Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google/Bing redirect virus help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google/Bing redirect virus help

Unread postby mabbitt616 » May 10th, 2012, 8:36 pm

Thanks in advance for the help.

I somehow have obtained the google/bing redirect virus and need help getting rid of it. The virus is sending me to ad websites whenever I try to search websites through google or bing.

My DDS log is as follows:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Matthew Abbott at 20:27:30 on 2012-05-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.258 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiSynapseBridge.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Synapse UrlSearchHook Class: {3d31a26e-04d4-4b45-afd4-da4e1ae4af1b} - c:\program files\fuji medical system\synapse\workstation\FujiFld.dll
mURLSearchHooks: Synapse UrlSearchHook Class: {3d31a26e-04d4-4b45-afd4-da4e1ae4af1b} - c:\program files\fuji medical system\synapse\workstation\FujiFld.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Synapse BHO Class: {33414365-e6c7-460d-880a-a163bd69e84d} - c:\program files\fuji medical system\synapse\workstation\FujiFld.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Adobe] rundll32.exe "c:\documents and settings\matthew abbott\local settings\application data\apple computer\adobe\rlrjomrye.dll",DllRegisterServer
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [EeeSplendidAgent] c:\program files\asus\epc\eeesplendid\AsAgent.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [FujiSynapseBridge] "c:\program files\fuji medical system\synapse\workstation\FujiSynapseBridge.exe"
mRun: [Synapse URLSearchHook Configuration] RUNDLL32.EXE c:\progra~1\fujime~1\synapse\workst~1\FujiFld.dll,ConfigureSynapseUrlSearchHook
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
dRun: [Adobe] rundll32.exe "c:\documents and settings\matthew abbott\local settings\application data\apple computer\adobe\rlrjomrye.dll",DllRegisterServer
StartupFolder: c:\docume~1\matthe~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {1FBD11EF-1260-11D1-87A7-444553540001} - Local
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/Juni ... Client.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{236E87B1-95E4-4041-A2ED-2E03B5E01403} : DhcpNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\WinLogoutNotifier.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymDS.sys [2011-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymEFA.sys [2011-8-27 758904]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-5-31 11448]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\bashdefs\20120508.011\BHDrvx86.sys [2012-5-9 821880]
R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [2011-6-17 85288]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\Ironx86.sys [2011-9-13 137336]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-1-7 54752]
R2 PACS Client Updater;PACS Client Updater;c:\program files\agfa\impax client\Agfa.Client.Updater.Service.exe [2010-4-15 24576]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ccSvcHst.exe [2011-9-20 137224]
R2 SynapseUpdateSvc;Synapse Update Manager;c:\program files\fuji medical system\synapse\workstation\SynapseUpdateManager.exe [2010-10-22 199680]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\ipsdefs\20120510.001\IDSXpx86.sys [2012-5-10 356792]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-8-28 38912]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20120509.020\NAVENG.SYS [2012-5-9 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20120509.020\NAVEX15.SYS [2012-5-9 1576312]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-22 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-7 1684736]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]
S3 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-7-14 23888]
S3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files\common files\symantec shared\eengine\EraserUtilDrv11122.sys [2012-5-6 106104]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-6 704864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-22 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2010-1-7 39040]
.
=============== Created Last 30 ================
.
2012-05-10 12:19:04 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-05-10 11:08:11 -------- d-----w- c:\documents and settings\matthew abbott\local settings\application data\Threat Expert
2012-05-10 02:00:06 -------- d-----w- c:\program files\PC Tools
2012-05-10 01:08:57 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-05-10 01:08:57 -------- d-----w- c:\program files\common files\PC Tools
2012-05-10 01:06:13 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-05-10 01:06:11 -------- d-----w- c:\documents and settings\matthew abbott\application data\TestApp
.
==================== Find3M ====================
.
2012-03-26 00:12:20 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-26 00:12:20 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-26 00:11:18 76208 ----a-w- c:\windows\system32\FwsVpn.dll
2012-03-26 00:11:18 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS
2012-03-26 00:11:18 241584 ----a-w- c:\windows\system32\SymVPN.dll
2012-03-17 21:46:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-14 16:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
============= FINISH: 20:29:29.59 ===============

