Our November Competition
 User Reviews - Add Yours!
The PCHF Lounge
Go Back   PC Help Forum » Security & Safety » [Pending] HJT Logs
Reload this Page Im getting popups and adware
Register for a Free Account

[Pending] HJT Logs - Im getting popups and adware posted in the Security & Safety forums; ok as for limewire im using vista so there is no add and remove programs option so instead i went to the "uninstall" option in windows however limewire was nowhere ...


Reply
Free PC Performance Scan
Page 2 of 6 1 2 3456
Old 09-09-2009   #8
Elite Member
 
Join Date: Dec 2005
Posts: 409
Default Re: Im getting popups and adware
ok as for limewire im using vista so there is no add and remove programs option so instead i went to the "uninstall" option in windows however limewire was nowhere on the list so I then went to c:\programs and found a limewire folder but it just had two files in it so I deleted that whole folder and emptied the recycling bin. I dunno if that got rid of all traces of it though as Im sure there still some in the registry but Im sure you can tell me how to get rid of it completely if it is. heres the new combofix log:


ComboFix 09-09-08.05 - Tony 09/08/2009 20:56.2.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.447.158 [GMT -5:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
.
2009-09-09 02:04 . 2009-09-09 02:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-09 02:04 . 2009-09-09 02:04 -------- d-----w- c:\users\Music\AppData\Local\temp
2009-09-09 02:04 . 2009-09-09 02:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-08 00:20 . 2009-09-08 00:20 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
2009-09-08 00:19 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 00:19 . 2009-09-08 00:19 -------- d-----w- c:\programdata\Malwarebytes
2009-09-08 00:19 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 00:19 . 2009-09-08 00:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 16:46 . 2009-09-07 16:46 -------- d-----w- c:\programdata\fesorega
2009-09-07 16:46 . 2009-09-07 16:46 -------- d-----w- c:\programdata\fedoniko
2009-09-07 04:47 . 2009-09-08 01:48 -------- d-----w- c:\programdata\kanuzewa
2009-09-07 04:47 . 2009-09-07 04:47 -------- d-----w- c:\programdata\mozejowi
2009-09-07 04:47 . 2009-09-07 04:47 -------- d-----w- c:\programdata\fividole
2009-09-07 04:46 . 2009-09-07 04:46 -------- d-----w- c:\programdata\zokutahi
2009-09-07 04:46 . 2009-09-07 04:46 -------- d-----w- c:\programdata\zetikude
2009-09-07 04:46 . 2009-09-07 04:46 -------- d-----w- c:\programdata\jopizozo
2009-09-06 12:46 . 2009-09-06 12:46 -------- d-----w- c:\programdata\rosilele
2009-09-06 12:46 . 2009-09-06 12:46 -------- d-----w- c:\programdata\lowefevu
2009-09-06 00:45 . 2009-09-06 00:45 -------- d-----w- c:\programdata\retenogu
2009-09-06 00:45 . 2009-09-06 00:45 -------- d-----w- c:\programdata\gijulewu
2009-09-05 12:45 . 2009-09-05 12:45 -------- d-----w- c:\programdata\tomiyegi
2009-09-05 12:45 . 2009-09-05 12:45 -------- d-----w- c:\programdata\dazetaha
2009-09-04 12:11 . 2009-09-04 12:11 -------- d-----w- c:\programdata\gulamono
2009-09-04 12:11 . 2009-09-04 12:11 -------- d-----w- c:\programdata\dokigera
2009-09-04 00:22 . 2009-09-04 00:22 -------- d-----w- c:\windows\system32\N360_BACKUP
2009-09-04 00:11 . 2009-09-04 00:11 -------- d-----w- c:\programdata\layezefu
2009-09-04 00:11 . 2009-09-04 00:11 -------- d-----w- c:\programdata\fetabeke
2009-09-03 12:11 . 2009-09-03 12:11 -------- d-----w- c:\programdata\fajeyeyi
2009-09-03 12:11 . 2009-09-03 12:11 -------- d-----w- c:\programdata\bayefiza
2009-09-03 00:11 . 2009-09-03 00:11 -------- d-----w- c:\programdata\sonudodu
2009-09-03 00:11 . 2009-09-03 00:11 -------- d-----w- c:\programdata\lipupara
2009-09-03 00:11 . 2009-09-03 00:11 -------- d-----w- c:\programdata\bihomimo
2009-09-02 12:11 . 2009-09-02 12:11 -------- d-----w- c:\programdata\bozifodi
2009-09-02 12:11 . 2009-09-02 12:11 -------- d-----w- c:\programdata\nuponifi
2009-09-02 12:11 . 2009-09-02 12:11 -------- d-----w- c:\programdata\jidojofe
2009-09-02 00:10 . 2009-09-02 22:35 -------- d-----w- c:\programdata\yodupupu
2009-09-02 00:10 . 2009-09-02 00:10 -------- d-----w- c:\programdata\hovepomi
2009-09-02 00:10 . 2009-09-02 00:10 -------- d-----w- c:\programdata\bihinoga
2009-09-01 12:10 . 2009-09-01 12:10 -------- d-----w- c:\programdata\ruzulivo
2009-09-01 12:10 . 2009-09-01 12:10 -------- d-----w- c:\programdata\munorayo
2009-09-01 12:10 . 2009-09-01 12:10 -------- d-----w- c:\programdata\hovewifa
2009-09-01 00:11 . 2009-09-08 01:45 -------- d-----w- c:\programdata\wurigime
2009-09-01 00:11 . 2009-09-08 01:45 -------- d-----w- c:\programdata\debesipe
2009-09-01 00:11 . 2009-09-08 01:45 -------- d-----w- c:\programdata\bufigabu
2009-09-01 00:10 . 2009-09-08 01:45 -------- d-----w- c:\programdata\fomuboza
2009-09-01 00:10 . 2009-09-05 14:40 -------- d-----w- c:\programdata\dadejije
2009-09-01 00:10 . 2009-09-05 14:40 -------- d-----w- c:\programdata\gatasapo
2009-09-01 00:10 . 2009-09-01 14:49 -------- d-----w- c:\programdata\nivajume
2009-08-31 12:10 . 2009-09-05 14:40 -------- d-----w- c:\programdata\dolayune
2009-08-31 12:10 . 2009-09-05 14:40 -------- d-----w- c:\programdata\gifereha
2009-08-31 12:10 . 2009-09-01 14:49 -------- d-----w- c:\programdata\jarohomo
2009-08-31 00:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\novufuvi
2009-08-31 00:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\kuvewawe
2009-08-31 00:09 . 2009-09-01 14:49 -------- d-----w- c:\programdata\megisedo
2009-08-30 12:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\voriduzi
2009-08-30 12:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\nuwolili
2009-08-30 12:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\devawije
2009-08-30 00:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\heferose
2009-08-30 00:09 . 2009-09-05 14:40 -------- d-----w- c:\programdata\sodekeba
2009-08-30 00:09 . 2009-09-04 14:17 -------- d-----w- c:\programdata\kijayavo
2009-08-29 12:22 . 2009-08-29 12:22 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-29 12:22 . 2009-01-15 17:19 23848 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-29 12:22 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\users\Tony\AppData\Local\Downloaded Installations
2009-08-29 12:22 . 2009-08-29 12:21 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-08-29 12:22 . 2009-08-29 12:22 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\program files\Symantec
2009-08-29 12:18 . 2009-08-29 12:18 -------- d-----w- c:\windows\system32\drivers\N360
2009-08-29 12:18 . 2009-08-29 12:19 -------- d-----w- c:\program files\Norton 360
2009-08-29 12:11 . 2009-08-29 12:11 -------- d-----w- c:\programdata\PCSettings
2009-08-29 12:09 . 2009-09-05 14:40 -------- d-----w- c:\programdata\gabuvike
2009-08-29 12:09 . 2009-09-04 13:07 -------- d-----w- c:\programdata\duyaroli
2009-08-29 12:09 . 2009-09-03 21:04 -------- d-----w- c:\programdata\mozawino
2009-08-29 12:07 . 2009-08-29 12:11 -------- d-----w- c:\programdata\Norton
2009-08-29 12:07 . 2009-08-29 12:07 -------- d-----w- c:\programdata\NortonInstaller
2009-08-29 12:07 . 2009-08-29 12:07 -------- d-----w- c:\program files\NortonInstaller
2009-08-29 12:04 . 2009-08-29 12:04 -------- d-----w- c:\programdata\Symantec Temporary Files
2009-08-29 00:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\kawarezu
2009-08-29 00:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\vebeleje
2009-08-29 00:08 . 2009-09-03 14:15 -------- d-----w- c:\programdata\vefiyohu
2009-08-28 12:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\morezahe
2009-08-28 12:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\mijepubi
2009-08-28 00:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\ranitiri
2009-08-28 00:08 . 2009-09-04 14:17 -------- d-----w- c:\programdata\botapovu
2009-08-28 00:08 . 2009-08-31 13:25 -------- d-----w- c:\programdata\rusagimo
2009-08-27 12:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\wihomeki
2009-08-27 12:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\sawigewe
2009-08-27 12:08 . 2009-09-03 21:04 -------- d-----w- c:\programdata\fukohoma
2009-08-27 08:03 . 2009-06-22 08:44 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 22:04 . 2009-09-05 14:40 -------- d-----w- c:\programdata\pigatedu
2009-08-26 22:04 . 2009-09-05 14:40 -------- d-----w- c:\programdata\menukabu
2009-08-26 22:04 . 2009-09-04 13:09 -------- d-----w- c:\programdata\bozikuyo
2009-08-26 22:03 . 2009-09-05 20:57 -------- d-----w- c:\programdata\kiyuwalu
2009-08-26 22:03 . 2009-09-05 14:40 -------- d-----w- c:\programdata\popeyime
2009-08-26 22:03 . 2009-08-26 22:03 -------- d-----w- c:\programdata\dejezibi
2009-08-26 10:03 . 2009-08-26 10:03 -------- d-----w- c:\programdata\vokoluwo
2009-08-26 10:03 . 2009-09-04 14:17 -------- d-----w- c:\programdata\pupezeri
2009-08-25 03:46 . 2009-09-08 00:35 -------- d-----w- c:\programdata\rotariti
2009-08-25 03:46 . 2009-09-08 00:34 -------- d-----w- c:\programdata\pohubeli
2009-08-25 03:46 . 2009-08-31 13:21 -------- d-----w- c:\programdata\bopedisu
2009-08-24 15:45 . 2009-09-08 00:34 -------- d-----w- c:\programdata\punehomi
2009-08-24 15:45 . 2009-09-08 00:34 -------- d-----w- c:\programdata\lebobofu
2009-08-24 15:45 . 2009-09-03 21:00 -------- d-----w- c:\programdata\suliweya
2009-08-24 15:45 . 2009-08-24 15:45 -------- d-----w- c:\programdata\NVIDIA
2009-08-24 08:08 . 2009-08-24 08:08 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2009-08-23 23:56 . 2009-09-08 00:43 -------- d-----w- c:\programdata\divitawu
2009-08-23 23:56 . 2009-09-08 00:39 -------- d-----w- c:\programdata\zajeyema
2009-08-23 23:56 . 2009-09-08 00:38 -------- d-----w- c:\programdata\vupowose
2009-08-23 23:56 . 2009-09-03 21:04 -------- d-----w- c:\programdata\ruziveki
2009-08-23 16:30 . 2009-08-23 16:30 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-08-23 16:30 . 2009-08-23 16:30 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-08-23 16:30 . 2009-08-23 16:30 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-08-23 16:30 . 2009-08-23 16:30 272896 ----a-w- c:\windows\system32\polstore.dll
2009-08-23 16:23 . 2009-08-23 16:23 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-08-23 16:23 . 2009-08-23 16:23 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-08-23 16:23 . 2009-08-23 16:23 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-08-23 16:16 . 2009-08-23 16:16 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-08-23 16:16 . 2009-08-23 16:16 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-08-23 16:09 . 2009-08-23 16:09 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-08-23 16:02 . 2009-08-23 16:02 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-08-23 16:02 . 2009-08-23 16:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-08-23 16:02 . 2009-08-23 16:02 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-08-23 16:02 . 2009-08-23 16:02 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-23 16:02 . 2009-08-23 16:02 24064 ----a-w- c:\windows\system32\lpk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-03 21:05 . 2009-08-05 17:22 -------- d-----w- c:\programdata\dozusefo
2009-09-03 21:05 . 2009-08-06 11:45 -------- d-----w- c:\programdata\deguyigi
2009-09-03 21:00 . 2009-08-03 00:17 -------- d-----w- c:\programdata\fejoniso
2009-08-31 13:26 . 2009-08-08 23:01 -------- d-----w- c:\programdata\kasusihu
2009-08-29 13:11 . 2006-12-26 12:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-29 12:22 . 2009-08-29 12:22 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-29 12:22 . 2009-08-29 12:22 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-29 12:18 . 2006-12-26 12:55 -------- d-----w- c:\programdata\Symantec
2009-08-24 08:08 . 2009-08-24 08:08 3102720 ----a-w- c:\windows\system32\NlsData0045.dll
2009-08-23 16:53 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-23 16:52 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-08-23 12:45 . 2009-08-23 12:45 260096 ----a-w- c:\windows\system32\dpx.dll
2009-08-23 12:09 . 2009-08-23 12:09 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-23 12:09 . 2009-08-23 12:09 827392 ----a-w- c:\windows\system32\wininet..dll
2009-08-23 12:08 . 2009-08-23 12:08 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-23 12:08 . 2009-08-23 12:08 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-23 12:08 . 2009-08-23 12:08 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-09 02:29 . 2009-08-08 11:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-09 02:26 . 2009-08-08 11:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-05 17:22 . 2009-08-04 00:16 -------- d-----w- c:\programdata\suzozizi
2009-08-05 17:22 . 2009-08-04 00:16 -------- d-----w- c:\programdata\kifohala
2009-08-05 17:22 . 2009-08-04 00:16 -------- d-----w- c:\programdata\jaboyava
2009-08-05 17:21 . 2009-08-05 17:21 -------- d-----w- c:\programdata\pulelabi
2009-08-05 17:21 . 2009-08-05 17:21 -------- d-----w- c:\programdata\fohevepu
2009-08-05 05:01 . 2009-08-05 05:01 -------- d-----w- c:\programdata\sigosemo
2009-08-05 05:01 . 2009-08-05 05:01 -------- d-----w- c:\programdata\koyelulo
2009-08-04 17:01 . 2009-08-04 17:01 -------- d-----w- c:\programdata\yonijuwe
2009-08-04 17:01 . 2009-08-04 17:01 -------- d-----w- c:\programdata\fogususe
2009-08-04 00:15 . 2009-08-04 00:15 -------- d-----w- c:\programdata\yupaliba
.
((((((((((((((((((((((((((((( SnapShot@2009-09-08_19.27.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-26 13:04 . 2009-09-08 19:49 42402 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:02 . 2009-09-08 19:49 60576 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2007-07-02 02:06 . 2009-09-08 19:45 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2007-07-02 02:06 . 2009-09-08 15:09 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2007-07-02 02:06 . 2009-09-08 19:45 98304 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-02 02:06 . 2009-09-08 15:09 98304 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-02 02:06 . 2009-09-08 19:45 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2007-07-02 02:06 . 2009-09-08 15:09 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2007-07-02 02:35 . 2009-09-08 19:49 8302 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-857884917-759742797-3485681705-1000_UserData.bin
+ 2006-11-02 10:33 . 2009-09-08 19:50 626738 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-08 11:07 626738 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-09-08 19:50 107508 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-09-08 11:07 107508 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"vikafulah"="c:\progra~2\fedoniko\fedoniko.dll " [2009-09-07 88064]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-04 1261568]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe" [2006-11-25 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-06-20 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-26 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{294C820B-769C-45F8-9085-23141B98D6A3}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{D7E57710-B00B-42E3-BAB9-FF15A039A970}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{61A20DFF-D7ED-4B5D-A92B-3667356E14C9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{97702059-5105-4897-8112-B6C99225E271}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\030000 0.086\SymEFA.sys [8/29/2009 7:21 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.08 6\BHDrvx86.sys [8/29/2009 7:21 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000. 086\cchpx86.sys [8/29/2009 7:21 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090904. 002\IDSvix86.sys [9/5/2009 2:04 PM 293424]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [8/29/2009 7:21 AM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/2/2009 2:42 PM 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.08 6\symndisv.sys [8/29/2009 7:21 AM 39984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.us.acer.yahoo.com
uLocal Page = \blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo!
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 21:04
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N 360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3948)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
c:\progra~2\fedoniko\fedoniko.dll
c:\windows\System32\netshell.dll
.
Completion time: 2009-09-09 21:08
ComboFix-quarantined-files..txt 2009-09-09 02:08
ComboFix2.txt 2009-09-08 19:31
Pre-Run: 57,640,460,288 bytes free
Post-Run: 57,610,723,328 bytes free
291 --- E O F --- 2009-09-02 08:04
antoinejones is offline   Reply With Quote
Advertisement - Register to Remove

