7e97.ini
    c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\SL387.tmp.61a543c3.ini
    c:\documents and settings\Owner\Start Menu\Programs\System Recovery
    c:\documents and settings\Owner\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk
    c:\documents and settings\Owner\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk
    c:\documents and settings\Owner\Start Menu\Programs\System Recovery\System Recovery.lnk
    c:\documents and settings\Owner\WINDOWS
    c:\program files\google\common\google updater\googleupdaterservice.exe
    c:\program files\Shared
    c:\program files\Shared\shared.sig
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\d3d9caps.dat
    E:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_MYWEBSEARCHSERVICE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-28 19:39 . 2011-09-28 19:39 -------- d-----w- c:\program files\File Type Assistant
    2011-09-27 21:03 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-27 15:49 . 2011-09-27 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-26 17:25 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-09-26 17:25 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-09-26 17:23 . 2011-09-26 17:23 -------- d-----w- c:\program files\Apple Software Update
    2011-09-26 13:47 . 2011-09-26 16:38 -------- d-----w- c:\program files\Sophos
    2011-09-26 13:23 . 2011-09-26 13:23 -------- d-----w- c:\documents and settings\Owner\Application Data\thecleaner
    2011-09-26 13:04 . 2011-09-26 13:12 -------- d-----w- c:\program files\Online TV Player 4
    2011-09-08 04:42 . 2011-09-08 04:42 -------- d-----w- c:\program files\iPod
    2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
    2011-09-03 22:16 . 2010-03-11 08:56 180224 ----a-r- c:\windows\system32\CNMIUA9.DLL
    2011-08-30 13:00 . 2011-08-30 13:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-08-30 13:00 . 2011-08-30 13:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-27 10:27 . 2011-08-27 10:20 107 ----a-w- c:\documents and settings\Owner\Application Data\netstat.bat
    2011-08-26 18:12 . 2011-06-03 15:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-07-28 18:53 . 2011-07-06 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-19 15:42 . 2011-07-19 15:42 1409 ----a-w- c:\windows\QTFont.for
    2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-08-30 13:00 . 2011-04-17 01:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
    "SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
    "nwiz"="nwiz.exe" [2005-09-18 1519616]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-15 65536]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [5/2/2011 6:17 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [5/2/2011 6:17 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110920.001\BHDrvx86.sys [9/26/2011 6:11 PM 816760]
    R1 NGS;Norman General Security Driver;c:\program files\Norman\nvc\bin\ngs.sys [5/3/2011 1:42 PM 25032]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [5/2/2011 6:17 PM 136312]
    R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [4/3/2011 1:29 PM 1029480]
    R2 FreemakeUtilsService;Freemake Service;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [8/26/2011 2:20 PM 74240]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 6:16 PM 130008]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [8/25/2011 9:30 AM 123320]
    R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [8/25/2011 9:30 AM 126392]
    R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [4/3/2011 1:29 PM 1037672]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2011 2:18 PM 105592]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110928.030\IDSXpx86.sys [9/28/2011 6:18 PM 356280]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [5/9/2011 12:17 PM 225856]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2011 1:50 PM 136176]
    S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 5:33 AM 30432]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 5:33 AM 30432]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2011 1:50 PM 136176]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\33.tmp --> c:\windows\system32\33.tmp [?]
    S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [4/3/2011 1:29 PM 128248]
    S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [4/3/2011 1:29 PM 108800]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:50]
    .
    2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:50]
    .
    2011-09-29 c:\windows\Tasks\NUSchedule.job
    - c:\program files\Norton Utilities 15\nu.exe [2011-04-03 06:23]
    .
    2011-09-29 c:\windows\Tasks\strvm.job
    - c:\windows\system32\mstext40H.dll [2011-04-01 19:03]
    .
    2011-09-29 c:\windows\Tasks\User_Feed_Synchronization-{8C583C3F-9553-4E6C-977F-A39374FB4BAD}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ca.yahoo.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 213.109.65.90 213.109.73.246 1.1.1.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hx1qwkps.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-10 - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-29 00:02
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
    "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\33.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3264)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\rundll32.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    c:\windows\system32\wdfmgr.exe
    c:\windows\SOUNDMAN.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
    c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
    c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-29 00:06:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-29 04:06
    .
    Pre-Run: 112,048,529,408 bytes free
    Post-Run: 112,878,432,256 bytes free
    .
    - - End Of File - - 672FD8E6DDCE4BA132772242F4AA87CA
    ve a log
  15. Broni

    Broni Malware Annihilator Posts: 45,158   +242

    Looks good.