My attach log is as follows:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/1/2010 3:14:57 AM
System Uptime: 5/10/2012 8:10:25 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 1005HA
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1599/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 120.217 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP364: 2/10/2012 6:27:05 PM - System Checkpoint
RP365: 2/11/2012 8:47:20 PM - System Checkpoint
RP366: 2/13/2012 7:46:48 PM - System Checkpoint
RP367: 2/14/2012 9:04:45 PM - Software Distribution Service 3.0
RP368: 2/15/2012 8:25:17 PM - Software Distribution Service 3.0
RP369: 2/16/2012 8:47:11 PM - System Checkpoint
RP370: 2/18/2012 11:01:04 AM - System Checkpoint
RP371: 2/19/2012 11:18:59 AM - System Checkpoint
RP372: 2/20/2012 5:55:18 PM - System Checkpoint
RP373: 2/23/2012 6:45:11 PM - System Checkpoint
RP374: 2/28/2012 8:19:57 PM - System Checkpoint
RP375: 3/2/2012 8:30:25 PM - System Checkpoint
RP376: 3/4/2012 9:37:18 AM - System Checkpoint
RP377: 3/6/2012 6:10:38 PM - System Checkpoint
RP378: 3/7/2012 5:00:35 AM - Software Distribution Service 3.0
RP379: 3/10/2012 10:09:15 AM - System Checkpoint
RP380: 3/11/2012 4:54:23 PM - System Checkpoint
RP381: 3/12/2012 8:27:07 PM - System Checkpoint
RP382: 3/13/2012 8:47:00 PM - Software Distribution Service 3.0
RP383: 3/15/2012 5:33:58 PM - System Checkpoint
RP384: 3/16/2012 5:47:53 PM - System Checkpoint
RP385: 3/18/2012 10:50:02 AM - System Checkpoint
RP386: 3/19/2012 6:10:06 PM - System Checkpoint
RP387: 3/21/2012 8:38:01 PM - System Checkpoint
RP388: 3/23/2012 1:52:20 AM - System Checkpoint
RP389: 3/24/2012 9:49:36 AM - System Checkpoint
RP390: 3/25/2012 11:24:57 AM - Installed HiJackThis
RP391: 3/25/2012 3:22:37 PM - Restore Operation
RP392: 3/25/2012 5:14:42 PM - Removed WebMinds Toolbar.
RP393: 3/25/2012 6:22:12 PM - Installed Symantec Endpoint Protection.
RP394: 3/25/2012 6:48:45 PM - Removed Symantec Endpoint Protection.
RP395: 3/25/2012 6:51:37 PM - Removed LiveUpdate.
RP396: 3/25/2012 8:08:38 PM - Installed Symantec Endpoint Protection.
RP397: 3/25/2012 8:10:42 PM - Installed Symantec Endpoint Protection.
RP398: 3/28/2012 7:18:28 PM - System Checkpoint
RP399: 3/30/2012 9:38:54 PM - System Checkpoint
RP400: 4/1/2012 12:26:39 PM - System Checkpoint
RP401: 4/2/2012 8:11:33 PM - System Checkpoint
RP402: 4/4/2012 6:44:57 PM - System Checkpoint
RP403: 4/7/2012 9:44:00 AM - System Checkpoint
RP404: 4/8/2012 10:16:23 AM - System Checkpoint
RP405: 4/11/2012 4:56:16 AM - Software Distribution Service 3.0
RP406: 4/12/2012 6:15:51 PM - System Checkpoint
RP407: 4/14/2012 9:10:35 AM - System Checkpoint
RP408: 4/15/2012 10:36:15 AM - System Checkpoint
RP409: 4/17/2012 1:26:12 PM - System Checkpoint
RP410: 4/19/2012 3:56:44 AM - System Checkpoint
RP411: 4/20/2012 6:58:32 AM - System Checkpoint
RP412: 4/20/2012 9:11:51 PM - Installed PDF2Office Personal v4.0 - Trial
RP413: 4/20/2012 9:16:10 PM - Configured PDF2Office Personal v4.0 - Trial
RP414: 4/21/2012 9:57:45 AM - Removed PDF2Office Personal v4.0 - Trial
RP415: 4/24/2012 9:19:33 PM - System Checkpoint
RP416: 4/26/2012 3:38:51 PM - System Checkpoint
RP417: 4/28/2012 12:11:29 PM - System Checkpoint
RP418: 4/29/2012 2:07:58 PM - System Checkpoint
RP419: 4/30/2012 6:14:10 PM - System Checkpoint
RP420: 5/2/2012 4:27:07 PM - System Checkpoint
RP421: 5/4/2012 6:06:54 PM - System Checkpoint
RP422: 5/6/2012 9:19:16 AM - System Checkpoint
RP423: 5/9/2012 10:23:29 AM - System Checkpoint
RP424: 5/10/2012 7:53:32 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.2 MUI
AGFA IMPAX Client 6.3.1.7001
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asus ACPI Driver
ASUS USB2.0 UVC VGA WebCam
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bing Rewards Client Installer
Bonjour
Citrix online plug-in (SSON)
Citrix online plug-in (Web)
Citrix Online Plug-in v12.1.0.30
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Data Sync
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Eee Docking 1.3.10.0
EeeSplendid
EzMessenger
FontResizer
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Officejet 6500 E710n-z Product Improvement Study
HP Update
I.R.I.S. OCR
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Juniper Networks Cache Cleaner 6.5.0
Juniper Networks Network Connect 6.5.0
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Junk Mail filter update
Marketsplash Shortcuts
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSVCRT
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype web features
Skype™ 4.2
Super Hybrid Engine
Symantec Endpoint Protection
Synapse Workstation
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
USB2.0 UVC Camera Device
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Install Manager
.
==== Event Viewer Messages From Past Week ========
.
5/6/2012 10:50:04 AM, error: Dhcp [1002] - The IP address lease 140.182.65.133 for the Network Card with network address 00FF08D51686 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
5/3/2012 8:35:41 PM, error: Dhcp [1002] - The IP address lease 140.182.65.62 for the Network Card with network address 00FF88940786 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).
5/10/2012 7:06:03 AM, error: PCTCore [280] -
.
==== End Of File ===========================
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm
Advertisement
Register to Remove

Re: Google/Bing redirect virus help

Unread postby pgmigg » May 11th, 2012, 10:55 am

Hello mabbitt616,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3188
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google/Bing redirect virus help

Unread postby pgmigg » May 11th, 2012, 11:25 am

Hello mabbitt616,

Please tell me, is this computer used for business purposes or connected to any business or educational networks?
I need to know it - so I can provide the proper instructions.

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3188
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google/Bing redirect virus help

Unread postby mabbitt616 » May 11th, 2012, 12:04 pm

This computer is my personal home computer. I do have a few applications on there for work (which aren't vital), but really don't use it for work that often.
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm

Re: Google/Bing redirect virus help

Unread postby pgmigg » May 11th, 2012, 1:43 pm

Thank you mabbitt616,

Step 1.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS/TDL variants.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Step 2.
Run aswMBR scanner
Please download aswMBR and save it to your Desktop.
  1. Double click aswMBR.exe to run it.
  2. Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  3. With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  4. After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  5. Click OK > Exit.
  6. Note: Do not attempt to fix anything at this stage!
  7. Two files will be created, aswMBR.txt & a file named MBR.dat.
  8. MBR.dat is a backup of the MBR(master boot record), do not delete it..
  9. I strongly suggest you keep a copy of this backup stored on an external device.
  10. Copy & Paste the contents of aswMBR.txt into your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of TDSSKiller report file.
  3. Contents of scan results from aswMBR.txt file.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3188
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google/Bing redirect virus help

Unread postby mabbitt616 » May 12th, 2012, 10:04 am

pgmigg,

I had no problems executing the instructions.

The TDSSKiller came back with nothing found.

The aswMBR.txt log is as follows:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-12 09:22:37
-----------------------------
09:22:37.140 OS Version: Windows 5.1.2600 Service Pack 3
09:22:37.140 Number of processors: 2 586 0x1C02
09:22:37.140 ComputerName: ABBOTT UserName:
09:22:37.921 Initialize success
09:34:45.062 AVAST engine defs: 12051200
09:35:04.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:35:04.890 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 3
09:35:04.953 Disk 0 MBR read successfully
09:35:04.968 Disk 0 MBR scan
09:35:05.078 Disk 0 Windows XP default MBR code
09:35:05.093 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 147581 MB offset 63
09:35:05.156 Disk 0 Partition 2 00 1C Hidd FAT32 LBA MSDOS5.0 5004 MB offset 302246910
09:35:05.187 Disk 0 Partition 3 00 EF EFI FAT A1311 39 MB offset 312496380
09:35:05.218 Disk 0 scanning sectors +312576705
09:35:05.312 Disk 0 scanning C:\WINDOWS\system32\drivers
09:35:23.234 Service scanning
09:35:58.343 Modules scanning
09:36:11.000 Disk 0 trace - called modules:
09:36:11.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
09:36:11.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867ba440]
09:36:11.125 3 CLASSPNP.SYS[f7588fd7] -> nt!IofCallDriver -> \Device\00000075[0x867bacc8]
09:36:11.140 5 ACPI.sys[f741f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86d76028]
09:36:12.218 AVAST engine scan C:\WINDOWS
09:36:36.781 AVAST engine scan C:\WINDOWS\system32
09:42:11.390 AVAST engine scan C:\WINDOWS\system32\drivers
09:42:37.578 AVAST engine scan C:\Documents and Settings\Matthew Abbott
09:44:09.171 File: C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\rlrjomrye.dll **INFECTED** Win32:Sefnit-GU [Drp]
09:44:09.515 File: C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll **INFECTED** Win32:Sefnit-GU [Drp]
09:49:47.468 File: C:\Documents and Settings\Matthew Abbott\Local Settings\Temp\nswF.tmp\rlrjomrye.dll **INFECTED** Win32:Sefnit-GU [Drp]
09:49:48.156 File: C:\Documents and Settings\Matthew Abbott\Local Settings\Temp\nswF.tmp\yxuoo.dll **INFECTED** Win32:Sefnit-GU [Drp]
09:54:06.796 AVAST engine scan C:\Documents and Settings\All Users
10:01:07.062 Scan finished successfully
10:01:47.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Matthew Abbott\Desktop\MBR.dat"
10:01:47.281 The log file has been saved successfully to "C:\Documents and Settings\Matthew Abbott\Desktop\aswMBR.txt"

