Infected with a virus, getting popups and speaking popups

Posted 4/4/2011 11:17 PM
#91335
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Hello. I am still on my old system and it runs Windows XP, SP3. I think the virus(es) came from an infected email but am not sure. I ran malwarebytes which found nothing and then Spybot which found and supposedly got rid of 2 things that I did not recognize-1)Microsoft.windows.security.internet explorer and 2)virtumonde(Trojansc-05). After running the scans, I restarted my computer and every website I visit, I am still getting a talking popup asking me to fill out a survey or to "click here to check my updated credit score". I have ignored both. Yesterday I was also getting a Norton popup page that asked if I wanted my system scanned. There was no where to press to "x" it out but I did something that I thought got rid of it. I probably added more viruses to the computer by whatever I did to remove it. Any help ASAP would be appreciated. Thanks
Posted 4/5/2011 2:27 AM
#91340
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello :smile:








Please download combofix: [color=#0000ff>Here[/url]

Save it to Desktop.



Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix.

There are details for disabling many programmes:
Here[/color]



Now, please make sure no other programs are running, close all other windows.


Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted.

Usually located in c:\combofix.txt, please post it to your next reply



The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/5/2011 3:17 AM
#91344
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
ComboFix 11-04-04.01 - KB 04/04/2011 22:46:52.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.483 [GMT -4:00]
Running from: c:\documents and settings\KB\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\KB\My Documents\DPE.DUS
.
.
((((((((((((((((((((((((( Files Created from 2011-03-05 to 2011-04-05 )))))))))))))))))))))))))))))))
.
.
2011-04-03 00:19 . 2011-04-03 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-03-29 20:37 . 2011-03-30 02:16 -------- d-----w- c:\documents and settings\KB\Local Settings\Application Data\AskToolbar
2011-03-29 20:37 . 2011-03-29 20:37 -------- d-----w- c:\program files\Ask.com
2011-03-29 20:36 . 2011-03-29 20:36 -------- d-----w- c:\program files\Play Pickle
2011-03-26 17:27 . 2011-03-26 17:27 -------- d-----w- c:\program files\Common Files\supportsoft
2011-03-20 14:51 . 2011-03-20 14:54 -------- dc----w- C:\3-20-2011
2011-03-19 13:27 . 2011-03-19 13:31 -------- dc----w- C:\3-19-2011
2011-03-15 19:32 . 2011-03-15 19:35 -------- dc----w- C:\3-15-2011
2011-03-14 14:21 . 2011-03-14 14:25 -------- dc----w- C:\3-14-2011
2011-03-07 21:36 . 2011-03-07 21:39 -------- dc----w- C:\3-7-2011
2011-03-07 13:34 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-03-07 13:34 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-03-07 13:34 . 2011-03-07 13:34 -------- d-----w- c:\windows\Logs
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2003-08-08 01:47 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-08-08 01:44 186880 ------w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2003-08-08 01:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2003-08-08 01:35 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2003-08-08 02:02 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2001-08-30 10:30 290048 ----a-w- c:\windows\system32\atmfd.dll
2009-04-01 02:47 . 2009-01-16 22:54 324976 -c--a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-01-29_05.35.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-04 14:35 . 2011-04-04 14:35 16384 c:\windows\temp\Perflib_Perfdata_400.dat
- 2001-08-30 10:30 . 2010-11-15 15:06 71614 c:\windows\system32\perfc009.dat
+ 2001-08-30 10:30 . 2011-03-23 21:00 71614 c:\windows\system32\perfc009.dat
+ 2003-08-08 01:28 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
- 2003-08-08 01:28 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
+ 2006-11-08 02:03 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 02:03 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
- 2005-07-20 15:52 . 2004-09-09 04:09 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 86016 c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll
- 2005-07-20 15:52 . 2004-09-09 04:09 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe
+ 2011-02-02 13:35 . 2011-02-02 13:35 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe
+ 2011-02-02 13:35 . 2011-02-02 13:35 79488 c:\windows\system32\Macromed\Shockwave 10\gtapi.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
- 2005-07-20 15:52 . 2004-09-09 04:05 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2003-08-08 01:23 . 2010-12-20 23:59 43520 c:\windows\system32\licmgr10.dll
- 2003-08-08 01:23 . 2010-11-06 00:26 43520 c:\windows\system32\licmgr10.dll
+ 2001-08-30 10:30 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
- 2001-08-30 10:30 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
+ 2010-05-01 22:45 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-05-01 22:45 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
- 2006-05-10 05:23 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-05-10 05:23 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-09 20:17 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 20:17 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2003-08-08 01:23 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2003-08-08 01:23 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-05-10 05:22 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2001-08-30 10:30 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
- 2001-08-30 10:30 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2011-02-27 19:29 . 2011-02-27 19:29 87711 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2011-02-02 13:46 . 2011-02-02 13:46 98304 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2011-02-02 13:55 . 2011-02-02 13:55 68536 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2011-02-27 19:30 . 2011-02-27 19:30 24064 c:\windows\Installer\e970ec1.msi