    How is computer doing?

    I need some clarification regarding your security programs.
    I can see MSE running, AVG firewall (can you use just a firewall?) and some Norton as well.
    Please clarify.
  16. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    I have just norten running the firewall and anti virus i don't know where avg came from and what is mse?

    A pop up comes up when I start saying Internet explorer is currently not my default Browser would I like it to be ? i have said no for now but what is my browser then? some strange sites still come up that I did not ask for .

    thank you so much for spending this time with me and helping me out.
  17. Broni

    Broni Malware Annihilator Posts: 45,158   +242

    I can see Microsoft Security Essentials (MSE) listed in Add\Remove.
    Since you're using Norton, you must uninstall MSE.

    Your Internet Explorer will be fine.

    To remove AVG leftovers, please run AVG Remover: http://www.avg.com/us-en/utilities

    When you're done with the above post fresh Combofix log.
  18. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    i'm still being redirected but last night when I shut down it was the first time I had 31 updates .. positive outcome...I will run combofix again.
  19. Broni

    Broni Malware Annihilator Posts: 45,158   +242

    OK.................
  20. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    ComboFix 11-09-29.02 - Owner 09/29/2011 8:58.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.440 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Infected copy of c:\windows\system32\Version.dll was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\version.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-28 19:39 . 2011-09-28 19:39 -------- d-----w- c:\program files\File Type Assistant
    2011-09-28 19:28 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-09-28 19:28 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-09-28 19:24 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-09-27 21:03 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-27 15:49 . 2011-09-27 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-26 17:25 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-09-26 17:25 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-09-26 17:23 . 2011-09-26 17:23 -------- d-----w- c:\program files\Apple Software Update
    2011-09-26 13:47 . 2011-09-26 16:38 -------- d-----w- c:\program files\Sophos
    2011-09-26 13:23 . 2011-09-26 13:23 -------- d-----w- c:\documents and settings\Owner\Application Data\thecleaner
    2011-09-26 13:04 . 2011-09-26 13:12 -------- d-----w- c:\program files\Online TV Player 4
    2011-09-09 09:12 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
    2011-09-08 04:42 . 2011-09-08 04:42 -------- d-----w- c:\program files\iPod
    2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
    2011-09-03 22:16 . 2010-03-11 08:56 180224 ----a-r- c:\windows\system32\CNMIUA9.DLL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-09 09:12 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-27 10:27 . 2011-08-27 10:20 107 ----a-w- c:\documents and settings\Owner\Application Data\netstat.bat
    2011-08-26 18:12 . 2011-06-03 15:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-07-28 18:53 . 2011-07-06 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-19 15:42 . 2011-07-19 15:42 1409 ----a-w- c:\windows\QTFont.for
    2011-07-15 13:29 . 2004-08-26 16:12 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-07-08 14:02 . 2004-08-26 16:12 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-08-30 13:00 . 2011-04-17 01:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-09-29_04.01.26 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
    + 2011-05-14 00:17 . 2011-05-14 00:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
    + 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
    + 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
    + 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
    + 2011-09-29 12:46 . 2011-09-29 12:46 16384 c:\windows\Temp\Perflib_Perfdata_650.dat
    + 2011-09-29 13:14 . 2011-09-29 13:14 16384 c:\windows\Temp\Perflib_Perfdata_62c.dat
    + 2011-02-10 22:19 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
    - 2011-02-10 22:19 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
    - 2004-08-26 16:12 . 2011-03-20 19:49 61974 c:\windows\system32\perfc009.dat
    + 2004-08-26 16:12 . 2011-09-29 05:03 61974 c:\windows\system32\perfc009.dat
    - 2004-08-26 16:12 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
    + 2004-08-26 16:12 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
    + 2009-03-08 09:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
    - 2009-03-08 09:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
    - 2004-08-26 16:11 . 2010-12-20 23:59 43520 c:\windows\system32\licmgr10.dll
    + 2004-08-26 16:11 . 2011-06-23 18:36 43520 c:\windows\system32\licmgr10.dll