Thanks,

mabbitt616
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm

Re: Google/Bing redirect virus help

Unread postby pgmigg » May 12th, 2012, 4:23 pm

Hello mabbitt616,

Good job! :) Let continue...

Download and Run ComboFix
  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of ComboFix.txt report file.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3188
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google/Bing redirect virus help

Unread postby mabbitt616 » May 12th, 2012, 6:45 pm

pgmigg,

I had no problems running Combofix

The log reads as follows:

ComboFix 12-05-12.01 - Matthew Abbott 05/12/2012 17:08:05.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.331 [GMT -4:00]
Running from: c:\documents and settings\Matthew Abbott\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\rlrjomrye.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-12 13:40 . 2012-05-12 13:40 -------- d-----w- c:\windows\LastGood
2012-05-10 12:19 . 2012-05-10 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-05-10 11:08 . 2012-05-10 11:08 -------- d-----w- c:\documents and settings\Matthew Abbott\Local Settings\Application Data\Threat Expert
2012-05-10 02:00 . 2012-05-10 02:00 -------- d-----w- c:\program files\PC Tools
2012-05-10 01:08 . 2012-05-11 00:11 -------- d-----w- c:\program files\Common Files\PC Tools
2012-05-10 01:08 . 2012-04-23 18:17 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-05-10 01:06 . 2012-05-10 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-05-10 01:06 . 2012-05-10 01:06 -------- d-----w- c:\documents and settings\Matthew Abbott\Application Data\TestApp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-26 00:12 . 2010-05-31 22:41 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-26 00:12 . 2010-05-31 22:41 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-26 00:11 . 2012-03-26 00:11 76208 ----a-w- c:\windows\system32\FwsVpn.dll
2012-03-26 00:11 . 2012-03-26 00:11 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS
2012-03-26 00:11 . 2009-09-17 22:30 241584 ----a-w- c:\windows\system32\SymVPN.dll
2012-03-17 21:46 . 2012-03-17 21:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2010-01-07 00:08 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2010-01-07 00:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2010-01-07 00:08 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2010-01-07 00:08 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2010-01-07 00:08 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2010-01-07 00:08 385024 ----a-w- c:\windows\system32\html.iec
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-09 401072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-12-12 994216]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-09 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"EeeSplendidAgent"="c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe" [2009-12-29 104960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"FujiSynapseBridge"="c:\program files\Fuji Medical System\Synapse\Workstation\FujiSynapseBridge.exe" [2010-10-22 243072]
"Synapse URLSearchHook Configuration"="c:\progra~1\FUJIME~1\Synapse\WORKST~1\FujiFld.dll" [2010-10-22 3904896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
.
c:\documents and settings\Matthew Abbott\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\snac.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\WINWORD.EXE"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys [7/16/2011 7:48 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys [8/27/2011 7:48 PM 758904]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [5/31/2010 6:25 PM 11448]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx86.sys [5/9/2012 10:22 PM 821880]
R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [6/17/2011 8:29 AM 85288]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys [9/13/2011 7:46 PM 137336]
R2 PACS Client Updater;PACS Client Updater;c:\program files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe [4/15/2010 3:34 PM 24576]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [9/20/2011 11:58 PM 137224]
R2 SynapseUpdateSvc;Synapse Update Manager;c:\program files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe [10/22/2010 4:49 PM 199680]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [5/10/2012 8:00 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120511.001\IDSXpx86.sys [5/12/2012 10:12 AM 356792]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/28/2009 2:40 AM 38912]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2010 7:40 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/7/2010 2:18 PM 1684736]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2012 5:00 AM 106104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2010 7:40 PM 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [1/7/2010 2:30 PM 39040]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 90997824
*NewlyCreated* - ASWMBR
*Deregistered* - 90997824
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-05-12 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-05-11 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-05-09 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-04-29 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 23:39]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 23:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
DPF: {1FBD11EF-1260-11D1-87A7-444553540001} - Local
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Adobe - c:\documents and settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\rlrjomrye.dll
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKU-Default-Run-Adobe - c:\documents and settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\rlrjomrye.dll
Notify-SEP - c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
SafeBoot-Symantec Antivirus
SafeBoot-Symantec Antvirus
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-12 17:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SPBBCDrv]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\program files\Citrix\ICA Client\pnsson.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-05-12 17:34:45
ComboFix-quarantined-files.txt 2012-05-12 21:34
.
Pre-Run: 129,116,364,800 bytes free
Post-Run: 131,213,291,520 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5A91DA3AE05FAAE136A375CCB0985057
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm

Re: Google/Bing redirect virus help

Unread postby pgmigg » May 13th, 2012, 12:05 am

Hello mabbitt616,

Step 1.
Add/Remove Programs
I need you to uninstall one program from your computer.
  1. Click Start -> Run.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. Click the OK. It takes a few seconds for the program list to be populated.
  4. Locate the following program:
    Coupon Printer for Windows
  5. Press the "Remove" or "Change/Remove" button to uninstall the program.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Don't worry if you can not find all programs from the list - some may not have an uninstall feature or may have been removed in previous steps.
  6. When finished, close/exit Add/Remove Programs.

Step 2.
ComboFix - CFScript
You should still have ComboFix.exe on your desktop.
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below into the window:
    Code: Select all
    KILLALL::
    
    File::
    C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll
    
    DDS::
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
    
  2. Save it to your Desktop as CFScript.txt
  3. Please disable any Antivirus and Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon, as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... You can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

Step 3.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of ComboFix log file after run of ComboFix script
  3. Contents of scan results from C:\Program Files\ESET\EsetOnlineScanner\log.txt file.
  4. Please tell me about current status of Google/Bing redirection.
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3188
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google/Bing redirect virus help

Unread postby mabbitt616 » May 13th, 2012, 12:52 pm

pgmigg,

Was able to execute everything without any problems.