+ 2009-06-15 20:42 . 2011-03-10 04:02 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-06-15 20:42 . 2011-01-13 04:03 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-06-15 20:42 . 2011-01-13 04:03 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-06-15 20:42 . 2011-03-10 04:02 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-06-15 20:42 . 2011-03-10 04:02 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-06-15 20:42 . 2011-01-13 04:03 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-02-10 04:04 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-10 04:03 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-10 04:03 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-10 04:03 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-10 04:03 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2011-02-10 04:03 . 2009-12-14 07:08 33280 c:\windows\$NtUninstallKB2476687$\csrsrv.dll
+ 2011-03-01 04:02 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971029\update\spcustom.dll
+ 2011-03-01 04:02 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971029\spmsg.dll
+ 2011-02-10 04:09 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2485376\update\spcustom.dll
+ 2011-02-10 04:09 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2485376\spmsg.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2483185\update\spcustom.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2483185\spmsg.dll
+ 2011-02-10 04:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2482017-IE8\update\spcustom.dll
+ 2011-02-10 04:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2482017-IE8\spmsg.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 12800 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\xpshims.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 66560 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtmled.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 55296 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeedsbs.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 43520 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\licmgr10.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 25600 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\jsproxy.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479628\update\spcustom.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479628\spmsg.dll
+ 2011-02-10 04:09 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478971\update\spcustom.dll
+ 2011-02-10 04:09 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478971\spmsg.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478960\update\spcustom.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478960\spmsg.dll
+ 2011-02-10 04:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2476687\update\spcustom.dll
+ 2011-02-10 04:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2476687\spmsg.dll
+ 2010-12-09 14:29 . 2010-12-09 14:29 33280 c:\windows\$hf_mig$\KB2476687\SP3QFE\csrsrv.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2393802\update\spcustom.dll
+ 2011-02-09 11:56 . 2010-12-09 15:15 16896 c:\windows\$hf_mig$\KB2393802\update\mpsyschk.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2393802\spmsg.dll
+ 2011-02-02 13:47 . 2011-02-02 13:47 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
- 2004-02-06 22:05 . 2010-11-06 00:26 916480 c:\windows\system32\wininet.dll
+ 2004-02-06 22:05 . 2010-12-20 23:59 916480 c:\windows\system32\wininet.dll
- 2001-08-30 10:30 . 2008-04-14 00:12 135168 c:\windows\system32\shsvcs.dll
+ 2001-08-30 10:30 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
+ 2001-08-30 10:30 . 2011-03-23 21:00 441804 c:\windows\system32\perfh009.dat
- 2001-08-30 10:30 . 2010-11-15 15:06 441804 c:\windows\system32\perfh009.dat
- 2001-08-30 10:30 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
+ 2001-08-30 10:30 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll
+ 2001-08-30 10:30 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
+ 2003-08-08 01:35 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll
- 2003-08-08 01:35 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
+ 2006-11-08 02:03 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll
- 2006-11-08 02:03 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll
+ 2011-04-02 21:18 . 2011-04-02 21:18 292216 c:\windows\system32\Macromed\Shockwave 10\syminstallstub.exe
+ 2011-02-02 13:35 . 2011-02-02 13:35 136568 c:\windows\system32\Macromed\Shockwave 10\SCC.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 180224 c:\windows\system32\Macromed\Shockwave 10\Proj.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 475136 c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 339968 c:\windows\system32\Macromed\Shockwave 10\Plugin.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 606208 c:\windows\system32\Macromed\Shockwave 10\iml32X.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 798208 c:\windows\system32\Macromed\Shockwave 10\gi.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 471040 c:\windows\system32\Macromed\Shockwave 10\Control.dll
+ 2001-08-30 10:30 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
- 2001-08-30 10:30 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
- 2001-08-30 10:30 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2001-08-30 10:30 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
+ 2003-08-08 00:48 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll
- 2003-08-08 00:48 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
+ 2003-08-08 00:48 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll
- 2003-08-08 00:48 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
- 2003-08-08 00:48 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
+ 2003-08-08 00:48 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
+ 2006-05-10 05:23 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-05-10 05:23 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-07-27 23:17 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2011-01-21 14:44 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
- 2003-08-08 01:47 . 2008-04-14 00:12 270848 c:\windows\system32\dllcache\sbe.dll
+ 2003-08-08 01:47 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
+ 2006-10-17 17:04 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 17:04 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-04-14 22:42 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
+ 2006-05-10 05:23 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:23 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-05-09 20:17 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-09 20:17 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-04-14 22:42 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-04-14 22:42 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2009-06-25 08:25 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