    + 2004-08-26 16:11 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
    - 2004-08-26 16:11 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
    + 2004-08-26 16:11 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
    - 2004-08-26 16:11 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
    - 2011-02-10 20:29 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2011-02-10 20:29 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2004-08-26 16:12 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2004-08-26 16:12 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2011-02-10 20:29 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2011-02-10 20:29 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2004-08-26 16:11 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
    + 2004-08-26 16:11 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2004-08-26 16:11 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2004-08-26 16:11 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
    + 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
    - 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2004-08-26 16:11 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
    - 2004-08-26 16:11 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
    + 2011-04-12 19:11 . 2011-04-12 19:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
    - 2010-03-18 17:16 . 2010-03-18 17:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    + 2011-09-29 05:04 . 2011-09-29 05:04 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    + 2011-09-29 05:04 . 2011-09-29 05:04 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    + 2011-09-29 05:04 . 2011-09-29 05:04 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    + 2011-09-29 05:04 . 2011-09-29 05:04 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    + 2011-09-29 05:04 . 2011-09-29 05:04 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 37240 c:\
  21. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    ComboFix 11-09-29.02 - Owner 09/29/2011 8:58.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.440 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Infected copy of c:\windows\system32\Version.dll was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\version.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-28 19:39 . 2011-09-28 19:39 -------- d-----w- c:\program files\File Type Assistant
    2011-09-28 19:28 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-09-28 19:28 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-09-28 19:24 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-09-27 21:03 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-27 15:49 . 2011-09-27 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-26 17:25 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-09-26 17:25 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-09-26 17:23 . 2011-09-26 17:23 -------- d-----w- c:\program files\Apple Software Update
    2011-09-26 13:47 . 2011-09-26 16:38 -------- d-----w- c:\program files\Sophos
    2011-09-26 13:23 . 2011-09-26 13:23 -------- d-----w- c:\documents and settings\Owner\Application Data\thecleaner
    2011-09-26 13:04 . 2011-09-26 13:12 -------- d-----w- c:\program files\Online TV Player 4
    2011-09-09 09:12 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
    2011-09-08 04:42 . 2011-09-08 04:42 -------- d-----w- c:\program files\iPod
    2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
    2011-09-03 22:16 . 2010-03-11 08:56 180224 ----a-r- c:\windows\system32\CNMIUA9.DLL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-09 09:12 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-27 10:27 . 2011-08-27 10:20 107 ----a-w- c:\documents and settings\Owner\Application Data\netstat.bat
    2011-08-26 18:12 . 2011-06-03 15:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-07-28 18:53 . 2011-07-06 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-19 15:42 . 2011-07-19 15:42 1409 ----a-w- c:\windows\QTFont.for
    2011-07-15 13:29 . 2004-08-26 16:12 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-07-08 14:02 . 2004-08-26 16:12 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-08-30 13:00 . 2011-04-17 01:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-09-29_04.01.26 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
    + 2011-05-14 00:17 . 2011-05-14 00:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
    + 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
    + 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
    + 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
    + 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
    + 2011-09-29 12:46 . 2011-09-29 12:46 16384 c:\windows\Temp\Perflib_Perfdata_650.dat
    + 2011-09-29 13:14 . 2011-09-29 13:14 16384 c:\windows\Temp\Perflib_Perfdata_62c.dat
    + 2011-02-10 22:19 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