My google/bing searches aren't redirecting anymore.

I somehow lost the logifle to ESET...but these were the 4 items that were fix/deleted:

C:\System Volume Information\_restore{D381B82D-B18D-48EB-B0CA-2AC064E0E1C1}\RP391\A0123876.dll a variant of Win32/Adware.AntiMalwarePro.AD application
C:\System Volume Information\_restore{D381B82D-B18D-48EB-B0CA-2AC064E0E1C1}\RP391\A0123877.exe a variant of Win32/Adware.PCFresher.A application
C:\System Volume Information\_restore{D381B82D-B18D-48EB-B0CA-2AC064E0E1C1}\RP392\A0123891.exe multiple threats
C:\TDSSKiller_Quarantine\25.03.2012_17.06.37\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KS trojan


My Combofix logfile is:
ComboFix 12-05-12.01 - Matthew Abbott 05/13/2012 8:27.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.293 [GMT -4:00]
Running from: c:\documents and settings\Matthew Abbott\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Matthew Abbott\Desktop\cfscript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
FILE ::
"c:\documents and settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))
.
.
2012-05-10 12:19 . 2012-05-10 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-05-10 11:08 . 2012-05-10 11:08 -------- d-----w- c:\documents and settings\Matthew Abbott\Local Settings\Application Data\Threat Expert
2012-05-10 02:00 . 2012-05-10 02:00 -------- d-----w- c:\program files\PC Tools
2012-05-10 01:08 . 2012-05-11 00:11 -------- d-----w- c:\program files\Common Files\PC Tools
2012-05-10 01:08 . 2012-04-23 18:17 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-05-10 01:06 . 2012-05-10 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-05-10 01:06 . 2012-05-10 01:06 -------- d-----w- c:\documents and settings\Matthew Abbott\Application Data\TestApp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:14 . 2008-04-14 00:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2010-01-07 00:08 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-26 00:12 . 2010-05-31 22:41 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-26 00:12 . 2010-05-31 22:41 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-26 00:11 . 2012-03-26 00:11 76208 ----a-w- c:\windows\system32\FwsVpn.dll
2012-03-26 00:11 . 2012-03-26 00:11 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS
2012-03-26 00:11 . 2009-09-17 22:30 241584 ----a-w- c:\windows\system32\SymVPN.dll
2012-03-17 21:46 . 2012-03-17 21:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2010-01-07 00:08 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2010-01-07 00:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2010-01-07 00:08 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2010-01-07 00:08 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2010-01-07 00:08 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2010-01-07 00:08 385024 ----a-w- c:\windows\system32\html.iec
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-12_21.30.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2012-05-13 12:40 . 2012-05-13 12:40 16384 c:\windows\Temp\Perflib_Perfdata_290.dat
+ 2012-05-13 12:40 . 2012-05-13 12:40 16384 c:\windows\Temp\Perflib_Perfdata_110.dat
- 2010-01-07 00:08 . 2012-04-11 09:17 73120 c:\windows\system32\perfc009.dat
+ 2010-01-07 00:08 . 2012-05-13 01:43 73120 c:\windows\system32\perfc009.dat
+ 2012-05-13 01:35 . 2012-05-13 01:35 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2012-03-07 10:02 . 2012-03-07 10:02 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2010-06-01 08:44 . 2012-05-13 01:54 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-06-01 08:44 . 2012-04-11 09:23 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-06-01 08:44 . 2012-04-11 09:23 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2010-06-01 08:44 . 2012-05-13 01:54 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2010-06-01 08:44 . 2012-05-13 01:54 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-06-01 08:44 . 2012-04-11 09:23 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2012-03-07 10:03 . 2012-03-07 10:03 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-05-13 01:53 . 2012-05-13 01:53 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-11-14 15:37 . 2012-02-16 01:26 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-11-14 15:37 . 2012-05-13 01:28 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-05-13 12:00 . 2012-05-13 12:00 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\4fd801d15ea9fa51e3a280c3a71e6e15\WindowsLiveWriter.ni.exe
+ 2012-05-13 12:02 . 2012-05-13 12:02 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ec9e3550864119e8adf9c3598be7f0f4\WindowsLive.Writer.Api.ni.dll
+ 2012-05-13 01:52 . 2012-05-13 01:52 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
+ 2012-05-13 12:06 . 2012-05-13 12:06 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\7aac1fe67890463655aeeb3b8e4f2884\System.Web.DynamicData.Design.ni.dll
+ 2012-05-13 12:03 . 2012-05-13 12:03 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-13 12:03 . 2012-05-13 12:03 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\7bb7e51275fa19f8b4894c772bdb1e10\System.AddIn.Contract.ni.dll
+ 2012-05-13 01:47 . 2012-05-13 01:47 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f0c4a4528f130ef2ff1ae63dd7b39075\PresentationFontCache.ni.exe
+ 2012-05-13 01:45 . 2012-05-13 01:45 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\53931181e5a5e194da82605613cda6af\PresentationCFFRasterizer.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2be3ad4cda6853d7959a84cec0414c5\Microsoft.Vsa.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f00a18225430e7531135589688d650a1\Microsoft.VisualC.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\2d6d833e8b201c5f11892ea32fe62676\Microsoft.Office.InfoPath.Permission.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8fab9cd28bbc860a34feec119512664d\Microsoft.Build.Framework.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0eac132c7c36f1c100ae23c956b379e7\Microsoft.Build.Framework.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\ipdmctrl\4ed28c35596431dc4ee9602bd59525eb\ipdmctrl.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\d66bc03eb7eae89b4dde2d09eda1414f\dfsvc.ni.exe
+ 2012-05-13 12:00 . 2012-05-13 12:00 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-04-11 09:15 . 2012-04-11 09:15 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-11 09:16 . 2012-04-11 09:16 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-11 09:16 . 2012-04-11 09:16 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2012-04-06 03:13 . 2012-04-06 03:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
- 2010-01-07 00:08 . 2012-04-11 09:17 445394 c:\windows\system32\perfh009.dat
+ 2010-01-07 00:08 . 2012-05-13 01:43 445394 c:\windows\system32\perfh009.dat
+ 2010-01-06 17:14 . 2012-05-13 11:47 343424 c:\windows\system32\FNTCACHE.DAT
- 2010-01-06 17:14 . 2012-03-14 08:41 343424 c:\windows\system32\FNTCACHE.DAT
+ 2012-04-06 03:52 . 2012-04-06 03:52 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 989968 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-12-22 20:50 . 2011-12-22 20:50 256000 c:\windows\Installer\2a473de.msp
+ 2012-05-13 01:44 . 2012-05-13 01:44 223744 c:\windows\Installer\2a473d8.msi
+ 2010-06-01 08:44 . 2012-05-13 01:54 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2010-06-01 08:44 . 2012-04-11 09:23 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2010-06-01 08:44 . 2012-04-11 09:23 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-06-01 08:44 . 2012-05-13 01:54 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-06-01 08:44 . 2012-05-13 01:54 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-06-01 08:44 . 2012-04-11 09:23 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-06-01 08:44 . 2012-04-11 09:23 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-06-01 08:44 . 2012-05-13 01:54 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-06-01 08:44 . 2012-05-13 01:54 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2010-06-01 08:44 . 2012-04-11 09:23 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-06-01 08:44 . 2012-05-13 01:54 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
- 2010-06-01 08:44 . 2012-04-11 09:23 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2012-05-13 12:00 . 2012-05-13 12:00 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ac4fc3032c19946f9b2729468888206d\WsatConfig.ni.exe
+ 2012-05-13 12:02 . 2012-05-13 12:02 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\ffcbd1b10a2b1e72ec45146b56194697\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ed3026b35b8023b4aeb39f98a8db596a\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2012-05-13 12:00 . 2012-05-13 12:00 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e78767f10ba04fa607baf0b3220556c2\WindowsLive.Writer.Controls.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\def6dc0383d1108f031e86dec829bf19\WindowsLive.Writer.Localization.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d578d9de1ebd47410d2da415679bbe3c\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bb1b114a2298df4a6ca7fd4d445d00a8\WindowsLive.Writer.Passport.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b08cc6da1c8f4c337f4b89cbf04e54ff\WindowsLive.Writer.Interop.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a6f86fae58dff1bb7b77354b1117fe59\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\86b6613c7cd798b29ae5961870da6402\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6b29c35741f5734d5f983701f6c1f0c0\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6b0a1e7ec92ac45744d3fb1d0c7531df\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6a2271f8cea0db011e763111a9f3ea58\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\376043404c45ca22eec6ca2070b5f91d\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\29e8f27943707613416f76a0357c8f41\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\16cc6a9a61d4d1d8e62e24c0b21cad66\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\111e4b937b4efd6716807585a9ce9b4e\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\837980c4cccaff232af06eed8297459f\WindowsLive.Client.ni.dll