- 2010-05-01 22:45 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-05-01 22:45 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-05-10 05:22 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-05-10 05:22 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-10 10:53 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-10 10:53 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2006-11-07 08:27 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 08:27 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 08:26 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-11-07 08:26 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2003-08-08 01:44 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
- 2003-08-08 01:44 . 2008-04-14 00:11 186880 c:\windows\system32\dllcache\encdec.dll
+ 2010-04-20 05:30 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
- 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2011-02-02 13:46 . 2011-02-02 13:46 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2011-02-02 13:55 . 2011-02-02 13:55 469944 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1159620.exe
+ 2011-02-02 13:35 . 2011-02-02 13:35 136568 c:\windows\system32\Adobe\Shockwave 11\SCC.dll
+ 2011-02-02 13:48 . 2011-02-02 13:48 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2011-02-02 13:47 . 2011-02-02 13:47 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 798208 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2011-02-02 13:46 . 2011-02-02 13:46 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2011-02-02 13:55 . 2011-02-02 13:55 215992 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2011-02-02 13:47 . 2011-02-02 13:47 135168 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2010-05-04 15:37 . 2011-01-29 20:31 861120 c:\windows\Installer\SandboxieInstall32.exe
+ 2011-03-26 17:27 . 2011-03-26 17:27 422912 c:\windows\Installer\98a6a1.msi
- 2009-06-15 20:42 . 2011-01-13 04:03 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-06-15 20:42 . 2011-03-10 04:02 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-06-15 20:42 . 2011-01-13 04:03 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-06-15 20:42 . 2011-03-10 04:02 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
- 2009-06-15 20:42 . 2011-01-13 04:03 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-06-15 20:42 . 2011-03-10 04:02 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
- 2009-06-15 20:42 . 2011-01-13 04:03 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2009-06-15 20:42 . 2011-03-10 04:02 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2011-03-29 20:37 . 2011-03-29 20:37 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2011-02-10 04:03 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-10 04:04 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-10 04:04 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-10 04:03 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-10 04:03 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-10 04:03 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-10 04:04 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-10 04:04 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-10 04:04 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-10 04:04 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-10 04:04 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2011-03-01 04:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971029$\spuninst\updspapi.dll
+ 2011-03-01 04:02 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971029$\spuninst\spuninst.exe
+ 2011-03-01 04:02 . 2008-04-14 00:12 135168 c:\windows\$NtUninstallKB971029$\shsvcs.dll
+ 2011-02-10 04:08 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2485376$\spuninst\updspapi.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2485376$\spuninst\spuninst.exe
+ 2011-02-10 04:08 . 2010-10-28 13:13 290048 c:\windows\$NtUninstallKB2485376$\atmfd.dll
+ 2011-02-10 04:08 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2483185$\spuninst\updspapi.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2483185$\spuninst\spuninst.exe
+ 2011-02-10 04:08 . 2008-04-14 00:12 438272 c:\windows\$NtUninstallKB2483185$\shimgvw.dll
+ 2011-02-10 04:08 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2479628$\spuninst\updspapi.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2479628$\spuninst\spuninst.exe
+ 2011-02-10 04:09 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478971$\spuninst\updspapi.dll
+ 2011-02-10 04:09 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478971$\spuninst\spuninst.exe
+ 2011-02-10 04:09 . 2009-06-25 08:25 301568 c:\windows\$NtUninstallKB2478971$\kerberos.dll
+ 2011-02-10 04:02 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478960$\spuninst\updspapi.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478960$\spuninst\spuninst.exe
+ 2011-02-10 04:02 . 2009-06-25 08:25 730112 c:\windows\$NtUninstallKB2478960$\lsasrv.dll
+ 2011-02-10 04:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2476687$\spuninst\updspapi.dll
+ 2011-02-10 04:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2476687$\spuninst\spuninst.exe
+ 2011-02-10 04:02 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2393802$\spuninst\updspapi.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2393802$\spuninst\spuninst.exe
+ 2011-02-10 04:01 . 2009-02-09 12:10 714752 c:\windows\$NtUninstallKB2393802$\ntdll.dll
+ 2011-03-01 04:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971029\update\updspapi.dll
+ 2011-03-01 04:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971029\update\update.exe
+ 2011-03-01 04:02 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971029\spuninst.exe
+ 2009-07-27 22:13 . 2009-07-27 22:13 135168 c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
+ 2011-02-10 04:09 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2485376\update\updspapi.dll
+ 2011-02-10 04:09 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2485376\update\update.exe
+ 2011-02-10 04:09 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2485376\spuninst.exe
+ 2011-01-07 14:09 . 2011-01-07 14:09 290048 c:\windows\$hf_mig$\KB2485376\SP3QFE\atmfd.dll
+ 2011-02-10 04:08 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2483185\update\updspapi.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2483185\update\update.exe
+ 2011-02-10 04:08 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2483185\spuninst.exe