    - 2011-02-10 22:19 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
    - 2004-08-26 16:12 . 2011-03-20 19:49 61974 c:\windows\system32\perfc009.dat
    + 2004-08-26 16:12 . 2011-09-29 05:03 61974 c:\windows\system32\perfc009.dat
    - 2004-08-26 16:12 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
    + 2004-08-26 16:12 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
    + 2009-03-08 09:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
    - 2009-03-08 09:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
    - 2004-08-26 16:11 . 2010-12-20 23:59 43520 c:\windows\system32\licmgr10.dll
    + 2004-08-26 16:11 . 2011-06-23 18:36 43520 c:\windows\system32\licmgr10.dll
    + 2004-08-26 16:11 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
    - 2004-08-26 16:11 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
    + 2004-08-26 16:11 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
    - 2004-08-26 16:11 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
    - 2011-02-10 20:29 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2011-02-10 20:29 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2004-08-26 16:12 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2004-08-26 16:12 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2011-02-10 20:29 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2011-02-10 20:29 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2004-08-26 16:11 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
    + 2004-08-26 16:11 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2004-08-26 16:11 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2004-08-26 16:11 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
    + 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
    - 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2004-08-26 16:11 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
    - 2004-08-26 16:11 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
  22. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    + 2011-04-12 19:11 . 2011-04-12 19:11 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
    - 2010-03-18 17:16 . 2010-03-18 17:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
    - 2010-03-18 17:16 . 2010-03-18 17:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
    + 2011-04-12 19:11 . 2011-04-12 19:11 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
    - 2010-03-18 17:16 . 2010-03-18 17:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
    + 2011-04-12 19:11 . 2011-04-12 19:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
    + 2011-09-29 05:04 . 2011-09-29 05:04 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    + 2011-09-29 05:04 . 2011-09-29 05:04 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    + 2011-09-29 05:04 . 2011-09-29 05:04 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    + 2011-09-29 05:04 . 2011-09-29 05:04 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    + 2011-09-29 05:04 . 2011-09-29 05:04 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    + 2011-09-29 05:04 . 2011-09-29 05:04 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    + 2011-09-29 05:04 . 2011-09-29 05:04 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2011-09-29 05:10 . 2011-09-29 05:10 223744 c:\windows\Installer\304053.msi
    + 2011-09-29 04:53 . 2011-09-29 04:53 467456 c:\windows\Installer\304028.msi
    + 2011-09-29 04:51 . 2010-12-20 23:59 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
    + 2011-09-29 04:51 . 2009-03-08 09:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
    + 2011-09-29 04:51 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
    + 2011-09-29 04:51 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
    + 2011-09-29 04:51 . 2010-12-20 23:59 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
    + 2011-09-29 04:51 . 2010-12-20 23:59 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
    + 2011-09-29 04:51 . 2010-12-20 23:59 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
    + 2011-09-29 04:51 . 2010-12-20 23:59 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
    + 2011-09-29 04:51 . 2010-12-20 23:59 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
    + 2011-09-29 04:51 . 2010-12-20 23:59 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
    + 2011-09-29 04:51 . 2010-12-20 23:59 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
    + 2011-09-29 04:51 . 2010-12-20 12:55 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
    + 2011-09-29 04:52 . 2009-03-08 09:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
    + 2011-09-29 04:52 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
    + 2011-09-29 04:52 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
    + 2011-09-29 04:52 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
    + 2011-09-29 04:52 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