Old 09-09-2009   #9
Tech Support Team
 
Crush's Avatar
 
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112
PC Experience: Always Learning New Things
Default Re: Im getting popups and adware
antoineones,

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Code:
Folder::
c:\programdata\fesorega
c:\programdata\fedoniko
c:\programdata\kanuzewa
c:\programdata\mozejowi
c:\programdata\fividole
c:\programdata\zokutahi
c:\programdata\zetikude
c:\programdata\jopizozo
c:\programdata\rosilele
c:\programdata\lowefevu
c:\programdata\retenogu
c:\programdata\gijulewu
c:\programdata\tomiyegi
c:\programdata\dazetaha
c:\programdata\gulamono
c:\programdata\dokigera
c:\programdata\pigatedu
c:\programdata\menukabu
c:\programdata\bozikuyo
c:\programdata\kiyuwalu
c:\programdata\popeyime
c:\programdata\dejezibi
c:\programdata\vokoluwo
c:\programdata\pupezeri
c:\programdata\rotariti
c:\programdata\pohubeli
c:\programdata\bopedisu
c:\programdata\punehomi
c:\programdata\lebobofu
c:\programdata\suliweya
c:\programdata\divitawu
c:\programdata\zajeyema
c:\programdata\vupowose
c:\programdata\ruziveki
c:\programdata\dozusefo
c:\programdata\deguyigi
c:\programdata\fejoniso
c:\programdata\fayosipu
c:\programdata\vadelote
c:\programdata\tomasunu
c:\programdata\taposizo
c:\programdata\susanala
c:\programdata\suhaleti
c:\programdata\mebatajo
c:\programdata\lavejipu
c:\programdata\kihiloto
c:\programdata\bonikelo
c:\programdata\bijerudi
c:\programdata\bagatova
c:\programdata\kasusihu
c:\programdata\suzozizi
c:\programdata\kifohala
c:\programdata\jaboyava
c:\programdata\pulelabi
c:\programdata\fohevepu
c:\programdata\sigosemo
c:\programdata\koyelulo
c:\programdata\yonijuwe
c:\programdata\fogususe
c:\programdata\yupaliba
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*
__________________
Crush aka Chris
[Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate]
I am in fact, quite cool. My graphing calculator confirms this
Crush is offline   Reply With Quote
Old 09-09-2009   #10
Elite Member
 
Join Date: Dec 2005
Posts: 409
Default Re: Im getting popups and adware
heres the new logs, by the way after i ran combofix as instructed my desktop icons and taskbar were gone so I had to restart the pc (after saving the logfile) to get everything back up and running.