+ 2011-01-21 14:42 . 2011-01-21 14:42 439808 c:\windows\$hf_mig$\KB2483185\SP3QFE\shimgvw.dll
+ 2011-02-10 04:04 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2482017-IE8\update\updspapi.dll
+ 2011-02-10 04:04 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2482017-IE8\update\update.exe
+ 2011-02-10 04:04 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2482017-IE8\spuninst.exe
+ 2011-02-09 12:00 . 2010-12-20 23:58 919552 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 206848 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\occache.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 611840 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mstime.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 602112 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeeds.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 247808 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieproxy.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 184320 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iepeers.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 743424 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedvtool.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 387584 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedkcs32.dll
+ 2011-02-09 12:00 . 2010-12-20 12:48 173568 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ie4uinit.exe
+ 2011-02-10 04:08 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2479628\update\updspapi.dll
+ 2011-02-10 04:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2479628\update\update.exe
+ 2011-02-10 04:08 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2479628\spuninst.exe
+ 2011-02-10 04:09 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478971\update\updspapi.dll
+ 2011-02-10 04:09 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478971\update\update.exe
+ 2011-02-10 04:09 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478971\spuninst.exe
+ 2010-12-22 12:32 . 2010-12-22 12:32 301568 c:\windows\$hf_mig$\KB2478971\SP3QFE\kerberos.dll
+ 2011-02-10 04:02 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478960\update\updspapi.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478960\update\update.exe
+ 2011-02-10 04:02 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478960\spuninst.exe
+ 2010-12-20 17:24 . 2010-12-20 17:24 730112 c:\windows\$hf_mig$\KB2478960\SP3QFE\lsasrv.dll
+ 2011-02-10 04:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2476687\update\updspapi.dll
+ 2011-02-10 04:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2476687\update\update.exe
+ 2011-02-10 04:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2476687\spuninst.exe
+ 2011-02-10 04:02 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2393802\update\updspapi.dll
+ 2011-02-10 04:02 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2393802\update\update.exe
+ 2011-02-10 04:02 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2393802\spuninst.exe
+ 2011-02-09 11:56 . 2010-12-09 15:15 718336 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
+ 2001-08-30 10:30 . 2010-12-31 13:10 1854976 c:\windows\system32\win32k.sys
- 2004-01-21 21:20 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll
+ 2004-01-21 21:20 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll
+ 2004-07-21 14:59 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
- 2004-07-21 14:59 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2001-08-30 10:30 . 2010-12-09 13:38 2192768 c:\windows\system32\ntoskrnl.exe
+ 2001-08-17 13:48 . 2010-12-09 13:07 2069376 c:\windows\system32\ntkrnlpa.exe
+ 2004-07-07 22:37 . 2010-12-20 23:59 5961216 c:\windows\system32\mshtml.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 2224816 c:\windows\system32\Macromed\Shockwave 10\gt.exe
+ 2011-02-02 13:35 . 2011-02-02 13:35 1495040 c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll
- 2006-10-17 16:57 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll
+ 2006-10-17 16:57 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
- 2003-08-06 23:59 . 2010-12-16 11:47 1711256 c:\windows\system32\FNTCACHE.DAT
+ 2003-08-06 23:59 . 2011-02-10 04:27 1711256 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-15 01:36 . 2010-12-31 13:10 1854976 c:\windows\system32\dllcache\win32k.sys
- 2006-05-10 05:23 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-10 05:23 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
- 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2009-04-14 22:42 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-14 22:42 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-14 22:42 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-05-19 15:08 . 2010-12-20 23:59 5961216 c:\windows\system32\dllcache\mshtml.dll
+ 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2007-05-09 20:17 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
- 2007-05-09 20:17 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-02-02 13:39 . 2011-02-02 13:39 1019904 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 2224816 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2011-02-02 13:41 . 2011-02-02 13:41 1802240 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2011-03-26 17:27 . 2011-03-26 17:27 3024384 c:\windows\Installer\98a69d.msi
+ 2011-03-29 20:37 . 2011-03-29 20:37 2086912 c:\windows\Installer\6ce95a5.msi
+ 2011-02-16 18:54 . 2011-02-16 18:54 4992000 c:\windows\Installer\2e46f113.msp
+ 2011-01-11 22:52 . 2011-01-11 22:52 3360768 c:\windows\Installer\2cc09c93.msp
+ 2009-06-15 20:42 . 2011-03-10 04:02 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-06-15 20:42 . 2011-01-13 04:03 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-02-10 04:03 . 2010-11-06 00:26 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-10 04:03 . 2010-11-06 00:26 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-10 04:04 . 2010-11-06 00:26 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2009-04-14 22:42 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-04-14 22:42 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-14 22:42 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-02-10 04:08 . 2010-07-27 06:30 8462336 c:\windows\$NtUninstallKB2483185$\shell32.dll
+ 2011-02-10 04:08 . 2010-10-26 13:25 1853312 c:\windows\$NtUninstallKB2479628$\win32k.sys
+ 2011-02-10 04:01 . 2010-04-28 02:25 2189952 c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