    + 2011-09-29 04:52 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
    + 2011-09-29 04:52 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
    + 2011-02-10 22:18 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
    + 2011-03-20 19:45 . 2011-03-20 19:45 746336 c:\windows\assembly\temp\KYM6STFZLQ\Microsoft.JScript.dll
    + 2011-03-20 19:45 . 2011-03-20 19:45 409448 c:\windows\assembly\temp\DSTN3VLFBX\System.configuration.dll
    + 2011-09-29 11:40 . 2011-09-29 11:40 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\97a1f8a5a83114e0cea11549602e8e72\WindowsFormsIntegration.ni.dll
    + 2011-09-29 11:36 . 2011-09-29 11:36 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\7297158168dfc68b1b96bf6b0f56b093\UIAutomationTypes.ni.dll
    + 2011-09-29 11:40 . 2011-09-29 11:40 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\acc81364b5b1d54918a55f0ae0fbc043\UIAutomationClient.ni.dll
    + 2011-09-29 05:10 . 2011-09-29 05:10 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ff20e15edfa14ce628b0502173347062\System.Xml.Linq.ni.dll
    + 2011-09-29 11:36 . 2011-09-29 11:36 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\40e165d670da20b9911cf7f15db916d2\System.Windows.Input.Manipulations.ni.dll
    + 2011-09-29 11:35 . 2011-09-29 11:35 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\0df91adfb9c0e51b7b967d61e8151b78\System.Transactions.ni.dll
    + 2011-09-29 11:39 . 2011-09-29 11:39 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\840f9b4d51622f9f29888aae168a196c\System.ServiceProcess.ni.dll
    + 2011-09-29 11:39 . 2011-09-29 11:39 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8e99e3e3b47a1b63e678271947a72e22\System.ServiceModel.Routing.ni.dll
    + 2011-09-29 05:07 . 2011-09-29 05:07 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\cbb93497a3dddc9ab32316cc54dfb16a\System.Security.ni.dll
    + 2011-09-29 11:35 . 2011-09-29 11:35 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a31a4045963913a3228777af311f4428\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2011-09-29 11:35 . 2011-09-29 11:35 762368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8985ef7c12df01b25c53bd80f7103819\System.Runtime.Remoting.ni.dll
    + 2011-09-29 04:58 . 2011-09-29 04:58 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\6bff4a4db9703b01e7495f5f9e0f2baf\System.Numerics.ni.dll
    + 2011-09-29 11:38 . 2011-09-29 11:38 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\ce945fe046c7c152d4785fe24c22eee9\System.Net.ni.dll
    + 2011-09-29 11:38 . 2011-09-29 11:38 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\f07d8a06ff89e9c2db9f2ad73e88d421\System.Messaging.ni.dll
    + 2011-09-29 11:38 . 2011-09-29 11:38 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\ec65b7f29e6d9c27cad0bb4f6199701f\System.Management.Instrumentation.ni.dll
    + 2011-09-29 11:38 . 2011-09-29 11:38 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\5e1621afee65228e6dc7fbc9fb35f091\System.IO.Log.ni.dll
    + 2011-09-29 11:38 . 2011-09-29 11:38 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\1f10456671d393187b6e2511155b8cd6\System.IdentityModel.Selectors.ni.dll
    + 2011-09-29 11:35 . 2011-09-29 11:35 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.Wrapper.dll
    + 2011-09-29 11:35 . 2011-09-29 11:35 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.ni.dll
    + 2011-09-29 05:07 . 2011-09-29 05:07 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\c87031ba66d6a1809ac68142397eeddf\System.Dynamic.ni.dll
    + 2011-09-29 11:38 . 2011-09-29 11:38 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\f75ffd1a51b56e5171335277ca7d2ead\System.DirectoryServices.Protocols.ni.dll
    + 2011-09-29 11:38 . 2011-09-29 11:38 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\448b1912c09fe3be836533e1c04332ce\System.DirectoryServices.AccountManagement.ni.dll
    + 2011-09-29 11:38 . 2011-09-29 11:38 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\a8f34f6b7fc87869ea63c0a5a45e4106\System.Device.ni.dll
    + 2011-09-29 11:36 . 2011-09-29 11:36 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\8e8d0552f18365e5f57fe20cf3aebcbb\System.Data.DataSetExtensions.ni.dll
    + 2011-09-29 05:06 . 2011-09-29 05:06 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\618e6d3cd8824d6d72ae1767acaa1078\System.Configuration.ni.dll
    + 2011-09-29 11:36 . 2011-09-29 11:36 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\1f12624743789147c54a5c70b34e47b7\System.Configuration.Install.ni.dll
    + 2011-09-29 11:36 . 2011-09-29 11:36 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4ce4ff836715d7e822200dd340ce8c32\System.ComponentModel.DataAnnotations.ni.dll
    + 2011-09-29 05:06 . 2011-09-29 05:06 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\15f169fe8bb8f4cf564093b812c46959\System.ComponentModel.Composition.ni.dll
    + 2011-09-29 11:36 . 2011-09-29 11:36 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\285ebbd21d182235113a348c951afd12\System.AddIn.ni.dll
    + 2011-09-29 11:36 . 2011-09-29 11:36 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\4a37977779bc648b11b8c333bfc1c2b8\System.Activities.DurableInstancing.ni.dll
    + 2011-09-29 05:09 . 2011-09-29 05:09 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\7190f7e40c8095e13f45e40b1709671f\SMSvcHost.ni.exe
    + 2011-09-29 11:35 . 2011-09-29 11:35 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b028b6680f5a3b315320a5bf7b659518\SMDiagnostics.ni.dll
    + 2011-09-29 05:07 . 2011-09-29 05:07 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b61b31d1f518e9663fc204e7de21215a\PresentationFramework.Aero.ni.dll
    + 2011-09-29 05:07 . 2011-09-29 05:07 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a348b36756a7be813df69750717dd563\PresentationFramework.Luna.ni.dll
    + 2011-09-29 05:07 . 2011-09-29 05:07 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9c37ac442a730e335146d5a82c52ed39\PresentationFramework.Royale.ni.dll
    + 2011-09-29 05:07 . 2011-09-29 05:07 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7da6438d5b963b85283a2b793e60aadf\PresentationFramework.Classic.ni.dll
    + 2011-09-29 05:10 . 2011-09-29 05:10 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a26d5665e589bdc7f46544a94cf49338\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2011-09-29 05:09 . 2011-09-29 05:09 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\23c48b3a578d71fd90e8d8db8e7d6b37\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2011-09-29 05:02 . 2011-09-29 05:02 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\dcc2883f0bbf0909874059fe9768016b\CustomMarshalers.ni.dll
    + 2011-09-28 19:28 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
    + 2011-04-19 02:51 . 2011-04-19 02:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
    + 2011-05-14 00:04 . 2011-05-14 00:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
    + 2011-05-14 00:04 . 2011-05-14 00:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
    + 2004-08-26 16:12 . 2011-06-02 14:02 1858944 c:\windows\system32\win32k.sys
    + 2004-08-26 16:12 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
    + 2004-08-26 16:12 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll
    + 2009-03-08 09:32 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll
    - 2009-03-08 09:32 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
    + 2010-05-02 05:22 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
    + 2004-08-26 16:12 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
    + 2004-08-26 16:12 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll
    - 2011-02-10 20:29 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
    + 2011-02-10 20:29 . 2011-06-23 18:36 1991680 c:\windows\system32\dllcache\iertutil.dll
    + 2011-04-12 19:11 . 2011-04-12 19:11 5028200 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
    + 2011-03-23 02:01 . 2011-03-23 02:01 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
    + 2011-04-12 19:11 . 2011-04-12 19:11 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
    + 2011-04-12 19:11 . 2011-04-12 19:11 1142104 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
    + 2011-04-12 19:11 . 2011-04-12 19:11 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2011-09-29 05:04 . 2011-09-29 05:04 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    - 2011-03-20 19:45 . 2011-03-20 19:45 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2011-09-29 05:03 . 2011-09-29 05:03 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    - 2011-03-20 19:46 . 2011-03-20 19:46 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2011-03-25 13:03 . 2011-03-25 13:03 5079552 c:\windows\Installer\30403f.msp
    + 2011-09-29 04:51 . 2010-12-20 23:59 1210880 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
    + 2011-09-29 04:51 . 2010-12-20 23:59 5961216 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
    + 2011-09-29 04:51 . 2010-12-20 23:59 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
    + 2011-03-20 19:45 . 2011-03-20 19:45 3481928 c:\windows\assembly\temp\O1G10E02HD\System.dll
    + 2011-03-20 19:46 . 2011-03-20 19:46 2207568 c:\windows\assembly\temp\G3LZLGSD91\System.XML.dll
    + 2011-09-29 05:04 . 2011-09-29 05:04 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3154b66d01dcd674b256e03d5f359fac\WindowsBase.ni.dll
    + 2011-09-29 11:40 . 2011-09-29 11:40 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\2b22ef03091f893f5b381514149a472b\UIAutomationClientsideProviders.ni.dll
    + 2011-09-29 05:04 . 2011-09-29 05:04 9085440 c:\windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll
    + 2011-09-29 04:56 . 2011-09-29 04:56 9060352 c:\windows\assembly\NativeImages_v4.0.30319_32\System\3e6310122b78fa46230e670128eb9956\System.ni.dll
    + 2011-09-29 05:06 . 2011-09-29 05:06 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll
    + 2011-09-29 05:10 . 2011-09-29 05:10 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\19f85a4f6faaeb87a9055ccf23a9f8b7\System.Xaml.ni.dll
    + 2011-09-29 11:39 . 2011-09-29 11:39 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\de9ec945d6cdd90010c824320e8bc332\System.Windows.Forms.DataVisualization.ni.dll
    + 2011-09-29 11:39 . 2011-09-29 11:39 1859584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\3e5c07211446b947b1ecb6963946320a\System.Web.Services.ni.dll
    + 2011-09-29 11:39 . 2011-09-29 11:39 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\11a89b103320d603c0bfa48179c3fe1d\System.Speech.ni.dll
    + 2011-09-29 11:39 . 2011-09-29 11:39 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e492bb75168cc53d57c2dd5e32e9911c\System.ServiceModel.Activities.ni.dll
    + 2011-09-29 11:39 . 2011-09-29 11:39 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b66a8b2c0b8c12540831b41c92bede12\System.ServiceModel.Discovery.ni.dll
    + 2011-09-29 11:35 . 2011-09-29 11:35 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ce480f313eb8be9a3a4dd6d7902325\System.Runtime.Serialization.ni.dll
    + 2011-09-29 11:35 . 2011-09-29 11:35 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\b9f7f5b0b28dd57cb5400c437c388545\System.Runtime.DurableInstancing.ni.dll
    + 2011-09-29 11:36 . 2011-09-29 11:36 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\39c3d706f0fbc21443c7747f203b0b34\System.Printing.ni.dll
    + 2011-09-29 11:38 . 2011-09-29 11:38 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\76d7e84f5dca7908b45edba58bd12f48\System.Management.ni.dll
    + 2011-09-29 11:38 . 2011-09-29 11:38 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\02c1363d5beb2ae5c5722bc8f6c5b77a\System.IdentityModel.ni.dll
    + 2011-09-29 05:07 . 2011-09-29 05:07 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll
    + 2011-09-29 11:35 . 2011-09-29 11:35 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\66c88143bc4b9f4a744b6d65e2c3629a\System.DirectoryServices.ni.dll
    + 2011-09-29 11:36 . 2011-09-29 11:36 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\03ca38b342903b50623336b29aa507c9\System.Deployment.ni.dll
    + 2011-09-29 05:06 . 2011-09-29 05:06 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6e6f321459aa81611031cfb582e77cc6\System.Data.ni.dll
    + 2011-09-29 05:07 . 2011-09-29 05:07 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\dcdaf1644fb3aabdbea894f05d55e1ba\System.Data.SqlXml.ni.dll
    + 2011-09-29 11:38 . 2011-09-29 11:38 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\0e629bbc4ccd76e072189ccbc9d7903f\System.Data.Services.Client.ni.dll
    + 2011-09-29 05:07 . 2011-09-29 05:07 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\b11b842599889fe730da493d0c5e1857\System.Data.Linq.ni.dll
    + 2011-09-29 04:57 . 2011-09-29 04:57 7049216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\295e5058841ce043c8eb5a659e5ed291\System.Core.ni.dll
    + 2011-09-29 05:05 . 2011-09-29 05:05 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\0d4cdd1b911d6e28b4fd5c43ab39f7ea\System.Core.ni.dll
    + 2011-09-29 11:36 . 2011-09-29 11:36 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\4d3a20f0598b5da0ebf9e505b51886b9\System.Activities.ni.dll
    + 2011-09-29 11:36 . 2011-09-29 11:36 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\e4566f552e3bda84571e04a7e5d1c41f\System.Activities.Presentation.ni.dll
    + 2011-09-29 11:36 . 2011-09-29 11:36 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\236373716dcb48f5687dd6997559a425\System.Activities.Core.Presentation.ni.dll
    + 2011-09-29 11:36 . 2011-09-29 11:36 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\48530a5ad6ec27254cde667e02d3f198\ReachFramework.ni.dll
    + 2011-09-29 05:10 . 2011-09-29 05:10 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\5dcab8576a5e02d7264bfeed28ce69b9\PresentationUI.ni.dll
    + 2011-09-29 05:10 . 2011-09-29 05:10 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e8c36043a5faedc93716717fc5bcdb05\Microsoft.VisualBasic.Compatibility.ni.dll
    + 2011-09-29 05:10 . 2011-09-29 05:10 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\b4879bc20d7a718dcb51f0419721e5e5\Microsoft.VisualBasic.ni.dll
    + 2011-09-29 05:10 . 2011-09-29 05:10 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\aff7d215dd130cd94c54784c2df60e95\Microsoft.VisualBasic.Activities.Compiler.ni.dll
    + 2011-09-29 05:09 . 2011-09-29 05:09 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\156733cb276aff562e0c39d8b4fde1c6\Microsoft.Transactions.Bridge.ni.dll
    + 2011-09-29 11:38 . 2011-09-29 11:38 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\2f83c7b63b1443a26f40b9f66bec3e2a\Microsoft.JScript.ni.dll
    + 2011-09-29 05:06 . 2011-09-29 05:06 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\fcccb5e4d4bd338c678efcfa2b3e1058\Microsoft.CSharp.ni.dll
    + 2011-02-10 20:27 . 2011-09-16 14:38 47369160 c:\windows\system32\MRT.exe
    + 2009-03-08 09:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
    + 2011-02-10 20:29 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
    + 2011-09-29 05:08 . 2011-09-29 05:08 20333056 c:\windows\Installer\30404b.msp
    + 2011-04-13 15:37 . 2011-04-13 15:37 19201024 c:\windows\Installer\304037.msp
    + 2011-09-29 04:51 . 2010-12-21 10:29 11080704 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
    + 2011-09-29 05:07 . 2011-09-29 05:07 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll
    + 2011-09-29 11:39 . 2011-09-29 11:39 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dc31b22f78cb510bf470f0ab5ef65816\System.ServiceModel.ni.dll
    + 2011-09-29 11:38 . 2011-09-29 11:38 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\978e8514751373383f79c3fdd667aa2b\System.Data.Entity.ni.dll
    + 2011-09-29 05:05 . 2011-09-29 05:05 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2250ddb1626087da27fb00f46a679ff5\PresentationFramework.ni.dll
    + 2011-09-29 05:05 . 2011-09-29 05:05 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ca8307311e87b234b2faa5ee08332722\PresentationCore.ni.dll
    + 2011-09-29 04:56 . 2011-09-29 04:56 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll
    .
    -- Snapshot reset to current date --
    .
  23. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
    "SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
    "nwiz"="nwiz.exe" [2005-09-18 1519616]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-15 65536]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    .
    R?2 FreemakeUtilsService;Freemake Service;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [8/26/2011 2:20 PM 74240]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [5/2/2011 6:17 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [5/2/2011 6:17 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110920.001\BHDrvx86.sys [9/26/2011 6:11 PM 816760]
    R1 NGS;Norman General Security Driver;c:\program files\Norman\nvc\bin\ngs.sys [5/3/2011 1:42 PM 25032]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [5/2/2011 6:17 PM 136312]
    R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [4/3/2011 1:29 PM 1029480]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 6:16 PM 130008]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [8/25/2011 9:30 AM 123320]
    R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [8/25/2011 9:30 AM 126392]
    R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [4/3/2011 1:29 PM 1037672]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2011 2:18 PM 105592]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110928.030\IDSXpx86.sys [9/28/2011 6:18 PM 356280]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [5/9/2011 12:17 PM 225856]
    S?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S?2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2011 1:50 PM 136176]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2011 1:50 PM 136176]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\33.tmp --> c:\windows\system32\33.tmp [?]
    S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [4/3/2011 1:29 PM 128248]
    S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [4/3/2011 1:29 PM 108800]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:50]
    .
    2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:50]
    .
    2011-09-29 c:\windows\Tasks\NUSchedule.job
    - c:\program files\Norton Utilities 15\nu.exe [2011-04-03 06:23]
    .
    2011-09-29 c:\windows\Tasks\strvm.job
    - c:\windows\system32\mstext40H.dll [2011-04-01 19:03]
    .
    2011-09-29 c:\windows\Tasks\User_Feed_Synchronization-{8C583C3F-9553-4E6C-977F-A39374FB4BAD}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ca.yahoo.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 213.109.65.90 213.109.73.246 1.1.1.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hx1qwkps.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-29 09:15
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
    "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\33.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3476)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\rundll32.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\SOUNDMAN.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\imapi.exe
    c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-29 09:17:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-29 13:17
    ComboFix2.txt 2011-09-29 04:06
    .
    Pre-Run: 112,169,508,864 bytes free
    Post-Run: 112,173,047,808 bytes free
    .
    - - End Of File - - 325095EE8AF4B2286F967819CA7C0ACB


    sorry about the 3 parts .. be back on monday
  24. Broni

    Broni Malware Annihilator Posts: 45,158   +242

    How is redirection now?
  25. doda69

    doda69 Newcomer, in training Topic Starter Posts: 38

    I thought we had it this mornning .. but i still being redirected ...sorry ..do I run combofix again?


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.