ComboFix 09-09-08.05 - Tony 09/08/2009 23:09.3.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.447.174 [GMT -5:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
Command switches used :: c:\users\Tony\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\bagatova
c:\programdata\bijerudi
c:\programdata\bonikelo
c:\programdata\bopedisu
c:\programdata\bozikuyo
c:\programdata\dazetaha
c:\programdata\dazetaha\dazetaha.dll
c:\programdata\deguyigi
c:\programdata\dejezibi
c:\programdata\dejezibi\dejezibi.dll
c:\programdata\divitawu
c:\programdata\dokigera
c:\programdata\dokigera\dokigera.dll
c:\programdata\dozusefo
c:\programdata\fayosipu
c:\programdata\fedoniko
c:\programdata\fedoniko\fedoniko.dll
c:\programdata\fejoniso
c:\programdata\fesorega
c:\programdata\fesorega\fesorega.dll
c:\programdata\fividole
c:\programdata\fividole\fividole.dll
c:\programdata\fogususe
c:\programdata\fogususe\fogususe.dll
c:\programdata\fohevepu
c:\programdata\fohevepu\fohevepu.dll
c:\programdata\gijulewu
c:\programdata\gijulewu\gijulewu.dll
c:\programdata\gulamono
c:\programdata\gulamono\gulamono.dll
c:\programdata\jaboyav a
c:\programdata\jaboyava\jaboyava.dll.tmp
c:\programdata\jopizozo
c:\programdata\jopizozo\jopizozo.dll
c:\programdata\kanuzewa
c:\programdata\kasusihu
c:\programdata\kifohala
c:\programdata\kifohala\kifohala.dll.tmp
c:\programdata\kihiloto
c:\programdata\kiyuwalu
c:\programdata\koyelulo
c:\programdata\koyelulo\koyelulo.dll
c:\programdata\lavejipu
c:\programdata\lebobofu
c:\programdata\lowefevu
c:\programdata\lowefevu\lowefevu.dll
c:\programdata\mebatajo
c:\programdata\menukabu
c:\programdata\mozejowi
c:\programdata\mozejowi\mozejowi.dll
c:\programdata\pigatedu
c:\programdata\pohubeli
c:\programdata\popeyime
c:\programdata\pulelabi
c:\programdata\pulelabi\pulelabi.dll
c:\programdata\punehomi
c:\programdata\pupezeri
c:\programdata\retenogu
c:\programdata\retenogu\retenogu.dll
c:\programdata\rosilele
c:\programdata\rosilele\rosilele.dll
c:\programdata\rotariti
c:\programdata\ruziveki
c:\programdata\sigosemo
c:\programdata\sigosemo\sigosemo.dll
c:\programdata\suhaleti
c:\programdata\suliweya
c:\programdata\susanala
c:\programdata\suzozizi
c:\programdata\suzozizi\suzozizi.dll.tmp
c:\programdata\taposizo
c:\programdata\tomasunu
c:\programdata\tomiyegi
c:\programdata\tomiyegi\tomiyegi.dll
c:\programdata\vadelote
c:\programdata\vokoluwo
c:\programdata\vokoluwo\vokoluwo.dll
c:\programdata\vupowose
c:\programdata\yonijuwe
c:\programdata\yonijuwe\yonijuwe.dll
c:\programdata\yupaliba
c:\programdata\yupaliba\yupaliba.dll
c:\programdata\zajeyema
c:\programdata\zetikude
c:\programdata\zetikude\zetikude.dll
c:\programdata\zokutahi
c:\programdata\zokutahi\zokutahi.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
.
2009-09-09 04:18 . 2009-09-09 04:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-09 04:18 . 2009-09-09 04:18 -------- d-----w- c:\users\Music\AppData\Local\temp
2009-09-09 04:18 . 2009-09-09 04:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-08 00:20 . 2009-09-08 00:20 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
2009-09-08 00:19 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 00:19 . 2009-09-08 00:19 -------- d-----w- c:\programdata\Malwarebytes
2009-09-08 00:19 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 00:19 . 2009-09-08 00:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-04 00:22 . 2009-09-04 00:22 -------- d-----w- c:\windows\system32\N360_BACKUP
2009-09-04 00:11 . 2009-09-04 00:11 -------- d-----w- c:\programdata\layezefu
2009-09-04 00:11 . 2009-09-04 00:11 -------- d-----w- c:\programdata\fetabeke
2009-09-03 12:11 . 2009-09-03 12:11 -------- d-----w- c:\programdata\fajeyeyi
2009-09-03 12:11 . 2009-09-03 12:11 -------- d-----w- c:\programdata\bayefiza
2009-09-03 00:11 . 2009-09-03 00:11 -------- d-----w- c:\programdata\sonudodu
2009-09-03 00:11 . 2009-09-03 00:11 -------- d-----w- c:\programdata\lipupara
2009-09-03 00:11 . 2009-09-03 00:11 -------- d-----w- c:\programdata\bihomimo
2009-09-02 12:11 . 2009-09-02 12:11 -------- d-----w- c:\programdata\bozifodi
2009-09-02 12:11 . 2009-09-02 12:11 -------- d-----w- c:\programdata\nuponifi
2009-09-02 12:11 . 2009-09-02 12:11 -------- d-----w- c:\programdata\jidojofe
2009-09-02 00:10 . 2009-09-02 22:35 -------- d-----w- c:\programdata\yodupupu
2009-09-02 00:10 . 2009-09-02 00:10 -------- d-----w- c:\programdata\hovepomi
2009-09-02 00:10 . 2009-09-02 00:10 -------- d-----w- c:\programdata\bihinoga
2009-09-01 12:10 . 2009-09-01 12:10 -------- d-----w- c:\programdata\ruzulivo
2009-09-01 12:10 . 2009-09-01 12:10 -------- d-----w- c:\programdata\munorayo
2009-09-01 12:10 . 2009-09-01 12:10 -------- d-----w- c:\programdata\hovewifa
2009-09-01 00:11 . 2009-09-08 01:45 -------- d-----w- c:\programdata\wurigime
2009-09-01 00:11 . 2009-09-08 01:45 -------- d-----w- c:\programdata\debesipe
2009-09-01 00:11 . 2009-09-08 01:45 -------- d-----w- c:\programdata\bufigabu
2009-09-01 00:10 . 2009-09-08 01:45 -------- d-----w- c:\programdata\fomuboza
2009-09-01 00:10 . 2009-09-05 14:40 -------- d-----w- c:\programdata\dadejije
2009-09-01 00:10 . 2009-09-05 14:40 -------- d-----w- c:\programdata\gatasapo
2009-09-01 00:10 . 2009-09-01 14:49 -------- d-----w- c:\programdata\nivajume
2009-08-31 12:10 . 2009-09-05 14:40 -------- d-----w- c:\programdata\dolayune
2009-08-31 12:10 . 2009-09-05 14:40 -------- d-----w- c:\programdata\gifereha
2009-08-31 12:10 . 2009-09-01 14:49 -------- d-----w- c:\programdata\jarohomo
2009-08-31 00:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\novufuvi
2009-08-31 00:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\kuvewawe
2009-08-31 00:09 . 2009-09-01 14:49 -------- d-----w- c:\programdata\megisedo
2009-08-30 12:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\voriduzi
2009-08-30 12:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\nuwolili
2009-08-30 12:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\devawije
2009-08-30 00:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\heferose
2009-08-30 00:09 . 2009-09-05 14:40 -------- d-----w- c:\programdata\sodekeba
2009-08-30 00:09 . 2009-09-04 14:17 -------- d-----w- c:\programdata\kijayavo
2009-08-29 12:22 . 2009-08-29 12:22 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-29 12:22 . 2009-01-15 17:19 23848 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-29 12:22 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\users\Tony\AppData\Local\Downloaded Installations
2009-08-29 12:22 . 2009-08-29 12:21 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-08-29 12:22 . 2009-08-29 12:22 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\program files\Symantec
2009-08-29 12:18 . 2009-09-09 03:35 -------- d-----w- c:\windows\system32\drivers\N360
2009-08-29 12:18 . 2009-08-29 12:19 -------- d-----w- c:\program files\Norton 360
2009-08-29 12:11 . 2009-08-29 12:11 -------- d-----w- c:\programdata\PCSettings
2009-08-29 12:09 . 2009-09-05 14:40 -------- d-----w- c:\programdata\gabuvike
2009-08-29 12:09 . 2009-09-04 13:07 -------- d-----w- c:\programdata\duyaroli
2009-08-29 12:09 . 2009-09-03 21:04 -------- d-----w- c:\programdata\mozawino
2009-08-29 12:07 . 2009-08-29 12:11 -------- d-----w- c:\programdata\Norton
2009-08-29 12:07 . 2009-08-29 12:07 -------- d-----w- c:\programdata\NortonInstaller
2009-08-29 12:07 . 2009-08-29 12:07 -------- d-----w- c:\program files\NortonInstaller
2009-08-29 12:04 . 2009-08-29 12:04 -------- d-----w- c:\programdata\Symantec Temporary Files
2009-08-29 00:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\kawarezu
2009-08-29 00:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\vebeleje
2009-08-29 00:08 . 2009-09-03 14:15 -------- d-----w- c:\programdata\vefiyohu
2009-08-28 12:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\morezahe
2009-08-28 12:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\mijepubi
2009-08-28 00:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\ranitiri
2009-08-28 00:08 . 2009-09-04 14:17 -------- d-----w- c:\programdata\botapovu
2009-08-28 00:08 . 2009-08-31 13:25 -------- d-----w- c:\programdata\rusagimo
2009-08-27 12:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\wihomeki
2009-08-27 12:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\sawigewe
2009-08-27 12:08 . 2009-09-03 21:04 -------- d-----w- c:\programdata\fukohoma
2009-08-27 08:03 . 2009-06-22 08:44 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-24 15:45 . 2009-08-24 15:45 -------- d-----w- c:\programdata\NVIDIA
2009-08-24 08:08 . 2009-08-24 08:08 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2009-08-23 16:30 . 2009-08-23 16:30 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-08-23 16:30 . 2009-08-23 16:30 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-08-23 16:30 . 2009-08-23 16:30 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-08-23 16:30 . 2009-08-23 16:30 272896 ----a-w- c:\windows\system32\polstore.dll
2009-08-23 16:23 . 2009-08-23 16:23 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-08-23 16:23 . 2009-08-23 16:23 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-08-23 16:23 . 2009-08-23 16:23 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-08-23 16:16 . 2009-08-23 16:16 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-08-23 16:16 . 2009-08-23 16:16 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-08-23 16:09 . 2009-08-23 16:09 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-08-23 16:02 . 2009-08-23 16:02 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-08-23 16:02 . 2009-08-23 16:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-08-23 16:02 . 2009-08-23 16:02 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-08-23 16:02 . 2009-08-23 16:02 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-23 16:02 . 2009-08-23 16:02 24064 ----a-w- c:\windows\system32\lpk.dll
2009-08-23 16:02 . 2009-08-23 16:02 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-23 15:54 . 2009-08-23 15:54 49664 ----a-w- c:\windows\system32\csrsrv.dll
2009-08-23 15:54 . 2009-08-23 15:54 376320 ----a-w- c:\windows\system32\winsrv.dll
2009-08-23 15:41 . 2009-08-23 15:41 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-08-23 15:33 . 2009-08-23 15:33 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-23 15:09 . 2009-08-23 15:09 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-08-23 15:02 . 2009-08-23 15:02 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-08-23 14:55 . 2009-08-23 14:55 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-08-23 14:55 . 2009-08-23 14:55 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-08-23 14:48 . 2009-08-23 14:48 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-23 14:41 . 2009-08-23 14:41 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-08-23 14:41 . 2009-08-23 14:41 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-08-23 14:41 . 2009-08-23 14:41 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-08-23 14:33 . 2009-08-23 14:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-23 14:33 . 2009-08-23 14:33 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-23 14:33 . 2009-08-23 14:33 1687040 ----a-w- c:\windows\system32\gameux.dll
2009-08-23 14:26 . 2009-08-23 14:26 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-08-23 14:20 . 2009-08-23 14:20 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-08-23 14:20 . 2009-08-23 14:20 1194496 ----a-w- c:\windows\system32\msxml3.dll
2009-08-23 14:13 . 2009-08-23 14:13 63488 ----a-w- c:\windows\system32\drivers\mpsdrv..sys
2009-08-23 14:13 . 2009-08-23 14:13 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2009-08-23 14:13 . 2009-08-23 14:13 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2009-08-23 14:13 . 2009-08-23 14:13 86016 ----a-w- c:\windows\system32\icfupgd.dll
2009-08-23 14:13 . 2009-08-23 14:13 16896 ----a-w- c:\windows\system32\wfapigp.dll
2009-08-23 14:13 . 2009-08-23 14:13 61952 ----a-w- c:\windows\system32\cmifw.dll
2009-08-23 14:13 . 2009-08-23 14:13 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-08-23 14:13 . 2009-08-23 14:13 178688 ----a-w- c:\windows\system32\iphlpsvc.dll
2009-08-23 14:13 . 2009-08-23 14:13 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2009-08-23 13:41 . 2009-08-23 13:41 696832 ----a-w- c:\windows\system32\localspl.dll
2009-08-23 13:35 . 2009-08-23 13:35 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-08-23 13:35 . 2009-08-23 13:35 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-08-23 13:35 . 2009-08-23 13:35 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-08-23 13:35 . 2009-08-23 13:35 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-08-23 13:35 . 2009-08-23 13:35 31232 ----a-w- c:\windows\system32\msvidc32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-03 21:00 . 2009-08-09 23:01 -------- d-----w- c:\programdata\marokeru
2009-08-29 13:11 . 2006-12-26 12:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-29 12:22 . 2009-08-29 12:22 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-29 12:22 . 2009-08-29 12:22 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-29 12:18 . 2006-12-26 12:55 -------- d-----w- c:\programdata\Symantec
2009-08-24 08:08 . 2009-08-24 08:08 3102720 ----a-w- c:\windows\system32\NlsData0045.dll
2009-08-23 16:53 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-23 16:52 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-08-23 12:45 . 2009-08-23 12:45 260096 ----a-w- c:\windows\system32\dpx.dll
2009-08-23 12:09 . 2009-08-23 12:09 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-23 12:09 . 2009-08-23 12:09 827392 ----a-w- c:\windows\system32\wininet.dll
2009-08-23 12:08 . 2009-08-23 12:08 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-23 12:08 . 2009-08-23 12:08 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-23 12:08 . 2009-08-23 12:08 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-09 02:29 . 2009-08-08 11:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-09 02:26 . 2009-08-08 11:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
((((((((((((((((((((((((((((( SnapShot@2009-09-08_19.27.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-26 13:04 . 2009-09-09 02:58 42442 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:02 . 2009-09-09 02:58 60656 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-09-09 03:36 . 2009-08-22 08:14 48688 c:\windows\System32\drivers\N360\0305020.00B\symnd isv.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 36400 c:\windows\System32\drivers\N360\0305020.00B\symnd is.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 33072 c:\windows\System32\drivers\N360\0305020.00B\symid s.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 89904 c:\windows\System32\drivers\N360\0305020.00B\symfw .sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 43696 c:\windows\System32\drivers\N360\0305020.00B\srtsp x.sys
+ 2007-07-02 02:06 . 2009-09-08 19:45 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2007-07-02 02:06 . 2009-09-08 15:09 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2007-07-02 02:06 . 2009-09-08 19:45 98304 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-02 02:06 . 2009-09-08 15:09 98304 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-02 02:06 . 2009-09-08 15:09 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2007-07-02 02:06 . 2009-09-08 19:45 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2007-07-02 02:35 . 2009-09-09 02:58 8334 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-857884917-759742797-3485681705-1000_UserData.bin
- 2006-11-02 10:33 . 2009-09-08 11:07 626738 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-09-09 03:00 626738 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-08 11:07 107508 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-09-09 03:00 107508 c:\windows\System32\perfc009.dat
+ 2009-09-09 03:36 . 2009-08-22 08:14 217136 c:\windows\System32\drivers\N360\0305020.00B\symtd i.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 310320 c:\windows\System32\drivers\N360\0305020.00B\SymEF A.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 308272 c:\windows\System32\drivers\N360\0305020..00B\srts p.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 482432 c:\windows\System32\drivers\N360\0305020.00B\cchpx 86.sys
+ 2009-09-09 03:36 .. 2009-08-22 08:14 259632 c:\windows\System32\drivers\N360\0305020.00B\BHDrv x86..sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-04 1261568]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe" [2006-11-25 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-06-20 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-26 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{294C820B-769C-45F8-9085-23141B98D6A3}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{D7E57710-B00B-42E3-BAB9-FF15A039A970}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{61A20DFF-D7ED-4B5D-A92B-3667356E14C9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{97702059-5105-4897-8112-B6C99225E271}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\030000 0.086\SymEFA.sys [8/29/2009 7:21 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.08 6\BHDrvx86.sys [8/29/2009 7:21 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000. 086\cchpx86.sys [8/29/2009 7:21 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090904. 002\IDSvix86.sys [9/5/2009 2:04 PM 293424]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [8/29/2009 7:21 AM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/2/2009 2:42 PM 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.08 6\symndisv.sys [8/29/2009 7:21 AM 39984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-vikafulah - c:\progra~2\fedoniko\fedoniko.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.us.acer.yahoo.com
uLocal Page = \blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo!
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 23:18
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N 360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-09-09 23:21
ComboFix-quarantined-files.txt 2009-09-09 04:21
ComboFix2.txt 2009-09-09 02:08
ComboFix3.txt 2009-09-08 19:31
Pre-Run: 57,531,518,976 bytes free
Post-Run: 57,501,425,664 bytes free
373 --- E O F --- 2009-09-02 08:04






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:03 AM, on 9/9/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal
Running processes:
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched..exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.ex e
C:\Users\Tony\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt..dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7..0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [vikafulah] Rundll32.exe "c:\progra~2\fedoniko\fedoniko.dll",a
O4 - Startup: Get 2 FREE Audiobooks.lnk = C:\Users\Tony\AppData\Local\Temp\HelpInstaller_Sta rtUp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 6612 bytes
antoinejones is offline   Reply With Quote
Old 09-09-2009   #11
Senior Security Analyst
 
chiaz's Avatar
 
Join Date: Jun 2006
Location: Singapore
Posts: 5,176
PC Experience: PC Guru
Default Re: Im getting popups and adware
Hello antoinejones,


I'm sorry, but Crush missed quite a fair bit of stuff. Let's flush it all out, shall we?