+ 2011-02-10 04:01 . 2010-04-27 13:05 2024448 c:\windows\$NtUninstallKB2393802$\ntkrpamp.exe
+ 2011-02-10 04:01 . 2010-04-27 13:05 2066816 c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
+ 2011-02-10 04:01 . 2010-04-27 13:59 2146304 c:\windows\$NtUninstallKB2393802$\ntkrnlmp.exe
+ 2009-07-27 22:13 . 2009-07-27 22:13 8462848 c:\windows\$hf_mig$\KB971029\SP3QFE\shell32.dll
+ 2011-01-21 14:42 . 2011-01-21 14:42 8463360 c:\windows\$hf_mig$\KB2483185\SP3QFE\shell32.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 1211904 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\urlmon.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 5962240 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 1992192 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iertutil.dll
+ 2010-12-31 13:14 . 2010-12-31 13:14 1864064 c:\windows\$hf_mig$\KB2479628\SP3QFE\win32k.sys
+ 2011-02-09 11:56 . 2010-12-09 13:43 2192768 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
+ 2011-02-09 11:56 . 2010-12-09 13:09 2027008 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrpamp.exe
+ 2010-12-09 23:39 . 2010-12-09 23:39 2069376 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
+ 2011-02-09 11:56 . 2010-12-09 13:47 2148864 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlmp.exe
+ 2005-05-11 03:01 . 2011-03-10 04:03 37943240 c:\windows\system32\MRT.exe
+ 2006-11-08 02:03 . 2010-12-21 10:29 11080704 c:\windows\system32\ieframe.dll
- 2006-11-08 02:03 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll
- 2007-05-09 20:17 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-09 20:17 . 2010-12-21 10:29 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-02-10 04:04 . 2010-11-06 00:26 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
+ 2011-02-09 12:00 . 2010-12-20 23:58 11082752 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieframe.dll
.
Posted 4/5/2011 3:18 AM
#91345
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02F0243C-2E71-4a1a-A790-6C30888119D0}]
2011-03-29 20:36 168960 ----a-w- c:\program files\Play Pickle\pptl.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9}]
2011-03-29 20:36 253952 ----a-w- c:\program files\Play Pickle\playpicklelib32.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 02:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Upromise Update"="c:\program files\Upromise\dca-ua.exe" [2009-07-01 81920]
"SacReminder"="c:\documents and settings\All Users\Application Data\OfficeGuardian\reminder\SacReminder.exe" [2009-06-02 825152]
"SansaDispatch"="c:\documents and settings\KB\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-12-10 79872]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-01-12 405736]
"Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2009-08-16 167936]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"SmileboxTray"="c:\documents and settings\KB\Application Data\Smilebox\SmileboxTray.exe" [2011-03-25 313160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-31 180269]
"PROMon.exe"="PROMon.exe" [2002-04-18 73728]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 66048]
"GWMDMMSG"="GWMDMMSG.exe" [2002-05-07 65536]
"CTHelper"="CTHELPER.EXE" [2002-07-02 24576]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-19 684032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"QAGENT"="c:\program files\QUICKENW\QAGENT.EXE" [2001-08-01 94208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2010-10-07 106496]
"Play Pickle"="c:\program files\Play Pickle\playpickle32.exe" [2011-03-29 242688]
.
c:\documents and settings\KB\Start Menu\Programs\Startup\
DeskFlag.lnk - c:\program files\Tiger Technologies\DeskFlag\deskflag.exe [2001-10-10 184320]
PowerReg Scheduler.exe [2007-8-11 256000]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 7.0 Tray Icon.lnk - c:\program files\America Online 7.0a\aoltray.exe [2003-8-11 32838]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-6 24633]
Verizon Online Support Center.lnk - c:\program files\Verizon Online\bin\matcli.exe [2004-12-11 204800]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"eBayToolbar"=c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"Microsoft Works Portfolio"=c:\program files\Microsoft Works\WksSb.exe /AllUsers
"MMTray"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe"
"osCheck"="c:\program files\Norton 360\osCheck.exe"
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
"WorksFUD"=c:\program files\Microsoft Works\wkfud.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9212:TCP"= 9212:TCP:SkyCaddie Desktop
"9210:UDP"= 9210:UDP:SkyCaddie Desktop
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/13/2010 1:13 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/13/2010 1:13 PM 17744]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [8/7/2003 12:08 PM 34712]
S1 enum13944;enum13944;c:\windows\system32\drivers\enum13944.sys --> c:\windows\system32\drivers\enum13944.sys [?]
S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 03:33]
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 03:33]
.
2011-04-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 02:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aol.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {BCD5A227-8720-497B-AF5F-4403E94342E3} - hxxps://netservices.verizon.net/portal/verizon/passwdchg/activex/DSLControl.cab
DPF: {C32F59BF-180B-416A-ABF7-161060990A88} - hxxp://download.verizon.net/sfp/Cabs/max_update/cVOLUpdate_1-0-0.cab
FF - ProfilePath - c:\documents and settings\KB\Application Data\Mozilla\Firefox\Profiles\t5m4x3bz.default\
FF - prefs.js: browser.startup.homepage - hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_central
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~2\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-04 22:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\KB\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?"?0?"? ?c?e?l?l?s?p?a?c?i?n?g?=?"?0?"? ?c?l?a?s?s?=?"?t?e?x?t?"?>? ???C
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-04-04 23:09:42
ComboFix-quarantined-files.txt 2011-04-05 03:09
ComboFix2.txt 2011-01-29 05:39
ComboFix3.txt 2010-09-20 04:20
ComboFix4.txt 2010-05-25 17:19
.
Pre-Run: 16,953,376,768 bytes free
Post-Run: 16,993,501,184 bytes free
.
- - End Of File - - A08E61E43661F9644798C05A00D2CF06
Posted 4/7/2011 2:37 PM
#91364
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
The log file is above. The talking pop-ups have stopped. Would combofix have solved this problem or do I need to run something else to make sure the system is clean?