+ 2012-05-13 01:52 . 2012-05-13 01:52 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6198de2c5b8f7d89404c2ba39d69ae56\WindowsFormsIntegration.ni.dll
+ 2012-05-13 01:52 . 2012-05-13 01:52 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\be27ab5913cec2b292a019c2a13ec701\UIAutomationTypes.ni.dll
+ 2012-05-13 01:52 . 2012-05-13 01:52 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\04e5e2be34a70ee7f4c87550238095a0\UIAutomationClient.ni.dll
+ 2012-05-13 12:06 . 2012-05-13 12:06 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8bffbaa5d5abe40674d0bc124dfe8622\System.Web.Routing.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c7765c10516d375e9ddedad2dbab848\System.Web.RegularExpressions.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a7908debe80c209b599529685a159fa0\System.Web.Extensions.Design.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\44ecb9f7be54a2ba46e6102d343e2e7e\System.Web.Entity.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fee8237aa2daa36e48aec379ee642422\System.Web.Entity.Design.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\40d90d2c1484164b786067320ce778f4\System.Web.DynamicData.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6b4ce8cf2c3307b75ea7ebe77258bb26\System.Web.Abstractions.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4a9eb43005a041959ddc5c7e586ab746\System.Net.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\3182a049ba953010dec649cf290a9e90\System.Management.Instrumentation.ni.dll
+ 2012-05-13 01:54 . 2012-05-13 01:54 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8991f21d4b3676bf6f779110db8d4ac9\System.IO.Log.ni.dll
+ 2012-05-13 12:00 . 2012-05-13 12:00 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
+ 2012-05-13 01:50 . 2012-05-13 01:50 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\88aa4f80c7e5ac25f06f8950e42a1678\System.Drawing.Design.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ca484772955bc4db03b5dcb611c09423\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ba5e68dddfd3279a8469d39eded48f3\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a0109fce606a3110a5e7f9a4773f517e\System.Data.Services.Design.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3a68d0441f509ffa6f8f0fb9cfcc5780\System.Data.Services.Client.ni.dll
+ 2012-05-13 12:04 . 2012-05-13 12:04 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04440b3dd5d822da4973a525ee04b05d\System.Data.Entity.Design.ni.dll
+ 2012-05-13 12:03 . 2012-05-13 12:03 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\7bbb5d9e3b161b4d4b968e590442d3ae\System.Data.DataSetExtensions.ni.dll
+ 2012-05-13 12:00 . 2012-05-13 12:00 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\bf7d6af03e1230ccad546a8659245ae9\System.Configuration.Install.ni.dll
+ 2012-05-13 12:03 . 2012-05-13 12:03 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
+ 2012-05-13 12:00 . 2012-05-13 12:00 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6762f1ee780fa9c0b4ef66b285c64844\SMSvcHost.ni.exe
+ 2012-05-13 12:00 . 2012-05-13 12:00 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
+ 2012-05-13 12:00 . 2012-05-13 12:00 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\47ed5bc9f42ea0054ce9acfde5e640b8\ServiceModelReg.ni.exe
+ 2012-05-13 01:48 . 2012-05-13 01:48 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a4706b850df9a3483f2fc439b6abe616\PresentationFramework.Royale.ni.dll
+ 2012-05-13 01:48 . 2012-05-13 01:48 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
+ 2012-05-13 01:48 . 2012-05-13 01:48 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
+ 2012-05-13 01:48 . 2012-05-13 01:48 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\186c27fbd7b38b5551889274f6fa2ccd\PresentationFramework.Aero.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5a121969a115d11b6256eb960c145686\MSBuild.ni.exe
+ 2012-05-13 12:00 . 2012-05-13 12:00 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\97c613d3899b320a6765793bdf490272\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 375808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\de8ce5d8886580a5c60b65258fded078\Microsoft.Office.Interop.InfoPath.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 206848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\bf4377a61157c724bf5fce35fa21957e\Microsoft.Office.InfoPath.Client.Internal.Host.Interop.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 114688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\795f3e690c670c944e8333d11659fa73\Microsoft.Office.InfoPath.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dec22fb7d6b8929a41380e5359741a07\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1009b31c86a1b798fffa9e0127cec29c\Microsoft.Build.Utilities.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\21d88631ef629715d3eecdd08e62e0b8\Microsoft.Build.Engine.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a0f38c6478cca8297fb160291346c1c9\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
+ 2012-05-13 12:00 . 2012-05-13 12:00 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\9869c02d18825fdd32e64135a3e7246b\ComSvcConfig.ni.exe
+ 2012-05-13 12:00 . 2012-05-13 12:00 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e414683ec4cff1cac0c77aaefd67144e\AspNetMMCExt.ni.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-05 06:04 . 2010-06-05 06:04 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-13 01:51 . 2012-05-13 01:51 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-13 01:33 . 2012-05-13 01:33 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-04-11 09:15 . 2012-04-11 09:15 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-05 06:03 . 2010-06-05 06:03 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-13 01:33 . 2012-05-13 01:33 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-05-12 13:52 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2010-01-07 00:08 . 2012-04-11 13:12 1862272 c:\windows\system32\dllcache\win32k.sys
+ 2010-01-07 19:10 . 2012-04-11 13:10 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-01-07 19:10 . 2012-04-11 12:35 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 03:02 . 2012-04-11 12:35 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2010-01-07 19:10 . 2012-04-11 13:14 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2011-10-26 08:39 . 2011-10-26 08:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 5913360 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-07-07 09:18 . 2011-07-07 09:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-04-23 14:32 . 2012-04-23 14:32 3460096 c:\windows\Installer\2a47403.msp
+ 2012-04-05 02:38 . 2012-04-05 02:38 2831360 c:\windows\Installer\2a473ed.msp
+ 2012-03-07 18:50 . 2012-03-07 18:50 1904128 c:\windows\Installer\2a473c4.msp
+ 2012-04-05 02:38 . 2012-04-05 02:38 3620864 c:\windows\Installer\2a473aa.msp
+ 2012-04-29 01:43 . 2012-04-29 01:43 8459264 c:\windows\Installer\2a47378.msp
+ 2012-03-15 17:12 . 2012-03-15 17:12 4968960 c:\windows\Installer\2a47370.msp
+ 2012-03-15 17:11 . 2012-03-15 17:11 1989632 c:\windows\Installer\2a47342.msp
- 2010-06-01 08:44 . 2012-04-11 09:23 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-06-01 08:44 . 2012-05-13 01:54 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-06-01 08:44 . 2012-05-13 01:54 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-06-01 08:44 . 2012-04-11 09:23 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-06-01 08:44 . 2012-04-11 09:23 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-06-01 08:44 . 2012-05-13 01:54 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-06-01 08:44 . 2012-05-13 01:54 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2010-06-01 08:44 . 2012-04-11 09:23 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-02-25 00:23 . 2011-02-25 00:23 1650032 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OGL.DLL
+ 2011-03-17 05:22 . 2011-03-17 05:22 4301184 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\GRAPH.EXE
+ 2011-08-17 14:49 . 2011-08-17 14:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2010-01-07 19:10 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-01-07 19:10 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 03:02 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-01-07 19:10 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-05-13 12:00 . 2012-05-13 12:00 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d6706ef8d348d132e6cffd1581927557\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7777d5a762f07682544c289f2cf980d6\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\03f470f9f47f88e7cf905f2af5b68182\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-05-13 01:46 . 2012-05-13 01:46 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
+ 2012-05-13 01:52 . 2012-05-13 01:52 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41a81b97625c113b591ed082c95276e2\UIAutomationClientsideProviders.ni.dll
+ 2012-05-13 01:45 . 2012-05-13 01:45 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
+ 2012-05-13 01:51 . 2012-05-13 01:51 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