==========

1. Delete CFScript.txt from your desktop first.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the codebox below into it:

Code:
Folder::
c:\programdata\layezefu
c:\programdata\fetabeke
c:\programdata\fajeyeyi
c:\programdata\bayefiza
c:\programdata\sonudodu
c:\programdata\lipupara
c:\programdata\bihomimo
c:\programdata\bozifodi
c:\programdata\nuponifi
c:\programdata\jidojofe
c:\programdata\yodupupu
c:\programdata\hovepomi
c:\programdata\bihinoga
c:\programdata\ruzulivo
c:\programdata\munorayo
c:\programdata\hovewifa
c:\programdata\wurigime
c:\programdata\debesipe
c:\programdata\bufigabu
c:\programdata\fomuboza
c:\programdata\dadejije
c:\programdata\gatasapo
c:\programdata\nivajume
c:\programdata\dolayune
c:\programdata\gifereha
c:\programdata\jarohomo
c:\programdata\novufuvi
c:\programdata\kuvewawe
c:\programdata\megisedo
c:\programdata\voriduzi
c:\programdata\nuwolili
c:\programdata\devawije
c:\programdata\heferose
c:\programdata\sodekeba
c:\programdata\kijayavo
c:\programdata\gabuvike
c:\programdata\duyaroli
c:\programdata\mozawino
c:\programdata\kawarezu
c:\programdata\vebeleje
c:\programdata\vefiyohu
c:\programdata\morezahe
c:\programdata\mijepubi
c:\programdata\ranitiri
c:\programdata\botapovu
c:\programdata\rusagimo
c:\programdata\wihomeki
c:\programdata\sawigewe
c:\programdata\fukohoma
c:\programdata\marokeru

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"=-
"?????????"=-
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*
chiaz is offline   Reply With Quote
Old 09-09-2009   #12
Elite Member
 
Join Date: Dec 2005
Posts: 409
Default Re: Im getting popups and adware
ok heres the new hjt and combofix reports, by the way when i restarted windows after this last combofix i got errors at startup saying certain .dll files couldnt be found (as if they were important files or somethin lol) that i didnt get at startup prior to the last combofix scan, but despite those errors windows seems to be working normally at least, are those error reports normal and if so can they be fixed or will I just have to live with em?


ComboFix 09-09-08.09 - Tony 09/09/2009 11:14.4.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.447.171 [GMT -5:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
Command switches used :: c:\users\Tony\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\bayefiza
c:\programdata\bayefiza\bayefiza.dll
c:\programdata\bihinoga
c:\programdata\bihinoga\bihinoga.dll
c:\programdata\bihomimo
c:\programdata\bihomimo\bihomimo.dll
c:\programdata\botapovu
c:\programdata\bozifodi
c:\programdata\bufigabu
c:\programdata\dadejije
c:\programdata\debesipe
c:\programdata\devawije
c:\programdata\dolayune
c:\programdata\duyaroli
c:\programdata\fajeyeyi
c:\programdata\fajeyeyi\fajeyeyi.dll
c:\programdata\fetabeke
c:\programdata\fetabeke\fetabeke.dll
c:\programdata\fomuboza
c:\programdata\fukohoma
c:\programdata\gabuvike
c:\programdata\gatasapo
c:\programdata\gifereha
c:\programdata\heferose
c:\programdata\hovepomi
c:\programdata\hovewifa
c:\programdata\hovewifa\hovewifa.dll
c:\programdata\jarohomo
c:\programdata\jidojofe
c:\programdata\jidojofe\jidojofe.dll
c:\programdata\kawarezu
c:\programdata\kijayavo
c:\prog ramdata\kuvewawe
c:\programdata\layezefu
c:\programdata\layezefu\layezefu.dll
c:\programdata\lipupara
c:\programdata\lipupara\lipupara.dll
c:\programdata\marokeru
c:\programdata\megisedo
c:\programdata\mijepubi
c:\programdata\morezahe
c:\programdata\mozawino
c:\programdata\munorayo
c:\programdata\munorayo\munorayo.dll
c:\programdata\nivajume
c:\programdata\novufuvi
c:\programdata\nuponifi
c:\programdata\nuponifi\nuponifi.dll
c:\programdata\nuwolili
c:\programdata\ranitiri
c:\programdata\rusagimo
c:\programdata\ruzulivo
c:\programdata\sawigewe
c:\programdata\sodekeba
c:\programdata\sonudodu
c:\programdata\vebeleje
c:\programdata\vefiyohu
c:\programdata\voriduzi
c:\programdata\wihomeki
c:\programdata\wurigime
c:\programdata\yodupupu
.
((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
.
2009-09-09 16:23 . 2009-09-09 16:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-09 16:23 . 2009-09-09 16:23 -------- d-----w- c:\users\Music\AppData\Local\temp
2009-09-09 16:23 . 2009-09-09 16:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-08 00:20 . 2009-09-08 00:20 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
2009-09-08 00:19 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 00:19 . 2009-09-08 00:19 -------- d-----w- c:\programdata\Malwarebytes
2009-09-08 00:19 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 00:19 . 2009-09-08 00:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-04 00:22 . 2009-09-04 00:22 -------- d-----w- c:\windows\system32\N360_BACKUP
2009-08-29 12:22 . 2009-08-29 12:22 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-29 12:22 . 2009-01-15 17:19 23848 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-29 12:22 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\users\Tony\AppData\Local\Downloaded Installations
2009-08-29 12:22 . 2009-08-29 12:21 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-08-29 12:22 . 2009-08-29 12:22 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\program files\Symantec
2009-08-29 12:18 . 2009-09-09 03:35 -------- d-----w- c:\windows\system32\drivers\N360
2009-08-29 12:18 . 2009-08-29 12:19 -------- d-----w- c:\program files\Norton 360
2009-08-29 12:11 . 2009-08-29 12:11 -------- d-----w- c:\programdata\PCSettings
2009-08-29 12:07 . 2009-08-29 12:11 -------- d-----w- c:\programdata\Norton
2009-08-29 12:07 . 2009-08-29 12:07 -------- d-----w- c:\programdata\NortonInstaller
2009-08-29 12:07 . 2009-08-29 12:07 -------- d-----w- c:\program files\NortonInstaller
2009-08-29 12:04 . 2009-08-29 12:04 -------- d-----w- c:\programdata\Symantec Temporary Files
2009-08-27 08:03 . 2009-06-22 08:44 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-24 15:45 . 2009-08-24 15:45 -------- d-----w- c:\programdata\NVIDIA
2009-08-24 08:08 . 2009-08-24 08:08 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2009-08-23 16:30 . 2009-08-23 16:30 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-08-23 16:30 . 2009-08-23 16:30 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-08-23 16:30 . 2009-08-23 16:30 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-08-23 16:30 . 2009-08-23 16:30 272896 ----a-w- c:\windows\system32\polstore.dll
2009-08-23 16:23 . 2009-08-23 16:23 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-08-23 16:23 . 2009-08-23 16:23 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-08-23 16:23 . 2009-08-23 16:23 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-08-23 16:16 . 2009-08-23 16:16 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-08-23 16:16 . 2009-08-23 16:16 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-08-23 16:09 . 2009-08-23 16:09 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-08-23 16:02 . 2009-08-23 16:02 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-08-23 16:02 . 2009-08-23 16:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-08-23 16:02 . 2009-08-23 16:02 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-08-23 16:02 . 2009-08-23 16:02 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-23 16:02 . 2009-08-23 16:02 24064 ----a-w- c:\windows\system32\lpk.dll
2009-08-23 16:02 . 2009-08-23 16:02 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-23 15:54 . 2009-08-23 15:54 49664 ----a-w- c:\windows\system32\csrsrv.dll
2009-08-23 15:54 . 2009-08-23 15:54 376320 ----a-w- c:\windows\system32\winsrv.dll
2009-08-23 15:41 . 2009-08-23 15:41 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-08-23 15:33 . 2009-08-23 15:33 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-23 15:09 . 2009-08-23 15:09 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-08-23 15:02 . 2009-08-23 15:02 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-08-23 14:55 . 2009-08-23 14:55 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-08-23 14:55 . 2009-08-23 14:55 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-08-23 14:48 . 2009-08-23 14:48 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-23 14:41 . 2009-08-23 14:41 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-08-23 14:41 . 2009-08-23 14:41 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-08-23 14:41 . 2009-08-23 14:41 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-08-23 14:33 . 2009-08-23 14:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-23 14:33 . 2009-08-23 14:33 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-23 14:33 . 2009-08-23 14:33 1687040 ----a-w- c:\windows\system32\gameux.dll
2009-08-23 14:26 . 2009-08-23 14:26 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-08-23 14:20 . 2009-08-23 14:20 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-08-23 14:20 . 2009-08-23 14:20 1194496 ----a-w- c:\windows\system32\msxml3.dll
2009-08-23 14:13 . 2009-08-23 14:13 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2009-08-23 14:13 . 2009-08-23 14:13 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2009-08-23 14:13 . 2009-08-23 14:13 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2009-08-23 14:13 . 2009-08-23 14:13 86016 ----a-w- c:\windows\system32\icfupgd.dll
2009-08-23 14:13 . 2009-08-23 14:13 16896 ----a-w- c:\windows\system32\wfapigp.dll
2009-08-23 14:13 . 2009-08-23 14:13 61952 ----a-w- c:\windows\system32\cmifw.dll
2009-08-23 14:13 . 2009-08-23 14:13 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-08-23 14:13 . 2009-08-23 14:13 178688 ----a-w- c:\windows\system32\iphlpsvc.dll
2009-08-23 14:13 . 2009-08-23 14:13 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2009-08-23 13:41 . 2009-08-23 13:41 696832 ----a-w- c:\windows\system32\localspl.dll
2009-08-23 13:35 . 2009-08-23 13:35 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-08-23 13:35 . 2009-08-23 13:35 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-08-23 13:35 . 2009-08-23 13:35 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-08-23 13:35 . 2009-08-23 13:35 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-08-23 13:35 . 2009-08-23 13:35 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-08-23 13:35 . 2009-08-23 13:35 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-08-23 13:29 . 2009-08-23 13:29 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2009-08-23 13:22 . 2009-08-23 13:22 2923520 ----a-w- c:\windows\explorer.exe
2009-08-23 13:03 . 2009-08-23 13:03 24064 ----a-w- c:\windows\system32\netcfg.exe
2009-08-23 13:03 . 2009-08-23 13:03 216632 ----a-w- c:\windows\system32\drivers\netio.sys
2009-08-23 13:03 . 2009-08-23 13:03 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-23 13:03 . 2009-08-23 13:03 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-08-23 13:03 . 2009-08-23 13:03 803328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-23 12:47 . 2009-08-23 12:47 1585664 ----a-w- c:\windows\system32\setupapi.dll
2009-08-23 12:45 . 2009-08-23 12:45 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-08-23 12:33 . 2009-08-23 12:33 549888 ----a-w- c:\windows\system32\rpcss.dll
2009-08-23 12:33 . 2009-08-23 12:33 3503584 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-23 12:33 . 2009-08-23 12:33 3469280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-23 12:33 . 2009-08-23 12:33 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-08-23 12:33 . 2009-08-23 12:33 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-08-23 12:33 . 2009-08-23 12:33 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2009-08-23 12:33 . 2009-08-23 12:33 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2009-08-23 12:33 . 2009-08-23 12:33 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-08-23 12:33 . 2009-08-23 12:33 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-08-23 12:33 . 2009-08-23 12:33 97280 ----a-w- c:\windows\system32\iasrecst.dll
2009-08-23 12:33 . 2009-08-23 12:33 53248 ----a-w- c:\windows\system32\iasads.dll
2009-08-23 12:33 . 2009-08-23 12:33 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2009-08-23 12:33 . 2009-08-23 12:33 158720 ----a-w- c:\windows\system32\sdohlp.dll
2009-08-23 12:20 . 2009-08-23 12:20 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2009-08-23 12:20 . 2009-08-23 12:20 2048 ----a-w- c:\windows\system32\asferror.dll
2009-08-23 12:20 . 2009-08-23 12:20 223232 ----a-w- c:\windows\system32\WMASF.DLL
2009-08-23 12:15 . 2009-08-23 12:15 7680 ----a-w- c:\windows\system32\lsass.exe
2009-08-23 12:15 . 2009-08-23 12:15 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-23 12:15 . 2009-08-23 12:15 1233408 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-23 12:15 . 2009-08-23 12:15 25600 ----a-w- c:\windows\system32\amxread.dll
2009-08-23 12:15 . 2009-08-23 12:15 14848 ----a-w- c:\windows\system32\apilogen.dll
2009-08-23 12:08 . 2009-08-23 12:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-23 12:05 . 2009-08-23 12:05 37376 ----a-w- c:\windows\system32\printcom.dll
2009-08-23 12:05 . 2009-08-23 12:05 441856 ----a-w- c:\windows\system32\win32spl.dll
2009-08-23 12:01 . 2009-08-23 12:01 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-08-23 12:01 . 2009-08-23 12:01 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-08-23 11:59 . 2009-08-23 11:59 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-23 11:59 . 2009-08-23 11:59 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-23 11:59 . 2009-08-23 11:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-23 11:59 . 2009-08-23 11:59 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-23 11:57 . 2009-08-23 11:57 11776 ----a-w- c:\windows\system32\sbunattend.exe
2009-08-23 11:48 . 2009-08-23 11:48 290304 ----a-w- c:\windows\system32\drivers\srv.sys
2009-08-23 11:42 . 2009-08-23 11:42 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2009-08-23 11:42 . 2009-08-23 11:42 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2009-08-23 11:38 . 2009-08-23 11:38 269824 ----a-w- c:\windows\system32\schannel.dll
2009-08-23 11:19 . 2009-08-23 11:19 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-23 11:19 . 2009-08-23 11:19 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-23 11:19 . 2009-08-23 11:19 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-23 11:19 . 2009-08-23 11:19 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-29 13:11 . 2006-12-26 12:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-29 12:22 . 2009-08-29 12:22 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-29 12:22 . 2009-08-29 12:22 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-29 12:18 . 2006-12-26 12:55 -------- d-----w- c:\programdata\Symantec
2009-08-24 08:08 . 2009-08-24 08:08 3102720 ----a-w- c:\windows\system32\NlsData0045.dll
2009-08-23 16:53 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-23 16:52 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-08-23 12:45 . 2009-08-23 12:45 260096 ----a-w- c:\windows\system32\dpx.dll
2009-08-23 12:09 . 2009-08-23 12:09 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-23 12:09 . 2009-08-23 12:09 827392 ----a-w- c:\windows\system32\wininet.dll
2009-08-23 12:08 . 2009-08-23 12:08 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-23 12:08 . 2009-08-23 12:08 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-23 12:08 . 2009-08-23 12:08 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-09 02:29 . 2009-08-08 11:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-09 02:26 . 2009-08-08 11:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
((((((((((((((((((((((((((((( SnapShot@2009-09-08_19.27.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-26 13:04 . 2009-09-09 02:58 42442 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:02 . 2009-09-09 06:37 60752 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-09-09 03:36 . 2009-08-22 08:14 48688 c:\windows\System32\drivers\N360\0305020.00B\symnd isv.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 36400 c:\windows\System32\drivers\N360\0305020.00B\symnd is.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 33072 c:\windows\System32\drivers\N360\0305020.00B\symid s.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 89904 c:\windows\System32\drivers\N360\0305020.00B\symfw .sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 43696 c:\windows\System32\drivers\N360\0305020.00B\srtsp x.sys
+ 2007-07-02 02:06 . 2009-09-09 16:07 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2007-07-02 02:06 . 2009-09-08 15:09 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2007-07-02 02:06 . 2009-09-09 16:07 98304 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-02 02:06 . 2009-09-08 15:09 98304 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-02 02:06 . 2009-09-08 15:09 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2007-07-02 02:06 . 2009-09-09 16:07 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2007-07-02 02:35 . 2009-09-09 06:37 8350 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-857884917-759742797-3485681705-1000_UserData.bin
+ 2009-09-09 02:54 . 2009-09-09 06:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-09-09 02:54 . 2009-09-09 06:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2006-11-02 10:33 . 2009-09-09 06:38 626738 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-08 11:07 626738 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-08 11:07 107508 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-09-09 06:38 107508 c:\windows\System32\perfc009.dat
+ 2009-09-09 03:36 . 2009-08-22 08:14 217136 c:\windows\System32\drivers\N360\0305020.00B\symtd i.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 310320 c:\windows\System32\drivers\N360\0305020.00B\SymEF A.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 308272 c:\windows\System32\drivers\N360\0305020.00B\srtsp .sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 482432 c:\windows\System32\drivers\N360\0305020.00B\cchpx 86.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 259632 c:\windows\System32\drivers\N360\0305020.00B\BHDrv x86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"vikafulah"="c:\progra~2\fedoniko\fedoniko.dll " [BU]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-04 1261568]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe" [2006-11-25 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-06-20 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-26 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{294C820B-769C-45F8-9085-23141B98D6A3}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{D7E57710-B00B-42E3-BAB9-FF15A039A970}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{61A20DFF-D7ED-4B5D-A92B-3667356E14C9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{97702059-5105-4897-8112-B6C99225E271}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\030000 0.086\SymEFA.sys [8/29/2009 7:21 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.08 6\BHDrvx86.sys [8/29/2009 7:21 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000. 086\cchpx86.sys [8/29/2009 7:21 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090904. 002\IDSvix86.sys [9/5/2009 2:04 PM 293424]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [8/29/2009 7:21 AM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/2/2009 2:42 PM 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.08 6\symndisv.sys [8/29/2009 7:21 AM 39984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.us.acer.yahoo.com
uLocal Page = \blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo!
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 11:23
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N 360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-09-09 11:26
ComboFix-quarantined-files.txt 2009-09-09 16:26
ComboFix2.txt 2009-09-09 04:21
ComboFix3.txt 2009-09-09 02:08
ComboFix4.txt 2009-09-08 19:31
Pre-Run: 57,518,202,880 bytes free
Post-Run: 57,489,375,232 bytes free
348 --- E O F --- 2009-09-02 08:04
-------------------------------------------rpt 7---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:38 PM, on 9/9/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Tony\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [vikafulah] Rundll32.exe "c:\progra~2\fedoniko\fedoniko.dll",a
O4 - Startup: Get 2 FREE Audiobooks.lnk = C:\Users\Tony\AppData\Local\Temp\HelpInstaller_Sta rtUp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 6487 bytes
antoinejones is offline   Reply With Quote
Old 09-10-2009   #13
Senior Security Analyst
 
chiaz's Avatar
 
Join Date: Jun 2006
Location: Singapore
Posts: 5,176
PC Experience: PC Guru
Default Re: Im getting popups and adware
Hi,

ok heres the new hjt and combofix reports, by the way when i restarted windows after this last combofix i got errors at startup saying certain .dll files couldnt be found (as if they were important files or somethin lol) that i didnt get at startup prior to the last combofix scan, but despite those errors windows seems to be working normally at least, are those error reports normal and if so can they be fixed or will I just have to live with em?
Shows that we have done something good here! But don't worry, these errors can be gotten rid of once we eliminate the remnants.

========

Please run HijackThis and place a tick by the following entries:
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [vikafulah] Rundll32.exe "c:\progra~2\fedoniko\fedoniko.dll",a


Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.

Now please update MBAM, and run a full scan with it. Once you're done, I will want to see new logs from the following programs:
1) MBAM
2) HijackThis
3) ComboFix

Also let me know how your PC is running at this point in time.
chiaz is offline   Reply With Quote
Old 09-10-2009   #14
Elite Member
 
Join Date: Dec 2005
Posts: 409
Default Re: Im getting popups and adware
Well Ive been wondering when I first used combofix, after its run and done whatever it does, I could close it and see plus access all the file son my desktop just fine, however after the first time of using it every other time Ive used it my desktop/taskbar would either disappear or my desktop stays there but I cant open/access any of the files on it (internet explorer is teh only one I tried, hijackthis opened just fine after a combofix) the only way to fix that problem is to restart after combofix which isnt a big deal but I never had to do it when I first used it. Is that normal?


Also one of the two files you had me fix on HJT is still there, even after I checked it and had it fix checked twice plus restarted the pc, it still shows up in the HJT log but the Pc SEEMS to be running fine, Ill let you know if anything new develops, heres the new logs:


Malwarebytes' Anti-Malware 1.40
Database version: 2773
Windows 6.0.6000
9/10/2009 12:56:32 PM
mbam-log-2009-09-10 (12-56-32).txt
Scan type: Full Scan (C:\|)
Objects scanned: 156463
Time elapsed: 54 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
------------------------------------------------
ComboFix 09-09-09.09 - Tony 09/10/2009 13:02.5.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.447.121 [GMT -5:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.
2009-09-10 18:10 . 2009-09-10 18:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-10 18:10 . 2009-09-10 18:10 -------- d-----w- c:\users\Music\AppData\Local\temp
2009-09-10 18:10 . 2009-09-10 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-09 16:46 . 2009-06-10 12:07 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-09 16:46 . 2009-06-10 12:07 2855424 ----a-w- c:\windows\system32\mf.dll
2009-09-09 16:46 . 2009-06-10 10:15 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-09 16:46 . 2009-06-10 10:14 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-09 16:46 . 2009-06-10 08:50 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-09 16:45 . 2009-06-15 15:29 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-09 16:45 . 2009-06-15 15:25 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 16:45 . 2009-06-15 15:23 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-09 16:45 . 2009-06-15 15:23 494592 ----a-w- c:\windows\system32\kerberos.dll
2009-09-09 16:45 . 2009-06-15 18:12 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-09 16:45 . 2009-06-15 15:28 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-09 16:45 . 2009-06-15 15:28 272384 ----a-w- c:\windows\system32\schannel.dll
2009-09-09 16:45 . 2009-06-15 13:10 7680 ----a-w- c:\windows\system32\lsass.exe
2009-09-08 00:20 . 2009-09-08 00:20 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
2009-09-08 00:19 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 00:19 . 2009-09-08 00:19 -------- d-----w- c:\programdata\Malwarebytes
2009-09-08 00:19 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 00:19 . 2009-09-08 00:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-04 00:22 . 2009-09-04 00:22 -------- d-----w- c:\windows\system32\N360_BACKUP
2009-08-29 12:22 . 2009-08-29 12:22 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-29 12:22 . 2009-01-15 17:19 23848 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-29 12:22 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\users\Tony\AppData\Local\Downloaded Installations
2009-08-29 12:22 . 2009-08-29 12:21 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-08-29 12:22 . 2009-08-29 12:22 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\program files\Symantec
2009-08-29 12:18 . 2009-09-09 03:35 -------- d-----w- c:\windows\system32\drivers\N360
2009-08-29 12:18 . 2009-08-29 12:19 -------- d-----w- c:\program files\Norton 360
2009-08-29 12:11 . 2009-08-29 12:11 -------- d-----w- c:\programdata\PCSettings
2009-08-29 12:07 . 2009-08-29 12:11 -------- d-----w- c:\programdata\Norton
2009-08-29 12:07 . 2009-08-29 12:07 -------- d-----w- c:\programdata\NortonInstaller
2009-08-29 12:07 . 2009-08-29 12:07 -------- d-----w- c:\program files\NortonInstaller
2009-08-29 12:04 . 2009-08-29 12:04 -------- d-----w- c:\programdata\Symantec Temporary Files
2009-08-27 08:03 . 2009-06-22 08:44 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-24 15:45 . 2009-08-24 15:45 -------- d-----w- c:\programdata\NVIDIA
2009-08-24 08:08 . 2009-08-24 08:08 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2009-08-23 16:30 . 2009-08-23 16:30 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-08-23 16:30 . 2009-08-23 16:30 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-08-23 16:30 . 2009-08-23 16:30 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-08-23 16:30 . 2009-08-23 16:30 272896 ----a-w- c:\windows\system32\polstore.dll
2009-08-23 16:23 . 2009-08-23 16:23 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-08-23 16:23 . 2009-08-23 16:23 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-08-23 16:23 . 2009-08-23 16:23 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-08-23 16:16 . 2009-08-23 16:16 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-08-23 16:16 . 2009-08-23 16:16 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-08-23 16:09 . 2009-08-23 16:09 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-08-23 16:02 . 2009-08-23 16:02 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-08-23 16:02 . 2009-08-23 16:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-08-23 16:02 . 2009-08-23 16:02 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-08-23 16:02 . 2009-08-23 16:02 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-23 16:02 . 2009-08-23 16:02 24064 ----a-w- c:\windows\system32\lpk.dll
2009-08-23 16:02 . 2009-08-23 16:02 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-23 15:54 . 2009-08-23 15:54 49664 ----a-w- c:\windows\system32\csrsrv.dll
2009-08-23 15:54 . 2009-08-23 15:54 376320 ----a-w- c:\windows\system32\winsrv.dll
2009-08-23 15:41 . 2009-08-23 15:41 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-08-23 15:33 . 2009-08-23 15:33 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-23 15:09 . 2009-08-23 15:09 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-08-23 15:02 . 2009-08-23 15:02 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-08-23 14:55 . 2009-08-23 14:55 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-08-23 14:55 . 2009-08-23 14:55 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-08-23 14:48 . 2009-08-23 14:48 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-23 14:41 . 2009-08-23 14:41 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-08-23 14:41 . 2009-08-23 14:41 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-08-23 14:41 . 2009-08-23 14:41 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-08-23 14:33 . 2009-08-23 14:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-23 14:33 . 2009-08-23 14:33 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-23 14:33 . 2009-08-23 14:33 1687040 ----a-w- c:\windows\system32\gameux.dll
2009-08-23 14:26 . 2009-08-23 14:26 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-08-23 14:20 . 2009-08-23 14:20 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-08-23 14:20 . 2009-08-23 14:20 1194496 ----a-w- c:\windows\system32\msxml3.dll
2009-08-23 14:13 . 2009-08-23 14:13 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2009-08-23 14:13 . 2009-08-23 14:13 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2009-08-23 14:13 . 2009-08-23 14:13 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2009-08-23 14:13 . 2009-08-23 14:13 86016 ----a-w- c:\windows\system32\icfupgd.dll
2009-08-23 14:13 . 2009-08-23 14:13 16896 ----a-w- c:\windows\system32\wfapigp.dll
2009-08-23 14:13 . 2009-08-23 14:13 61952 ----a-w- c:\windows\system32\cmifw.dll
2009-08-23 14:13 . 2009-08-23 14:13 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-08-23 14:13 . 2009-08-23 14:13 178688 ----a-w- c:\windows\system32\iphlpsvc.dll
2009-08-23 14:13 . 2009-08-23 14:13 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2009-08-23 13:41 . 2009-08-23 13:41 696832 ----a-w- c:\windows\system32\localspl.dll
2009-08-23 13:35 . 2009-08-23 13:35 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-08-23 13:35 . 2009-08-23 13:35 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-08-23 13:35 . 2009-08-23 13:35 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-08-23 13:35 . 2009-08-23 13:35 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-08-23 13:35 . 2009-08-23 13:35 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-08-23 13:35 . 2009-08-23 13:35 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-08-23 13:29 . 2009-08-23 13:29 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2009-08-23 13:22 . 2009-08-23 13:22 2923520 ----a-w- c:\windows\explorer.exe
2009-08-23 13:03 . 2009-08-23 13:03 24064 ----a-w- c:\windows\system32\netcfg.exe
2009-08-23 12:47 . 2009-08-23 12:47 1585664 ----a-w- c:\windows\system32\setupapi.dll
2009-08-23 12:45 . 2009-08-23 12:45 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-08-23 12:33 . 2009-08-23 12:33 549888 ----a-w- c:\windows\system32\rpcss.dll
2009-08-23 12:33 . 2009-08-23 12:33 3503584 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-23 12:33 . 2009-08-23 12:33 3469280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-23 12:33 . 2009-08-23 12:33 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-08-23 12:33 . 2009-08-23 12:33 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-08-23 12:33 . 2009-08-23 12:33 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2009-08-23 12:33 . 2009-08-23 12:33 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2009-08-23 12:33 . 2009-08-23 12:33 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-08-23 12:33 . 2009-08-23 12:33 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-08-23 12:33 . 2009-08-23 12:33 97280 ----a-w- c:\windows\system32\iasrecst.dll
2009-08-23 12:33 . 2009-08-23 12:33 53248 ----a-w- c:\windows\system32\iasads.dll
2009-08-23 12:33 . 2009-08-23 12:33 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2009-08-23 12:33 . 2009-08-23 12:33 158720 ----a-w- c:\windows\system32\sdohlp.dll
2009-08-23 12:20 . 2009-08-23 12:20 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2009-08-23 12:20 . 2009-08-23 12:20 2048 ----a-w- c:\windows\system32\asferror.dll
2009-08-23 12:20 . 2009-08-23 12:20 223232 ----a-w- c:\windows\system32\WMASF.DLL
2009-08-23 12:15 . 2009-08-23 12:15 25600 ----a-w- c:\windows\system32\amxread.dll
2009-08-23 12:15 . 2009-08-23 12:15 14848 ----a-w- c:\windows\system32\apilogen.dll
2009-08-23 12:08 . 2009-08-23 12:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-23 12:05 . 2009-08-23 12:05 37376 ----a-w- c:\windows\system32\printcom.dll
2009-08-23 12:05 . 2009-08-23 12:05 441856 ----a-w- c:\windows\system32\win32spl.dll
2009-08-23 12:01 . 2009-08-23 12:01 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-08-23 12:01 . 2009-08-23 12:01 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-08-23 11:59 . 2009-08-23 11:59 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-23 11:59 . 2009-08-23 11:59 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-23 11:59 . 2009-08-23 11:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-23 11:59 . 2009-08-23 11:59 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-23 11:57 . 2009-08-23 11:57 11776 ----a-w- c:\windows\system32\sbunattend.exe
2009-08-23 11:48 . 2009-08-23 11:48 290304 ----a-w- c:\windows\system32\drivers\srv.sys
2009-08-23 11:42 . 2009-08-23 11:42 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-05 14:40 . 2009-08-10 20:15 -------- d-----w- c:\programdata\nivilivu
2009-09-05 14:40 . 2009-08-10 20:15 -------- d-----w- c:\programdata\zesamaga
2009-09-05 14:40 . 2009-08-11 08:14 -------- d-----w- c:\programdata\wilubore
2009-09-05 14:40 . 2009-08-10 20:14 -------- d-----w- c:\programdata\pugitefi
2009-09-05 14:40 . 2009-08-10 20:15 -------- d-----w- c:\programdata\kudepoga
2009-09-05 14:39 . 2009-08-10 20:14 -------- d-----w- c:\programdata\burivuvu
2009-08-29 13:11 . 2006-12-26 12:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-29 12:22 . 2009-08-29 12:22 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-29 12:22 . 2009-08-29 12:22 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-29 12:18 . 2006-12-26 12:55 -------- d-----w- c:\programdata\Symantec
2009-08-24 08:08 . 2009-08-24 08:08 3102720 ----a-w- c:\windows\system32\NlsData0045.dll
2009-08-23 16:53 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-23 16:52 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-08-23 12:45 . 2009-08-23 12:45 260096 ----a-w- c:\windows\system32\dpx.dll
2009-08-23 12:09 . 2009-08-23 12:09 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-23 12:09 . 2009-08-23 12:09 827392 ----a-w- c:\windows\system32\wininet.dll
2009-08-23 12:08 . 2009-08-23 12:08 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-23 12:08 . 2009-08-23 12:08 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-23 12:08 . 2009-08-23 12:08 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-14 17:16 . 2009-09-09 16:47 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2009-08-14 16:42 . 2009-09-09 16:47 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-14 16:40 . 2009-09-09 16:47 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:40 . 2009-09-09 16:47 15360 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:25 . 2009-09-09 16:47 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25 . 2009-09-09 16:47 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:25 . 2009-09-09 16:47 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:25 . 2009-09-09 16:47 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25 . 2009-09-09 16:47 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:25 . 2009-09-09 16:47 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:25 . 2009-09-09 16:47 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:24 . 2009-09-09 16:47 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 14:23 . 2009-09-09 16:47 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-08-11 08:14 . 2009-08-11 08:14 -------- d-----w- c:\programdata\pufajahe
2009-08-10 20:14 . 2009-08-10 20:14 -------- d-----w- c:\programdata\gugajere
2009-08-09 02:29 . 2009-08-08 11:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-09 02:26 . 2009-08-08 11:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-11 19:32 . 2009-09-09 16:47 502272 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:32 . 2009-09-09 16:47 297984 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:32 . 2009-09-09 16:47 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:32 . 2009-09-09 16:47 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-07-11 19:32 . 2009-09-09 16:47 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 19:26 . 2009-09-09 16:47 123904 ----a-w- c:\windows\system32\L2SecHC.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-08_19.27.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-09 16:47 . 2009-07-11 19:10 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a 7441b62d132\wlanhlp.dll
+ 2009-09-09 16:47 . 2009-07-11 19:10 65024 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a 7441b62d132\wlanapi.dll
+ 2009-09-09 16:47 . 2009-04-03 21:33 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a 7441b62d132\gatherWirelessInfo.vbs
+ 2009-09-09 16:47 . 2009-04-11 06:28 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9dedd b8d02397ad3\wlanhlp.dll
+ 2009-09-09 16:47 . 2009-07-11 19:01 65024 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9dedd b8d02397ad3\wlanapi.dll
+ 2009-09-09 16:47 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9dedd b8d02397ad3\gatherWirelessInfo.vbs
+ 2009-09-09 16:47 . 2009-07-11 19:17 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c950 7981e2d2ad5\wlanhlp.dll
+ 2009-09-09 16:47 . 2009-07-11 19:17 64512 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c950 7981e2d2ad5\wlanapi.dll
+ 2009-09-09 16:47 . 2009-04-01 19:09 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c950 7981e2d2ad5\gatherWirelessInfo.vbs
+ 2009-09-09 16:47 . 2008-01-19 07:36 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c 90f051fc5c6\wlanhlp.dll
+ 2009-09-09 16:47 . 2008-01-19 07:36 64512 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c 90f051fc5c6\wlanapi.dll
+ 2009-09-09 16:47 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c 90f051fc5c6\gatherWirelessInfo.vbs
+ 2009-09-09 16:47 . 2009-07-11 19:24 67584 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92f d9a211c6fd7\wlanhlp.dll
+ 2009-09-09 16:47 . 2009-07-11 19:24 47104 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92f d9a211c6fd7\wlanapi.dll
+ 2006-11-02 12:33 . 2006-11-02 12:33 14827 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92f d9a211c6fd7\gatherWirelessInfo.vbs
+ 2009-09-09 16:47 . 2009-07-11 19:32 67584 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b8 94107fccf79\wlanhlp.dll
+ 2009-09-09 16:47 . 2009-07-11 19:32 47104 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b8 94107fccf79\wlanapi.dll
+ 2006-11-02 12:33 . 2006-11-02 12:33 14827 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b8 94107fccf79\gatherWirelessInfo.vbs
+ 2009-09-09 16:47 . 2009-08-15 21:30 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d42 5ab49af00\netiougc.exe
+ 2009-09-09 16:47 . 2009-08-15 23:56 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d42 5ab49af00\netiomig.dll
+ 2009-09-09 16:47 . 2009-08-14 14:23 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f3 8922bdbf4\netiougc.exe
+ 2009-09-09 16:47 . 2009-08-14 16:40 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f3 8922bdbf4\netiomig.dll
+ 2009-09-09 16:47 . 2009-08-14 13:52 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_35370 9f565220c3d\ROUTE.EXE
+ 2009-09-09 16:47 . 2009-08-14 13:52 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_35370 9f565220c3d\NETSTAT.EXE
+ 2009-09-09 16:47 . 2009-08-14 13:52 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_35370 9f565220c3d\MRINFO.EXE
+ 2009-09-09 16:47 . 2009-08-14 13:52 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_35370 9f565220c3d\finger.exe
+ 2009-09-09 16:47 . 2009-08-14 13:52 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_35370 9f565220c3d\ARP.EXE
+ 2009-09-09 16:47 . 2009-08-14 13:49 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1 c424c4c841c\ROUTE.EXE
+ 2009-09-09 16:47 . 2009-08-14 13:49 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1 c424c4c841c\NETSTAT.EXE
+ 2009-09-09 16:47 . 2009-08-14 13:49 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1 c424c4c841c\MRINFO.EXE
+ 2009-09-09 16:47 . 2009-08-14 13:49 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1 c424c4c841c\finger.exe
+ 2009-09-09 16:47 . 2009-08-14 13:49 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1 c424c4c841c\ARP.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:11 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f64 8e1683e66cc\ROUTE.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:11 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f64 8e1683e66cc\NETSTAT.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:11 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f64 8e1683e66cc\MRINFO.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:11 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f64 8e1683e66cc\finger.exe
+ 2009-09-09 16:47 . 2009-08-14 14:11 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f64 8e1683e66cc\ARP.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:16 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd2 9ba4ee54f70\ROUTE.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:16 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd2 9ba4ee54f70\NETSTAT.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:16 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd2 9ba4ee54f70\MRINFO.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:16 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd2 9ba4ee54f70\finger.exe
+ 2009-09-09 16:47 . 2009-08-14 14:16 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd2 9ba4ee54f70\ARP.EXE
+ 2009-09-09 16:47 . 2009-08-15 21:31 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_31723 1f36ace26fb\ROUTE.EXE
+ 2009-09-09 16:47 . 2009-08-15 21:31 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_31723 1f36ace26fb\NETSTAT.EXE
+ 2009-09-09 16:47 . 2009-08-15 21:31 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_31723 1f36ace26fb\MRINFO.EXE
+ 2009-09-09 16:47 . 2009-08-15 21:31 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_31723 1f36ace26fb\finger.exe
+ 2009-09-09 16:47 . 2009-08-15 21:31 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_31723 1f36ace26fb\ARP.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:25 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8b d0651b053ef\ROUTE.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:25 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8b d0651b053ef\NETSTAT.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:25 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8b d0651b053ef\MRINFO.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:25 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8b d0651b053ef\finger.exe
+ 2009-09-09 16:47 . 2009-08-14 14:25 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8b d0651b053ef\ARP.EXE
+ 2009-09-09 16:47 . 2009-08-14 17:01 98376 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53 c52043eb1c22\FWPKCLNT.SYS
+ 2009-09-09 16:47 . 2009-08-15 21:29 85504 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcf ae32467adc51\FWPKCLNT.SYS
+ 2009-09-09 16:47 . 2009-08-14 16:00 17920 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb6 6ecc80d2b9bd\netevent.dll
+ 2009-09-09 16:47 . 2009-08-14 15:53 17920 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc 811967fd319c\netevent.dll
+ 2009-09-09 16:47 . 2009-08-14 16:24 17920 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75 adb883ef144c\netevent.dll
+ 2009-09-09 16:47 . 2009-08-14 16:29 17920 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c 8e916a95fcf0\netevent.dll
+ 2009-09-09 16:47 . 2009-08-15 23:56 15360 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f1 96ca867ed47b\netevent.dll
+ 2009-09-09 16:47 . 2009-08-14 16:40 15360 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_5868 21dd6d61016f\netevent.dll
+ 2009-09-09 16:46 . 2009-06-10 09:53 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_no ne_9e993405232e229b\rrinstaller.exe
+ 2009-09-09 16:46 . 2009-06-10 09:54 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_no ne_9e993405232e229b\mfps.dll
+ 2009-09-09 16:46 . 2009-06-10 09:53 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_no ne_9e993405232e229b\mfpmp.exe
+ 2009-09-09 16:46 . 2009-04-11 06:27 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_no ne_9e2369c00a004aef\rrinstaller.exe
+ 2009-09-09 16:46 . 2009-04-11 06:28 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_no ne_9e2369c00a004aef\mfps.dll
+ 2009-09-09 16:46 . 2009-04-11 06:27 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_no ne_9e2369c00a004aef\mfpmp.exe
+ 2009-09-09 16:46 . 2009-06-10 10:10 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_no ne_9cc4940f25f962e7\rrinstaller.exe
+ 2009-09-09 16:46 . 2009-06-10 11:56 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_no ne_9cc4940f25f962e7\mfps.dll
+ 2009-09-09 16:46 . 2009-06-10 10:10 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_no ne_9cc4940f25f962e7\mfpmp.exe
+ 2009-08-23 09:46 . 2009-08-23 09:46 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_no ne_9c1383940cfa6868\rrinstaller.exe
+ 2009-08-23 09:46 . 2009-08-23 09:46 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_no ne_9c1383940cfa6868\mfps.dll
+ 2009-08-23 09:46 . 2009-08-23 09:46 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_no ne_9c1383940cfa6868\mfpmp.exe
+ 2009-09-09 16:46 . 2009-06-10 10:01 52736 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_no ne_9ac68b3928e50d45\rrinstaller.exe
+ 2009-09-09 16:46 . 2009-06-10 12:00 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_no ne_9ac68b3928e50d45\mfps.dll
+ 2009-09-09 16:46 . 2009-06-10 10:01 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_no ne_9ac68b3928e50d45\mfpmp.exe
+ 2009-09-09 16:46 . 2009-06-10 10:14 52736 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_no ne_9a40172a0fc4863e\rrinstaller.exe
+ 2009-09-09 16:46 . 2009-06-10 12:07 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_no ne_9a40172a0fc4863e\mfps.dll
+ 2009-09-09 16:46 . 2009-06-10 10:15 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_no ne_9a40172a0fc4863e\mfpmp.exe
+ 2009-09-09 16:45 . 2009-06-15 15:00 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7 335e2fc\secur32.dll
+ 2009-09-09 16:45 . 2009-06-15 14:53 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5 a1929db\secur32.dll
+ 2009-09-09 16:45 . 2009-06-15 15:25 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da37 6115b2a\secur32.dll
+ 2009-09-09 16:45 . 2009-06-15 15:24 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5 d0228c9\secur32.dll
+ 2009-09-09 16:45 . 2009-06-15 15:08 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e7537 8eccda6\secur32.dll
+ 2009-09-09 16:45 . 2009-06-15 15:28 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745 fdd652a\secur32.dll
+ 2009-09-09 16:47 . 2009-08-14 13:51 30720 c:\windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c5 21bb0e416\tcpipreg.sys
+ 2009-09-09 16:47 . 2009-08-14 13:48 30720 c:\windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9 f02db5bf5\tcpipreg.sys
+ 2006-12-26 13:04 . 2009-09-10 16:53 42498 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:02 . 2009-09-10 16:53 60840 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-09-09 16:47 . 2009-08-14 16:40 49152 c:\windows\System32\migration\netiomig.dll
- 2009-08-23 13:03 . 2009-08-23 13:03 49152 c:\windows\System32\migration\netiomig.dll
+ 2009-09-09 03:36 . 2009-08-22 08:14 48688 c:\windows\System32\drivers\N360\0305020.00B\symnd isv.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 36400 c:\windows\System32\drivers\N360\0305020.00B\symnd is.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 33072 c:\windows\System32\drivers\N360\0305020.00B\symid s.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 89904 c:\windows\System32\drivers\N360\0305020.00B\symfw .sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 43696 c:\windows\System32\drivers\N360\0305020.00B\srtsp x.sys
- 2007-07-02 02:06 . 2009-09-08 15:09 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2007-07-02 02:06 . 2009-09-10 12:19 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2007-07-02 02:06 . 2009-09-10 12:19 98304 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-02 02:06 . 2009-09-08 15:09 98304 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-02 02:06 . 2009-09-10 12:19 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2007-07-02 02:06 . 2009-09-08 15:09 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-09-09 16:47 . 2009-08-14 13:52 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_35370 9f565220c3d\TCPSVCS.EXE
+ 2009-09-09 16:47 . 2009-08-14 13:52 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_35370 9f565220c3d\HOSTNAME.EXE
+ 2009-09-09 16:47 . 2009-08-14 13:49 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1 c424c4c841c\TCPSVCS.EXE
+ 2009-09-09 16:47 . 2009-08-14 13:49 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1 c424c4c841c\HOSTNAME.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:11 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f64 8e1683e66cc\TCPSVCS.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:11 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f64 8e1683e66cc\HOSTNAME.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:16 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd2 9ba4ee54f70\TCPSVCS.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:16 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd2 9ba4ee54f70\HOSTNAME.EXE
+ 2009-09-09 16:47 . 2009-08-15 21:31 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_31723 1f36ace26fb\TCPSVCS.EXE
+ 2009-09-09 16:47 . 2009-08-15 21:31 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_31723 1f36ace26fb\HOSTNAME.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:25 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8b d0651b053ef\TCPSVCS.EXE
+ 2009-09-09 16:47 . 2009-08-14 14:25 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8b d0651b053ef\HOSTNAME.EXE
+ 2009-09-09 16:46 . 2009-06-10 09:53 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_no ne_9e993405232e229b\mferror.dll
+ 2009-09-09 16:46 . 2009-04-11 04:54 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_no ne_9e2369c00a004aef\mferror.dll
+ 2009-09-09 16:46 . 2009-06-10 10:10 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_no ne_9cc4940f25f962e7\mferror.dll
+ 2006-11-02 12:34 . 2006-11-02 12:34 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_no ne_9c1383940cfa6868\mferror.dll
+ 2009-09-09 16:46 . 2009-06-10 08:43 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_no ne_9ac68b3928e50d45\mferror.dll
+ 2009-09-09 16:46 . 2009-06-10 08:50 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_no ne_9a40172a0fc4863e\mferror.dll
+ 2009-09-09 16:45 . 2009-06-15 12:51 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7 335e2fc\lsass.exe
+ 2009-09-09 16:45 . 2009-06-15 12:48 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5 a1929db\lsass.exe
+ 2009-09-09 16:45 . 2009-06-15 13:03 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da37 6115b2a\lsass.exe
+ 2009-09-09 16:45 . 2009-06-15 12:57 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5 d0228c9\lsass.exe
+ 2009-09-09 16:45 . 2009-06-15 12:59 7680 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e7537 8eccda6\lsass.exe
+ 2009-09-09 16:45 . 2009-06-15 13:10 7680 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745 fdd652a\lsass.exe
+ 2007-07-02 02:35 . 2009-09-10 16:54 8406 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-857884917-759742797-3485681705-1000_UserData.bin
+ 2009-09-10 16:51 . 2009-09-10 16:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-09-10 16:51 . 2009-09-10 16:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-09-09 16:47 . 2009-07-11 19:10 513536 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a 7441b62d132\wlansvc.dll
+ 2009-09-09 16:47 . 2009-07-11 19:10 302592 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a 7441b62d132\wlansec.dll
+ 2009-09-09 16:47 . 2009-07-11 19:10 293376 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a 7441b62d132\wlanmsm.dll
+ 2009-09-09 16:47 . 2009-07-11 19:01 513536 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9dedd b8d02397ad3\wlansvc.dll
+ 2009-09-09 16:47 . 2009-07-11 19:01 302592 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9dedd b8d02397ad3\wlansec.dll
+ 2009-09-09 16:47 . 2009-07-11 19:01 293376 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9dedd b8d02397ad3\wlanmsm.dll
+ 2009-09-09 16:47 . 2009-07-11 19:17 513536 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c950 7981e2d2ad5\wlansvc.dll
+ 2009-09-09 16:47 . 2009-07-11 19:17 302592 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c950 7981e2d2ad5\wlansec.dll
+ 2009-09-09 16:47 . 2009-07-11 19:17 293376 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c950 7981e2d2ad5\wlanmsm.dll
+ 2009-09-09 16:47 . 2009-07-11 19:32 513024 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c 90f051fc5c6\wlansvc.dll
+ 2009-09-09 16:47 . 2009-07-11 19:32 302592 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c 90f051fc5c6\wlansec.dll
+ 2009-09-09 16:47 . 2009-07-11 19:32 293376 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c 90f051fc5c6\wlanmsm.dll
+ 2009-09-09 16:47 . 2009-07-11 19:24 502784 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92f d9a211c6fd7\wlansvc.dll
+ 2009-09-09 16:47 . 2009-07-11 19:24 299520 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92f d9a211c6fd7\wlansec.dll
+ 2009-09-09 16:47 . 2009-07-11 19:24 289280 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92f d9a211c6fd7\wlanmsm.dll
+ 2009-09-09 16:47 . 2009-07-11 19:32 502272 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b8 94107fccf79\wlansvc.dll
+ 2009-09-09 16:47 . 2009-07-11 19:32 297984 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b8 94107fccf79\wlansec.dll
+ 2009-09-09 16:47 . 2009-07-11 19:32 290816 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b8 94107fccf79\wlanmsm.dll
+ 2009-09-09 16:47 . 2009-08-15 23:58 167424 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d42 5ab49af00\tcpipcfg.dll
+ 2009-09-09 16:47 . 2009-08-15 21:30 816640 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d42 5ab49af00\tcpip.sys
+ 2009-09-09 16:47 . 2009-08-14 16:42 167424 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f3 8922bdbf4\tcpipcfg.dll
+ 2009-09-09 16:47 . 2009-08-14 14:24 813568 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f3 8922bdbf4\tcpip.sys
+ 2009-09-09 16:47 . 2009-08-14 13:51 106496 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_35370 9f565220c3d\netiohlp.dll
+ 2009-09-09 16:47 . 2009-08-14 13:48 105984 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1 c424c4c841c\netiohlp.dll
+ 2009-09-09 16:47 . 2009-08-14 16:24 105472 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f64 8e1683e66cc\netiohlp.dll
+ 2009-09-09 16:47 . 2009-08-14 16:29 104960 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd2 9ba4ee54f70\netiohlp.dll
+ 2009-09-09 16:47 . 2009-08-15 23:56 103936 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_31723 1f36ace26fb\netiohlp.dll
+ 2009-09-09 16:47 . 2009-08-14 16:40 103936 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8b d0651b053ef\netiohlp.dll
+ 2009-09-09 16:47 . 2009-08-14 16:33 905784 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e 289d7caa2a80\tcpip.sys
+ 2009-09-09 16:47 . 2009-08-14 16:27 904776 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a4 3aea63d4a25f\tcpip.sys
+ 2009-09-09 16:47 . 2009-08-14 17:01 900168 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d 67897fc6850f\tcpip.sys
+ 2009-09-09 16:47 . 2009-08-14 17:07 897608 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b314 4862666d6db3\tcpip.sys
+ 2009-09-09 16:45 . 2009-06-15 15:00 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22152_none_2452 506b6bad8187\schannel.dll
+ 2009-09-09 16:45 . 2009-06-15 14:53 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18051_none_23c7 b3565290c866\schannel.dll
+ 2009-09-09 16:45 . 2009-06-15 15:25 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22450_none_2269 ddef6e88f9b5\schannel.dll
+ 2009-09-09 16:45 . 2009-06-15 15:24 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18272_none_21cc 9ffa5579c754\schannel.dll
+ 2009-09-09 16:45 . 2009-06-15 15:08 272384 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.21067_none_207f a79f71646c31\schannel.dll
+ 2009-09-09 16:45 . 2009-06-15 15:28 272384 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16870_none_1fe4 60c0585503b5\schannel.dll
+ 2009-09-09 16:45 . 2009-06-15 14:59 217600 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22152_none_7eeef230 78f56dde\msv1_0.dll
+ 2009-09-09 16:45 . 2009-06-15 14:53 218624 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18051_none_7e64551b 5fd8b4bd\msv1_0.dll
+ 2009-09-09 16:45 . 2009-06-15 15:24 213504 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22450_none_7d067fb4 7bd0e60c\msv1_0.dll
+ 2009-09-09 16:45 . 2009-06-15 15:22 213504 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18272_none_7c6941bf 62c1b3ab\msv1_0.dll
+ 2009-09-09 16:45 . 2009-06-15 15:06 216576 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21067_none_7b1c4964 7eac5888\msv1_0.dll
+ 2009-09-09 16:45 . 2009-06-15 15:25 216576 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16870_none_7a810285 659cf00c\msv1_0.dll
+ 2009-09-09 16:45 . 2009-06-15 14:58 500736 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.22152_none_e912 e288c7383abe\kerberos.dll
+ 2009-09-09 16:45 . 2009-06-15 14:52 499712 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.18051_none_e888 4573ae1b819d\kerberos.dll
+ 2009-09-09 16:45 . 2009-06-15 15:22 500736 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22450_none_e72a 700cca13b2ec\kerberos.dll
+ 2009-09-09 16:45 . 2009-06-15 15:21 499712 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.18272_none_e68d 3217b104808b\kerberos.dll
+ 2009-09-09 16:45 . 2009-06-15 15:04 496640 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.21067_none_e540 39bcccef2568\kerberos.dll
+ 2009-09-09 16:45 . 2009-06-15 15:23 494592 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.16870_none_e4a4 f2ddb3dfbcec\kerberos.dll
+ 2009-09-09 16:45 . 2009-06-15 15:00 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22152_none_3d0950 74931fbe8f\wdigest.dll
+ 2009-09-09 16:45 . 2009-06-15 14:54 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.18051_none_3c7eb3 5f7a03056e\wdigest.dll
+ 2009-09-09 16:45 . 2009-06-15 15:26 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22450_none_3b20dd f895fb36bd\wdigest.dll
+ 2009-09-09 16:45 . 2009-06-15 15:24 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18272_none_3a83a0 037cec045c\wdigest.dll
+ 2009-09-09 16:45 . 2009-06-15 15:09 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21067_none_3936a7 a898d6a939\wdigest.dll
+ 2009-09-09 16:45 . 2009-06-15 15:29 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.16870_none_389b60 c97fc740bd\wdigest.dll
+ 2009-09-09 16:45 . 2009-06-04 12:55 512000 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852ab f080d834b3e\jscript.dll
+ 2009-09-09 16:45 . 2009-06-04 12:07 512000 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a02 1f2f466921d\jscript.dll
+ 2009-09-09 16:45 . 2009-06-04 12:32 512000 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414 c42105faa15\jscript.dll
+ 2009-09-09 16:45 . 2009-06-04 12:33 512000 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50 e96f74f910b\jscript.dll
+ 2009-09-09 16:45 . 2009-06-04 12:28 512000 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_81434 36c134b5473\jscript.dll
+ 2009-09-09 16:45 . 2009-06-04 12:40 512000 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdc fa6fa29e6c3\jscript.dll
+ 2009-09-09 16:47 . 2009-08-14 16:23 438272 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53 c52043eb1c22\IKEEXT.DLL
+ 2009-09-09 16:47 . 2009-08-14 16:22 595456 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53 c52043eb1c22\FWPUCLNT.DLL
+ 2009-09-09 16:47 . 2009-08-14 16:21 328704 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53 c52043eb1c22\BFE.DLL
+ 2009-09-09 16:47 . 2009-08-15 23:54 416768 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcf ae32467adc51\IKEEXT.DLL
+ 2009-09-09 16:47 . 2009-08-15 23:54 543232 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcf ae32467adc51\FWPUCLNT.DLL
+ 2009-09-09 16:47 . 2009-08-15 23:53 317440 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcf ae32467adc51\BFE.DLL
+ 2009-09-09 16:47 . 2009-08-14 17:01 220232 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_non e_56cac20cceadcb78\netio.sys
+ 2009-09-09 16:47 . 2009-08-16 00:32 214104 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_non e_5546ab1ed13d8ba7\netio.sys
+ 2009-09-09 16:47 . 2009-08-14 17:16 213592 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_non e_54bd3631b81fb89b\netio.sys
+ 2009-09-09 16:45 . 2009-06-15 21:17 439880 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7 335e2fc\ksecdd.sys
+ 2009-09-09 16:45 . 2009-06-15 23:15 439864 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5 a1929db\ksecdd.sys
+ 2009-09-09 16:45 . 2009-06-15 18:40 439880 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da37 6115b2a\ksecdd.sys
+ 2009-09-09 16:45 . 2009-06-15 18:20 439896 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5 d0228c9\ksecdd.sys
+ 2009-09-09 16:45 . 2009-06-15 23:20 408136 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e7537 8eccda6\ksecdd.sys
+ 2009-09-09 16:45 . 2009-06-15 18:12 408136 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745 fdd652a\ksecdd.sys
+ 2009-09-09 16:47 . 2009-07-11 17:07 127488 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.2 2170_none_883d49e88f57f26d\L2SecHC.dll
+ 2009-09-09 16:47 . 2009-07-11 17:03 127488 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.1 8064_none_87c27e31762e9c0e\L2SecHC.dll
+ 2009-09-09 16:47 . 2009-07-11 19:14 127488 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.2 2468_none_8669aa3c92224c10\L2SecHC.dll
+ 2009-09-09 16:47 . 2009-07-11 19:29 127488 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.1 8288_none_85ca6bb37914e701\L2SecHC.dll
+ 2009-09-09 16:47 . 2009-07-11 19:18 124928 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.2 1082_none_8467a03e95119112\L2SecHC.dll
+ 2009-09-09 16:47 . 2009-07-11 19:26 123904 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.1 6884_none_83e02be57bf1f0b4\L2SecHC.dll
+ 2006-11-02 10:33 . 2009-09-10 16:56 626738 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-08 11:07 626738 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-08 11:07 107508 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-09-10 16:56 107508 c:\windows\System32\perfc009.dat
+ 2009-09-09 16:45 . 2009-06-04 12:40 512000 c:\windows\System32\jscript.dll
+ 2009-09-09 03:36 . 2009-08-22 08:14 217136 c:\windows\System32\drivers\N360\0305020.00B\symtd i.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 310320 c:\windows\System32\drivers\N360\0305020.00B\SymEF A.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 308272 c:\windows\System32\drivers\N360\0305020.00B\srtsp .sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 482432 c:\windows\System32\drivers\N360\0305020.00B\cchpx 86.sys
+ 2009-09-09 03:36 . 2009-08-22 08:14 259632 c:\windows\System32\drivers\N360\0305020.00B\BHDrv x86.sys
- 2006-11-02 12:45 . 2009-08-23 17:11 933862 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2006-11-02 12:45 . 2009-09-10 08:10 933862 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2009-09-09 16:46 . 2009-06-10 11:45 2386944 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.22150_none_096c8 896ec43f957\WMVCORE.DLL
+ 2009-09-09 16:46 . 2009-06-10 11:41 2386944 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.18049_none_08f6b e51d31621ab\WMVCORE.DLL
+ 2009-09-09 16:46 . 2009-06-10 11:59 2386944 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22447_none_0797e 8a0ef0f39a3\WMVCORE.DLL
+ 2009-09-09 16:46 . 2009-06-10 12:11 2386944 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18270_none_06e6d 825d6103f24\WMVCORE.DLL
+ 2009-09-09 16:46 . 2009-06-10 12:06 2436096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.21065_none_0599d fcaf1fae401\WMVCORE.DLL
+ 2009-09-09 16:46 . 2009-06-10 12:16 2433536 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16868_none_05136 bbbd8da5cfa\WMVCORE.DLL
+ 2009-09-09 16:46 . 2009-06-10 11:45 2868224 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_no ne_9e993405232e229b\mf.dll
+ 2009-09-09 16:46 . 2009-06-10 11:41 2868224 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_no ne_9e2369c00a004aef\mf.dll
+ 2009-09-09 16:46 . 2009-06-10 11:59 2868224 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_no ne_9cc4940f25f962e7\mf.dll
+ 2009-09-09 16:46 . 2009-06-10 12:11 2868224 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_no ne_9c1383940cfa6868\mf.dll
+ 2009-09-09 16:46 . 2009-06-10 12:00 2855424 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_no ne_9ac68b3928e50d45\mf.dll
+ 2009-09-09 16:46 . 2009-06-10 12:07 2855424 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_no ne_9a40172a0fc4863e\mf.dll
+ 2009-09-09 16:45 . 2009-06-15 14:58 1259008 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7 335e2fc\lsasrv.dll
+ 2009-09-09 16:45 . 2009-06-15 14:52 1259008 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5 a1929db\lsasrv.dll
+ 2009-09-09 16:45 . 2009-06-15 15:25 1257984 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da37 6115b2a\lsasrv.dll
+ 2009-09-09 16:45 . 2009-06-15 15:23 1256448 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5 d0228c9\lsasrv.dll
+ 2009-09-09 16:45 . 2009-06-15 15:04 1235456 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e7537 8eccda6\lsasrv.dll
+ 2009-09-09 16:45 . 2009-06-15 15:23 1233920 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745 fdd652a\lsasrv.dll
+ 2009-09-09 16:46 . 2009-06-10 12:16 2433536 c:\windows\System32\WMVCORE.DLL
- 2009-08-23 09:46 . 2009-08-23 09:46 2433536 c:\windows\System32\WMVCORE.DLL
- 2006-11-02 10:22 . 2009-09-02 22:03 6029312 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2009-09-10 08:08 6029312 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-08-26 08:04 . 2009-09-09 16:45 138611433 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001 c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-04 1261568]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe" [2006-11-25 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-06-20 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-26 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{294C820B-769C-45F8-9085-23141B98D6A3}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{D7E57710-B00B-42E3-BAB9-FF15A039A970}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{61A20DFF-D7ED-4B5D-A92B-3667356E14C9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{97702059-5105-4897-8112-B6C99225E271}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\030000 0.086\SYMEFA.SYS [2009-08-29 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.08 6\BHDrvx86.sys [2009-08-29 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000. 086\ccHPx86.sys [2009-08-29 482352]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090908. 006\IDSvix86.sys [2009-07-11 293424]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [2009-08-29 115560]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-28 102448]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\N360\0300000.08 6\SYMNDISV.SYS [2009-08-29 39984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.us.acer.yahoo.com
uLocal Page = \blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo!
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 13:11
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N 360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3400)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\wscntfy.dll
.
Completion time: 2009-09-10 13:15
ComboFix-quarantined-files.txt 2009-09-10 18:15
ComboFix2.txt 2009-09-09 16:26
ComboFix3.txt 2009-09-09 04:21
ComboFix4.txt 2009-09-09 02:08
ComboFix5.txt 2009-09-10 18:00
Pre-Run: 57,337,933,824 bytes free
Post-Run: 57,311,764,480 bytes free
541 --- E O F --- 2009-09-10 08:01
-----------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:32 PM, on 9/10/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Users\Tony\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Get 2 FREE Audiobooks.lnk = C:\Users\Tony\AppData\Local\Temp\HelpInstaller_Sta rtUp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 6406 bytes



lemme know when its safe to turn system restore back on plus rehide my hidden files/folders and enable/turn on my antivirus stuff (i.e norton lol) again
antoinejones is offline   Reply With Quote

Reply
Page 2 of 6 1 2 3456

Bookmarks

Tags
adware, Pending:, popups
Similar discussions...
Thread Thread Starter Forum Replies Last Post
Popups. Need help please! LifeIsABeach2191 [Fixed] Hijackthis! Logs 16 04-06-2009 11:58 AM
Pending: popups and more pooky [Pending] HJT Logs 2 04-02-2009 11:52 PM
Fixed: ad popups- help Marye [Fixed] Hijackthis! Logs 12 01-16-2009 01:17 AM
Fixed: Please Help. I can't get rid of popups. bcrow79 [Fixed] Hijackthis! Logs 9 01-10-2009 09:57 PM
[Fixed] Please Help- Adware/ Popups jcs626 [Fixed] Hijackthis! Logs 7 08-25-2007 03:48 PM

« Desktop Woes :( | Processes »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


Site Map - Top

All times are GMT. The time now is 03:17 PM.
Powered by vBulletin
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2