Thanks!!
Posted 4/17/2011 8:54 PM
#91401
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Am still getting silent popups-one asked my to enter information for my credit report. Of course, I did not do it. Do I need to run ComboFix again? Thanks for your help!
Posted 7/5/2011 9:36 PM
#91831
User avatar

JeanAHough Member

Date Joined Nov 2016
Total Posts: 3
Hi KMB1999,

Try to follow these steps:

d3dx9_31.dll
This is because you are missing a file.
Step 1. You can download http://www.d3dx9.net/download-missing-d3dx9_31-dll/ here.
Step 2. Paste this file into your system32 and system folder. Also put it in your syswow
Step 3. Navigate to your System32(32Bit OS) or SyWOW64(64Bit OS) Folder.
Note: The location of System32 or SyWOW64 is
C:Windows\System32 (If you are using 32Bit Windows)
C:\Windows\SysWOW64 (if you are using 64Bit Windows)
Step 4.Paste the d3dx9_31.dll into this folder.
Step 5.Run the game. It might work now.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Tuesday, April 25, 2017, 8:29 PM (GMT +2)
There are a total of 61,193 posts in 13,463 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,020 registered members. Please welcome our newest member, gobertron.
There are currently no users on-line.
[Error loading the WebPart 'cr' of type 'CultureRedirect']
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.