+ 2012-05-13 12:06 . 2012-05-13 12:06 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\33fa6a2055bf857bff2e31020279b5e9\System.WorkflowServices.ni.dll
+ 2012-05-13 12:06 . 2012-05-13 12:06 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5eccf6fef6bee8a2f93bc65ff33699bb\System.Workflow.Runtime.ni.dll
+ 2012-05-13 12:06 . 2012-05-13 12:06 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\62bd2e1bf98b04ceca2102c8f54aab9d\System.Workflow.ComponentModel.ni.dll
+ 2012-05-13 12:06 . 2012-05-13 12:06 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\8215548b3d4aabbaa0557ab747700778\System.Workflow.Activities.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3e11aea7d742b5eddbd0b6bd1012f7df\System.Web.Services.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\ff995dde9cd34ff1e8ac7ab55fc92d32\System.Web.Mobile.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8899d1091e64a4d0b6ae69060197091a\System.Web.Extensions.ni.dll
+ 2012-05-13 01:50 . 2012-05-13 01:50 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5efb50c91f3c5e49be2079f625d933b7\System.Speech.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
+ 2012-05-13 01:54 . 2012-05-13 01:54 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
+ 2012-05-13 01:50 . 2012-05-13 01:50 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\1d6707a5a9da16c1d1b88529837884d6\System.Printing.ni.dll
+ 2012-05-13 01:54 . 2012-05-13 01:54 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
+ 2012-05-13 01:50 . 2012-05-13 01:50 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b55887436d2cfbe1fb32dd18d554185b\System.DirectoryServices.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\832196527f0497078f085eaf9189265f\System.Deployment.ni.dll
+ 2012-05-13 01:49 . 2012-05-13 01:49 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de7666b1cd0a1bc363726c9553dc39c\System.Data.Services.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\7afb1abdbb8ba32cf578ff8ea4e45d99\System.Data.OracleClient.ni.dll
+ 2012-05-13 01:49 . 2012-05-13 01:49 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll
+ 2012-05-13 12:04 . 2012-05-13 12:04 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\772c94f595cd87b7fa187d592ef46fcf\System.Data.Entity.ni.dll
+ 2012-05-13 01:49 . 2012-05-13 01:49 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
+ 2012-05-13 01:48 . 2012-05-13 01:48 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\2ecefd16184a78f19aaf0f02cc0a7e1f\ReachFramework.ni.dll
+ 2012-05-13 01:48 . 2012-05-13 01:48 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\51204805c71113e0db2103faa064b313\PresentationUI.ni.dll
+ 2012-05-13 01:45 . 2012-05-13 01:45 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\8c509044eea2ab22689ea43926b30108\PresentationBuildTasks.ni.dll
+ 2012-05-13 12:03 . 2012-05-13 12:03 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll
+ 2012-05-13 12:00 . 2012-05-13 12:00 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42145ebf75f77cabad442f0801a81c64\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-13 12:03 . 2012-05-13 12:03 1184256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\76f680454c0930b060727da8b8d21e38\Microsoft.Office.Interop.InfoPath.SemiTrust.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 1787904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\7044c24e05b16c5b46398e4086dc8b58\Microsoft.Office.InfoPath.Client.Internal.Host.ni.dll
+ 2012-05-13 12:05 . 2012-05-13 12:05 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\cfe15312373b4668398404b5822bab7d\Microsoft.JScript.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f3fcd65eca42d13b746cf3f5bd993ee0\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2091903cd9b359e96f05ac2d6d25ef4e\Microsoft.Build.Tasks.ni.dll
+ 2012-05-13 12:02 . 2012-05-13 12:02 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5aa63a1cb41e3a5e1e8ed17072e60ec3\Microsoft.Build.Engine.ni.dll
+ 2012-05-13 01:33 . 2012-05-13 01:33 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2010-06-23 19:36 . 2010-06-23 19:36 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-05-13 01:33 . 2012-05-13 01:33 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-04-11 09:15 . 2012-04-11 09:15 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-05-13 01:42 . 2012-05-13 01:42 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-13 01:33 . 2012-05-13 01:33 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-05-13 01:43 . 2012-05-13 01:43 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-11 09:16 . 2012-04-11 09:16 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-11-14 15:58 . 2012-05-13 01:44 55656824 c:\windows\system32\MRT.exe
+ 2012-04-06 06:12 . 2012-04-06 06:12 15709696 c:\windows\Installer\2a473e5.msp
+ 2012-01-04 06:25 . 2012-01-04 06:25 17751552 c:\windows\Installer\2a473d1.msp
+ 2012-03-15 17:09 . 2012-03-15 17:09 17165312 c:\windows\Installer\2a473a2.msp
+ 2012-04-06 07:13 . 2012-04-06 07:13 16527872 c:\windows\Installer\2a47384.msp
+ 2012-03-15 17:11 . 2012-03-15 17:11 66812928 c:\windows\Installer\2a47359.msp
+ 2012-05-13 01:26 . 2012-05-13 01:26 20343808 c:\windows\Installer\2a4732d.msp
+ 2012-05-13 01:51 . 2012-05-13 01:51 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
+ 2012-05-13 12:01 . 2012-05-13 12:01 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
+ 2012-05-13 12:00 . 2012-05-13 12:00 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
+ 2012-05-13 01:50 . 2012-05-13 01:50 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a9256d2ad7e4be2bbb4e9b18c3997b84\System.Design.ni.dll
+ 2012-05-13 01:48 . 2012-05-13 01:48 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5b8ff47c1db373a2a4c638ca31988bd2\PresentationFramework.ni.dll
+ 2012-05-13 01:46 . 2012-05-13 01:46 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\4eb3cd1f1d5a83617524a9dfb96a657d\PresentationCore.ni.dll
+ 2012-05-13 01:44 . 2012-05-13 01:45 11492352 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-09 401072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-12-12 994216]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-09 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"EeeSplendidAgent"="c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe" [2009-12-29 104960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"FujiSynapseBridge"="c:\program files\Fuji Medical System\Synapse\Workstation\FujiSynapseBridge.exe" [2010-10-22 243072]
"Synapse URLSearchHook Configuration"="c:\progra~1\FUJIME~1\Synapse\WORKST~1\FujiFld.dll" [2010-10-22 3904896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
.
c:\documents and settings\Matthew Abbott\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-1-7 385024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\snac.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\WINWORD.EXE"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys [7/16/2011 7:48 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys [8/27/2011 7:48 PM 758904]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [5/31/2010 6:25 PM 11448]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx86.sys [5/9/2012 10:22 PM 821880]
R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [6/17/2011 8:29 AM 85288]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys [9/13/2011 7:46 PM 137336]
R2 PACS Client Updater;PACS Client Updater;c:\program files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe [4/15/2010 3:34 PM 24576]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [9/20/2011 11:58 PM 137224]
R2 SynapseUpdateSvc;Synapse Update Manager;c:\program files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe [10/22/2010 4:49 PM 199680]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120511.001\IDSXpx86.sys [5/12/2012 10:12 AM 356792]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/28/2009 2:40 AM 38912]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2010 7:40 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/7/2010 2:18 PM 1684736]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]
S3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [5/10/2012 8:00 PM 106104]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2012 5:00 AM 106104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2010 7:40 PM 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [1/7/2010 2:30 PM 39040]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-05-12 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-05-13 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-05-09 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-04-29 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 23:39]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 23:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
DPF: {1FBD11EF-1260-11D1-87A7-444553540001} - Local
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-13 08:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SPBBCDrv]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\program files\Citrix\ICA Client\pnsson.dll
.
- - - - - - - > 'explorer.exe'(300)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\Fuji Medical System\Synapse\Workstation\FujiFld.dll
c:\progra~1\FUJIME~1\Synapse\WORKST~1\FujiFldR.dll
c:\program files\Fuji Medical System\Synapse\Workstation\DBCmds.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\RTHDCPL.EXE
c:\program files\Citrix\ICA Client\WFCRUN32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-05-13 08:47:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-13 12:46
ComboFix2.txt 2012-05-12 21:34
.
Pre-Run: 130,347,642,880 bytes free
Post-Run: 130,362,163,200 bytes free
.
- - End Of File - - 35D92DF2D8ABE1EA5C1AB09AEAD930B4
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm

Re: Google/Bing redirect virus help

Unread postby pgmigg » May 14th, 2012, 12:36 am

Hello mabbitt616,
I somehow lost the logifle to ESET...but these were the 4 items that were fix/deleted
Please find C:\Program Files\ESET\EsetOnlineScanner\log.txt and post it with both feet - I would like to see every line of this report. If you cannot find it for any reason, please rerun ESET scanner.

Step 1.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double-click on OTL.exe to run it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of OTL.txt file ONLY in your next reply.

Step 2.
SystemLook
Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    rlrjomrye*
    yxuoo*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    rlrjomrye
    yxuoo
    D4027C7F-154A-4066-A1AD-4243D8127440
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the :\Program Files\ESET\EsetOnlineScanner\log.txt log file after ESET scan run previously
  3. Contents of a OTL.txt log file after OTL Scan run
  4. Contents of a Extras.txt log file after OTL Scan run
  5. Contents of the SystemLook.txt log file
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3188
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google/Bing redirect virus help

Unread postby mabbitt616 » May 15th, 2012, 8:17 pm

pgmigg,

I was not able to run OTL for some reason. The scan just won't start.

I re-ran ESET and the log is as follows:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c7dd2be6ad5b2b4fa22f54d01aea979a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-15 11:32:14
# local_time=2012-05-15 07:32:14 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=66126
# found=4
# cleaned=0
# scan_time=7907
C:\System Volume Information\_restore{D381B82D-B18D-48EB-B0CA-2AC064E0E1C1}\RP391\A0123876.dll a variant of Win32/Adware.AntiMalwarePro.AD application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D381B82D-B18D-48EB-B0CA-2AC064E0E1C1}\RP391\A0123877.exe a variant of Win32/Adware.PCFresher.A application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D381B82D-B18D-48EB-B0CA-2AC064E0E1C1}\RP392\A0123891.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\25.03.2012_17.06.37\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KS trojan (unable to clean) 00000000000000000000000000000000 I

I also was able to run systemlook and the log is as follows:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:00 on 15/05/2012 by Matthew Abbott
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "rlrjomrye*"
C:\Qoobox\Quarantine\C\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\rlrjomrye.dll.vir --a---- 461312 bytes [13:48 09/05/2012] [13:48 09/05/2012] 96686462FA019F71237B1E97C0A26B7F

Searching for "yxuoo*"
C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll --a---- 461312 bytes [13:48 09/05/2012] [13:48 09/05/2012] 96B491EFD78B5B49CC0F378C4E0F549A

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
No data found.

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

Searching for "rlrjomrye"
No data found.

Searching for "yxuoo"
No data found.

Searching for "D4027C7F-154A-4066-A1AD-4243D8127440"
No data found.

-= EOF =-
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm

Re: Google/Bing redirect virus help

Unread postby pgmigg » May 16th, 2012, 2:32 pm

Hello mabbitt616,
I was not able to run OTL for some reason. The scan just won't start.
Don't worry - such scenario is possible... :)

Step 1.
Turn System Restore Off/On
Warning: Turning OFF System Restore will remove all current restore points!
Turn OFF System Restore
  1. Right click on My Computer ... choose Properties from the menu.
  2. Press the System Restore ...tab.
  3. Check "Turn off System Restore"...check box.
  4. Click Apply
  5. Click OK.
  6. Restart your computer.
Turn ON System Restore
  1. Right click on My Computer ... choose Properties from the menu.
  2. Press the System Restore ...tab.
  3. UN-Check "Turn off System Restore"...check box.
  4. Click Apply
  5. Click OK.
When turned back on... a new Restore Point will be created automatically.

Step 2.
Fresh aswMBR Scan
You should still have aswMBR.exe on your desktop.
  1. Double click aswMBR.exe to run it.
  2. Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  3. With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  4. After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  5. Click OK > Exit.
  6. Note: Do not attempt to fix anything at this stage!
  7. Two files will be created, aswMBR.txt & a file named MBR.dat.
  8. MBR.dat is a backup of the MBR(master boot record), do not delete it..
  9. I strongly suggest you keep a copy of this backup stored on an external device.
  10. Copy & Paste the contents of aswMBR.txt into your next reply.

Step 3.
Online Virus Total file scan
  1. Please go to Virus Total to upload the following files one by one for scanning:

    C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll

  2. Press the Choose File button and navigate to the file in the list.
  3. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  4. Click on Scan it! button.
  5. The file will be queued, uploaded and scanned by various antivirus scanners - this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse button, so your file will be scanned.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address:
    Image
  8. Paste the Web address link for the scan results in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of scan results from aswMBR.txt file.
  3. The resulting web link after online file scan by Virus Total.
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3188
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google/Bing redirect virus help

Unread postby mabbitt616 » May 17th, 2012, 10:45 am

pgmigg,

I had no problems executing the steps.

The aswMBR.txt log is:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-17 10:08:30
-----------------------------
10:08:30.609 OS Version: Windows 5.1.2600 Service Pack 3
10:08:30.625 Number of processors: 2 586 0x1C02
10:08:30.625 ComputerName: ABBOTT UserName:
10:08:32.093 Initialize success
10:08:51.109 AVAST engine defs: 12051700
10:08:56.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:08:56.734 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 3
10:08:56.796 Disk 0 MBR read successfully
10:08:56.812 Disk 0 MBR scan
10:08:57.015 Disk 0 Windows XP default MBR code
10:08:57.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 147581 MB offset 63
10:08:57.093 Disk 0 Partition 2 00 1C Hidd FAT32 LBA MSDOS5.0 5004 MB offset 302246910
10:08:57.156 Disk 0 Partition 3 00 EF EFI FAT A1311 39 MB offset 312496380
10:08:57.203 Disk 0 scanning sectors +312576705
10:08:57.390 Disk 0 scanning C:\WINDOWS\system32\drivers
10:09:22.203 Service scanning
10:09:59.156 Modules scanning
10:10:18.937 Disk 0 trace - called modules:
10:10:19.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
10:10:19.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d6c7a8]
10:10:19.046 3 CLASSPNP.SYS[f7588fd7] -> nt!IofCallDriver -> \Device\00000076[0x86d6c030]
10:10:19.062 5 ACPI.sys[f741f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86d6d028]
10:10:19.687 AVAST engine scan C:\WINDOWS
10:10:56.593 AVAST engine scan C:\WINDOWS\system32
10:17:31.265 AVAST engine scan C:\WINDOWS\system32\drivers
10:18:20.328 AVAST engine scan C:\Documents and Settings\Matthew Abbott
10:21:01.234 File: C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll **INFECTED** Win32:Sefnit-GU [Drp]
10:25:04.468 AVAST engine scan C:\Documents and Settings\All Users
10:32:49.921 Scan finished successfully
10:33:28.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Matthew Abbott\Desktop\MBR.dat"
10:33:28.296 The log file has been saved successfully to "C:\Documents and Settings\Matthew Abbott\Desktop\aswMBR3.txt"

The website from the antivirus scan from Virus Total is: https://www.virustotal.com/file/e17f9b7 ... 337265586/

Thanks
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm

Re: Google/Bing redirect virus help

Unread postby pgmigg » May 17th, 2012, 2:55 pm

Hello mabbitt616,

Very Well! let continue... :)

Step 1.
Killbox File Remover
  1. Please Download KillBox and save it to your Desktop.
  2. Double-click on Killbox.exe to open it.
  3. Check the box "Delete on Reboot"
  4. Highlight all the entries in the quote box below and the Copy them.
  5. C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll

  6. Then in Killbox, click File ->> Paste from Clipboard
    At this point the "All Files" button should be enabled so you can click it.
    Click the "All Files" button.
    Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes.
    A second message will ask to Reboot now? You will need to click Yes to allow the reboot.

    Note: Killbox will let you know if a file does not exist.
  7. If you have any issues with this method, you can copy and paste the lines one at a time into the Killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click Yes to allow the Reboot.

Step 2.
SystemLook
You should still have SystemLook.exe on your desktop.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    yxuoo*
    
    :Regfind
    yxuoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 3.
FLUSHDNS
  1. Click the Start -> Run... and text entry box will be opened.
  2. Type: cmd and press OK - the Command Prompt window will be opened.
  3. Type: ipconfig /flushdns
      Note: There is a space after ipconfig in the above command.
  4. Press Enter.
  5. Type: exit and press Enter to exit the Command Prompt window.
  6. Reboot your computer! <-- IMPORTANT!!!

Step 4.
TFC (Temp File Cleaner)
  1. Please download TFC.exe...by Old Timer. Save it to your desktop.
    Print these instructions. Save any unsaved work. TFC will close ALL open programs... including your browser!
  2. Double click on TFC.exe to run it.
    TFC will begin cleaning up the "temp" files... it may take only a few seconds or it could be several minutes, depending on the amount of temp files found.
  3. If prompted to reboot... click Yes.

! Important ! If TFC prompts you to reboot, please do so immediately, before proceeding to any other steps or other use of your computer.

Step 5.
Now please re-ran ESET scan and then tell me, do you still have initial symptoms for Google/Bing redirection?

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\Program Files\ESET\EsetOnlineScanner\log.txt log file after fresh ESET scan
  3. Contents of the SystemLook.txt log file
  4. Answer for my question about initial symptoms.
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3188
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 62 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware