1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

browser redirect problem- need help!!

Discussion in 'Malware Removal' started by mfarnand, Oct 30, 2010.

  1. mfarnand

    mfarnand Private E-2

    I have read all posts and followed the READ ME FIRST instructions, but still I am having problems with my browser being redirected. I am attaching the MGTools file. I hope that tips you off as to what is going on in my PC. I anxiously await your suggestions on how to proceed!
     

    Attached Files:

  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You need to attach the requested logs from Malwarebytes and SUPERAntiSpyware. For example, each of the below files need to be attached:

    C:\Users\Farnand Parents Only\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 10-28-2010 - 02-15-30.log
    C:\Users\Farnand Parents Only\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-24 (01-20-39).txt
    C:\Users\Farnand Parents Only\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-26 (13-53-15).txt

    Also do the below.


    Download TDSSKiller from Kaspersky to your directly onto your Desktop
    • Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
    • Allow the application to run if prompted by Windows or any security programs you have installed
    • It will start the scan and run rather quickly and will notify you of whether anything is found or not.
    • Follow the instructions to delete/quarantine if asks you what to do when if finds something.
    • Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )
    Then uninstall McAfee Security Scan Plus since you have Norton Internet Security installed.

    Also uninstall Java(TM) SE Runtime Environment 6 and install the current version as requested in the READ & RUN ME.
     
    Last edited: Oct 30, 2010
  3. mfarnand

    mfarnand Private E-2

    OK, I believe I have attached the scan logs you need- I ran the full scans (vs quick scans) and the Malwarebytes and SuperAntiSpyware each took two hours- so hopefully they show something of value. The only thing either found was 21 cookies on SuperAntiSpyware, so whatever is redirecting my browser isn't obvious.
    I really appreciate your willingness to help with this problem. I hope you can solve the puzzle!
    Maureen
     

    Attached Files:

  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm sorry but I did not ask you to run new scans. You need to attach the logs I requested in my last message from previous scans so I can see what we being found. I asked for 3 logs ( 1 from SUPERAntiSpyware and 2 from Malwarebytes )


    Also since there are many new infections that manage to get themselves into router hardware, if you have a router hooked up then you need to follow the instructions for your hardware and reset it to factory default settings. Normally there is a recessed push button type switch that needs to be held down for some number of seconds to do this. After resetting to factory defaults on your router, you will need to reconfigure the router for your network if you have made any changes to the default network setup.
     
  5. mfarnand

    mfarnand Private E-2

    Boy, and here I thought I was doing you one better by running those new full scans. Goes to show you what I know...
    Well I attached the original files this time, so hopefully that will give you the information you need. I will also take care of the router on our end. I don't believe we deviated from the factory settings, but just in case I will reset it.
    thanks again, and let me know the next step!
    Maureen
     

    Attached Files:

  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You must be misreading what I said. ;) It is not you that changes it. It is the malware. That is why it has to be reset back to factory defaults. Sometimes the a firmware update/reinstall is even necessary.

    After doing this to your router, reboot your PC and see if anything changes as far as the redirects are concerned.
     
  7. mfarnand

    mfarnand Private E-2

    Well that was weird.... when I reset the router and restarted my PC I got this pop-up that a trial version of 'Advanced Registry Optimizer' found errors on my system and don't I want to run a complete scan to get rid of them? Now I don't know if that is at all related to the various scanning and Malware remover tools I have downloaded on my PC or if it is yet another virus just waiting for me to 'say yes' to, and by now I am so paranoid I didn't even want to hit the 'close' or 'No' option- I shut it down with Task Manager.
    Just thought that was strange....
    Maureen
     
  8. mfarnand

    mfarnand Private E-2

    oh, and I guess I should have mentioned.... the redirects are still happening.:(
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please also download MBRCheck to your desktop
    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )
    Also download Win32kDiag from any of the following three locations and save it to your Desktop.
    Now Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
    • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
    • Now attach the Win32kDiag.txt file that will be created on your Desktop
     
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Almost forgot!! One more scan I want to get the log from.



    I want to run a scan with RootKit Unhooker
    • Please Download Rootkit Unhooker Save it to your desktop.
    • Now double-click on RKUnhookerLE.exe to run it.
    • Click the Report tab, then click Scan.
    • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
    • Wait till the scanner has finished and then click File, Save Report.
    • Save the report somewhere where you can find it. Click Close.
    Attach the log from RootKitUnhooker to your next message.

    Note: You may get a warning like below. It is ok, just ignore it.

    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    One more question I need to ask.

    Please open up Windows Device Manager and see if you have this device [cmz vmkd]

    [​IMG]


    The name of the device may be slightly different than [cmz vmkd]

    If you find this, right click on it and select Disable.
     
  12. mfarnand

    mfarnand Private E-2

    OK, so this is where I am...
    1. I do not have any device in Device Manager that even remotely resembles [cmz vmkd]
    2. When I try to run the RKUnhooker program I get the following error:
    Error loading driver, NTSTATUS code: 0xC000036B
    3. The other two programs downloaded and ran what I think is successfully and I have attached their log files.

    thanks again for your help,
    Maureen
     

    Attached Files:

    Last edited by a moderator: Nov 2, 2010
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay now we will run Win32Kdiag via a different way which will attempt to fix some problems.


    Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

    "%userprofile%\desktop\win32kdiag.exe" -f -r

    When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I also want you to run another tool from Microsoft ( formerly SysInternals ).
    • Please download Junction.zip and save it to your root folder (C:\Junction.zip)
    • Unzip it and put junction.exe in the root folder (C:\junction.exe)
    • Now click Start => Run... => Copy and paste the following command in the run box and click OK:
      cmd /c junction -s c:\ >C:\log.txt
    • A command prompt window opens and also a license agreement from SysInternals will appear.
    • Accept the license agreement and the scan will begin.
    • Wait until a log file opens. Attach this C:\log.txt when it finishes (the command prompt window will close when it finishes).
    • NOTE: It scans your whole hard disk so if can take a long time. Be patient and don't do anything else while it is scanning.
     
  15. mfarnand

    mfarnand Private E-2


    Here goes... (it is a beast)

    Running from: C:\Users\Farnand Parents Only\Desktop\win32kdiag.exe

    Log file at : C:\Users\Farnand Parents Only\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\Windows'...



    Cannot access: C:\Windows\assembly\GAC_32\Desktop.ini

    [1] 2006-11-02 11:30:40 227 C:\Windows\assembly\Desktop.ini ()

    [1] 2010-11-02 17:58:09 27648 C:\Windows\assembly\GAC_32\Desktop.ini ()

    [1] 2010-11-02 17:58:09 37376 C:\Windows\assembly\GAC_64\Desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\Downloaded Program Files\desktop.ini ()

    [1] 2006-09-18 17:35:48 65 C:\Windows\Fonts\desktop.ini ()

    [1] 2006-09-18 17:43:26 2480 C:\Windows\Media\Desktop.ini ()

    [1] 2006-09-18 17:24:26 65 C:\Windows\Offline Web Pages\desktop.ini ()

    [1] 2008-11-28 04:50:45 145 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\desktop.ini ()

    [1] 2008-11-28 04:50:45 145 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini ()

    [1] 2008-11-28 04:50:45 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JZ05IXA\desktop.ini ()

    [1] 2008-11-28 04:50:45 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini ()

    [1] 2008-11-28 04:50:45 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNNCXWA1\desktop.ini ()

    [1] 2008-11-28 04:50:45 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMXBXXQF\desktop.ini ()

    [1] 2008-11-28 04:50:45 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OB2YWOSJ\desktop.ini ()

    [1] 2008-11-28 04:50:45 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini ()

    [1] 2009-12-10 22:39:38 145 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\desktop.ini ()

    [1] 2009-12-10 22:39:38 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3MOEWXQU\desktop.ini ()

    [1] 2009-12-10 22:39:38 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\4VFH4CT2\desktop.ini ()

    [1] 2009-12-10 22:39:38 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini ()

    [1] 2009-12-10 22:39:38 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TXTFZOIT\desktop.ini ()

    [1] 2009-12-10 22:39:38 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\VS5F72KS\desktop.ini ()

    [1] 2009-05-05 21:49:36 6 C:\Windows\ServiceProfiles\LocalService\AppData\LocalLow\desktop.ini ()

    [1] 2006-09-18 17:27:23 438 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini ()

    [1] 2006-09-18 17:27:22 166 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini ()

    [1] 2006-09-18 17:27:22 170 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini ()

    [1] 2010-06-30 16:01:53 145 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\desktop.ini ()

    [1] 2010-06-30 16:01:53 145 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini ()

    [1] 2010-06-30 16:01:53 67 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7Y8QX4R\desktop.ini ()

    [1] 2010-06-30 16:01:52 67 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini ()

    [1] 2010-06-30 16:01:53 67 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0QGANKM\desktop.ini ()

    [1] 2010-06-30 16:01:53 67 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNXP4CEM\desktop.ini ()

    [1] 2010-06-30 16:01:53 67 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE0PM1EJ\desktop.ini ()

    [1] 2010-06-30 16:01:52 67 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini ()

    [1] 2009-01-17 18:24:45 6 C:\Windows\ServiceProfiles\NetworkService\AppData\LocalLow\desktop.ini ()

    [1] 2006-09-18 17:27:23 438 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini ()

    [1] 2006-09-18 17:27:22 166 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini ()

    [1] 2006-09-18 17:27:22 170 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\3868BLXO\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\4HCRJ7WB\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\K1WD427H\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\P85ATZH9\desktop.ini ()

    [1] 2008-01-20 23:20:34 6 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\desktop.ini ()

    [1] 2008-01-20 23:20:34 145 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\desktop.ini ()

    [1] 2008-01-20 23:20:35 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\desktop.ini ()

    [1] 2008-01-20 23:20:34 6 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini ()

    [1] 2006-11-02 11:30:52 6 C:\Windows\System32\config\systemprofile\AppData\LocalLow\desktop.ini ()

    [1] 2006-11-02 11:30:39 6 C:\Windows\System32\config\systemprofile\AppData\Roaming\desktop.ini ()

    [1] 2008-01-20 23:20:34 6 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\desktop.ini ()

    [1] 2010-10-22 22:28:19 95 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini ()

    [1] 2010-10-22 22:28:19 146 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini ()

    [1] 2010-09-29 21:01:52 432 C:\Windows\System32\config\systemprofile\Contacts\desktop.ini ()

    [1] 2010-10-22 22:26:03 402 C:\Windows\System32\config\systemprofile\Favorites\desktop.ini ()

    [1] 2010-10-22 22:28:25 80 C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini ()

    [1] 2010-09-29 21:01:52 282 C:\Windows\System32\config\systemprofile\Links\desktop.ini ()

    [1] 2010-09-29 21:01:52 282 C:\Windows\System32\config\systemprofile\Saved Games\desktop.ini ()

    [1] 2010-09-29 21:01:52 278 C:\Windows\System32\config\systemprofile\Searches\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\3868BLXO\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\4HCRJ7WB\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\K1WD427H\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\P85ATZH9\desktop.ini ()

    [1] 2008-01-20 23:20:34 6 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\desktop.ini ()

    [1] 2008-01-20 23:20:34 145 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\desktop.ini ()

    [1] 2008-01-20 23:20:35 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\desktop.ini ()

    [1] 2008-01-20 23:20:34 6 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini ()

    [1] 2006-11-02 11:30:52 6 C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\desktop.ini ()

    [1] 2006-11-02 11:30:39 6 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\desktop.ini ()

    [1] 2008-01-20 23:20:34 6 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\desktop.ini ()

    [1] 2010-10-22 22:28:19 95 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini ()

    [1] 2010-10-22 22:28:19 146 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini ()

    [1] 2010-09-29 21:01:52 432 C:\Windows\SysWOW64\config\systemprofile\Contacts\desktop.ini ()

    [1] 2010-10-22 22:26:03 402 C:\Windows\SysWOW64\config\systemprofile\Favorites\desktop.ini ()

    [1] 2010-10-22 22:28:25 80 C:\Windows\SysWOW64\config\systemprofile\Favorites\Links\desktop.ini ()

    [1] 2010-09-29 21:01:52 282 C:\Windows\SysWOW64\config\systemprofile\Links\desktop.ini ()

    [1] 2010-09-29 21:01:52 282 C:\Windows\SysWOW64\config\systemprofile\Saved Games\desktop.ini ()

    [1] 2010-09-29 21:01:52 278 C:\Windows\SysWOW64\config\systemprofile\Searches\desktop.ini ()

    [1] 2006-09-18 17:35:48 65 C:\Windows\winsxs\amd64_microsoft-windows-fontext_31bf3856ad364e35_6.0.6001.18000_none_faa43406abfabc54\desktop.ini ()

    [1] 2006-09-18 17:35:48 65 C:\Windows\winsxs\amd64_microsoft-windows-fontext_31bf3856ad364e35_6.0.6002.18005_none_fc8fad12a91c87a0\desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_9c039c9a7c9b86cc\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16721_none_9c240e447c833020\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_9beefef27caad52c\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_9c34e3b87c75a687\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_9c73cba795cb2bca\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20885_none_9c70ccaf95cddcec\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_9ca00f6d95a9cfab\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_9cbe58a595937993\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18000_none_9e1eea92799a72b1\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_9e007b6279b0f932\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18112_none_9e161d2079a0be77\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_9de30e6279c69631\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_9e09506c79aaa208\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18461_none_9ddf12ec79ca284a\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18520_none_9e09543879aa9c56\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_9e8a182d92ce98fc\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22233_none_9e8b1a5d92cdaf7a\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_9e503c9192f8ef2a\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_9eb1918f92afeb26\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22672_none_9e5ee1fb92eefa83\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22750_none_9e72832592e08d1a\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18005_none_a00a639e76bc3dfd\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_a006645c76bfd5c8\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18179_none_9fc2b73876f16417\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18244_none_9fde277076dd8eb8\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18301_none_a006682876bfd016\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_a08731cf8fe3c431\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22303_none_a09203a18fdba567\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22384_none_a03c848b901b9e46\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22475_none_a04856a7901298d3\Desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16830_none_913e5911cf724417\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16851_none_9129b983cf819550\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16890_none_90fd7989cfa2ebbd\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21023_none_91d59ec8e8854737\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21046_none_91c2ffcee892cb1e\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21089_none_919ac0fce8b086e7\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18000_none_934503afcc8086e7\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18226_none_9335695fcc8b5121\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18248_none_9321ca1bcc99bbb1\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18294_none_92e7b957ccc5e20a\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22389_none_93812780e5d6e496\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22418_none_93cbd890e59f04cf\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22475_none_9387f82ae5d26070\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6002.18005_none_95307cbbc9a25233\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18702_none_76302609e24bf744\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18813_none_7626584de25329b3\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18828_none_762089d3e256c457\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18865_none_75f24945e279e816\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18882_none_75d9a88fe28cd3f3\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18904_none_76322a69e24a2440\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18928_none_76208bb9e256c17e\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18943_none_7605ea6fe26b7aad\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18975_none_75e77b3fe282012e\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22903_none_76bac504fb68ad8c\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22918_none_76b4f68afb6c4830\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22956_none_7687b646fb8e8546\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22973_none_766f1590fba17123\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22995_none_765b764cfbafdbb3\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.23019_none_76b5cef6fb6b94c9\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.23040_none_768c5c98fb8c048d\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.23067_none_767dbec6fb95edd0\desktop.ini ()

    [1] 2006-09-18 17:24:26 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_6.0.6001.18000_none_bd4a7e7c0a1701cb\desktop.ini ()

    [1] 2006-09-18 17:24:26 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_6.0.6002.18005_none_bf35f7880738cd17\desktop.ini ()

    [1] 2006-09-18 17:24:26 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.6001.18702_none_a035a0d61fe27228\desktop.ini ()

    [1] 2006-11-02 11:02:11 645 C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_4d76c90c0812a431\Desktop.ini ()

    [1] 2006-11-02 11:02:11 645 C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_4f62421805346f7d\Desktop.ini ()

    [1] 2006-11-02 11:05:17 322 C:\Windows\winsxs\amd64_microsoft-windows-moviesamples_31bf3856ad364e35_6.0.6000.16386_none_8e83937253e03817\desktop.ini ()

    [1] 2006-11-02 11:04:25 702 C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.0.6000.16386_none_043c39ea6d9a42f6\desktop.ini ()

    [1] 2006-11-02 11:01:45 906 C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.0.6000.16386_none_f160f6463d419c79\desktop.ini ()

    [1] 2006-09-18 17:27:22 166 C:\Windows\winsxs\amd64_microsoft-windows-s..i-accessibilityuser_31bf3856ad364e35_6.0.6000.16386_none_bd2c5389c42f60bd\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\winsxs\amd64_microsoft-windows-s..i-extrasandupgrades_31bf3856ad364e35_6.0.6000.16386_none_09e3a6f16c11592d\Desktop.ini ()

    [1] 2006-09-18 17:27:22 170 C:\Windows\winsxs\amd64_microsoft-windows-s..ini-accessoriesuser_31bf3856ad364e35_6.0.6000.16386_none_7dec073dcf98212b\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\winsxs\amd64_microsoft-windows-s..ini-maintenanceuser_31bf3856ad364e35_6.0.6000.16386_none_5fef799411517542\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\winsxs\amd64_microsoft-windows-s..ini-systemtoolsuser_31bf3856ad364e35_6.0.6000.16386_none_7a9387469ef9d813\Desktop.ini ()

    [1] 2006-09-18 17:27:22 170 C:\Windows\winsxs\amd64_microsoft-windows-s..ktopini-accessories_31bf3856ad364e35_6.0.6000.16386_none_45fef56c74dc3dfa\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\winsxs\amd64_microsoft-windows-s..ktopini-maintenance_31bf3856ad364e35_6.0.6000.16386_none_b8820d8458997423\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\winsxs\amd64_microsoft-windows-s..ktopini-systemtools_31bf3856ad364e35_6.0.6000.16386_none_d8551a2143164d12\Desktop.ini ()

    [1] 2006-09-18 17:27:22 166 C:\Windows\winsxs\amd64_microsoft-windows-s..opini-accessibility_31bf3856ad364e35_6.0.6000.16386_none_3453368938bb0338\Desktop.ini ()

    [1] 2006-09-18 17:27:23 438 C:\Windows\winsxs\amd64_microsoft-windows-s..sktopini-sendtouser_31bf3856ad364e35_6.0.6000.16386_none_622c6b094f8b1f58\Desktop.ini ()

    [1] 2006-09-18 17:43:26 2480 C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.0.6000.16386_none_70fa55ba70fbf789\Desktop.ini ()

    [1] 2006-11-02 11:04:06 91 C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6001.18000_none_73d023d55cf5a71b\Desktop.ini ()

    [1] 2006-11-02 11:04:06 91 C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.18005_none_75bb9ce15a177267\Desktop.ini ()

    [1] 2006-11-02 11:04:10 91 C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-stickynotes_31bf3856ad364e35_6.0.6000.16386_none_6ccb85afefd52f98\Desktop.ini ()

    [1] 2006-11-02 11:04:27 183 C:\Windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.0.6000.16386_none_4f9506e3d1c509b8\desktop.ini ()

    [1] 2006-11-02 11:02:25 645 C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\Desktop.ini ()

    [1] 2006-11-02 11:02:25 645 C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\Desktop.ini ()



    Cannot access: C:\Windows\assembly\GAC_64\Desktop.ini

    [1] 2006-11-02 11:30:40 227 C:\Windows\assembly\Desktop.ini ()

    [1] 2010-11-02 17:58:09 27648 C:\Windows\assembly\GAC_32\Desktop.ini ()

    [1] 2010-11-02 17:58:09 37376 C:\Windows\assembly\GAC_64\Desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\Downloaded Program Files\desktop.ini ()

    [1] 2006-09-18 17:35:48 65 C:\Windows\Fonts\desktop.ini ()

    [1] 2006-09-18 17:43:26 2480 C:\Windows\Media\Desktop.ini ()

    [1] 2006-09-18 17:24:26 65 C:\Windows\Offline Web Pages\desktop.ini ()

    [1] 2008-11-28 04:50:45 145 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\desktop.ini ()

    [1] 2008-11-28 04:50:45 145 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini ()

    [1] 2008-11-28 04:50:45 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JZ05IXA\desktop.ini ()

    [1] 2008-11-28 04:50:45 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini ()

    [1] 2008-11-28 04:50:45 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNNCXWA1\desktop.ini ()

    [1] 2008-11-28 04:50:45 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMXBXXQF\desktop.ini ()

    [1] 2008-11-28 04:50:45 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OB2YWOSJ\desktop.ini ()

    [1] 2008-11-28 04:50:45 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini ()

    [1] 2009-12-10 22:39:38 145 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\desktop.ini ()

    [1] 2009-12-10 22:39:38 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3MOEWXQU\desktop.ini ()

    [1] 2009-12-10 22:39:38 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\4VFH4CT2\desktop.ini ()

    [1] 2009-12-10 22:39:38 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini ()

    [1] 2009-12-10 22:39:38 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TXTFZOIT\desktop.ini ()

    [1] 2009-12-10 22:39:38 67 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\VS5F72KS\desktop.ini ()

    [1] 2009-05-05 21:49:36 6 C:\Windows\ServiceProfiles\LocalService\AppData\LocalLow\desktop.ini ()

    [1] 2006-09-18 17:27:23 438 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini ()

    [1] 2006-09-18 17:27:22 166 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini ()

    [1] 2006-09-18 17:27:22 170 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini ()

    [1] 2010-06-30 16:01:53 145 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\desktop.ini ()

    [1] 2010-06-30 16:01:53 145 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini ()

    [1] 2010-06-30 16:01:53 67 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7Y8QX4R\desktop.ini ()

    [1] 2010-06-30 16:01:52 67 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini ()

    [1] 2010-06-30 16:01:53 67 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0QGANKM\desktop.ini ()

    [1] 2010-06-30 16:01:53 67 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNXP4CEM\desktop.ini ()

    [1] 2010-06-30 16:01:53 67 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE0PM1EJ\desktop.ini ()

    [1] 2010-06-30 16:01:52 67 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini ()

    [1] 2009-01-17 18:24:45 6 C:\Windows\ServiceProfiles\NetworkService\AppData\LocalLow\desktop.ini ()

    [1] 2006-09-18 17:27:23 438 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini ()

    [1] 2006-09-18 17:27:22 166 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini ()

    [1] 2006-09-18 17:27:22 170 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\3868BLXO\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\4HCRJ7WB\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\K1WD427H\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\P85ATZH9\desktop.ini ()

    [1] 2008-01-20 23:20:34 6 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\desktop.ini ()

    [1] 2008-01-20 23:20:34 145 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\desktop.ini ()

    [1] 2008-01-20 23:20:35 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\desktop.ini ()

    [1] 2008-01-20 23:20:34 6 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini ()

    [1] 2006-11-02 11:30:52 6 C:\Windows\System32\config\systemprofile\AppData\LocalLow\desktop.ini ()

    [1] 2006-11-02 11:30:39 6 C:\Windows\System32\config\systemprofile\AppData\Roaming\desktop.ini ()

    [1] 2008-01-20 23:20:34 6 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\desktop.ini ()

    [1] 2010-10-22 22:28:19 95 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini ()

    [1] 2010-10-22 22:28:19 146 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini ()

    [1] 2010-09-29 21:01:52 432 C:\Windows\System32\config\systemprofile\Contacts\desktop.ini ()

    [1] 2010-10-22 22:26:03 402 C:\Windows\System32\config\systemprofile\Favorites\desktop.ini ()

    [1] 2010-10-22 22:28:25 80 C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini ()

    [1] 2010-09-29 21:01:52 282 C:\Windows\System32\config\systemprofile\Links\desktop.ini ()

    [1] 2010-09-29 21:01:52 282 C:\Windows\System32\config\systemprofile\Saved Games\desktop.ini ()

    [1] 2010-09-29 21:01:52 278 C:\Windows\System32\config\systemprofile\Searches\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\3868BLXO\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\4HCRJ7WB\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\K1WD427H\desktop.ini ()

    [1] 2010-10-22 22:28:22 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\P85ATZH9\desktop.ini ()

    [1] 2008-01-20 23:20:34 6 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\desktop.ini ()

    [1] 2008-01-20 23:20:34 145 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\desktop.ini ()

    [1] 2008-01-20 23:20:35 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\desktop.ini ()

    [1] 2008-01-20 23:20:34 67 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\desktop.ini ()

    [1] 2008-01-20 23:20:34 6 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini ()

    [1] 2006-11-02 11:30:52 6 C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\desktop.ini ()

    [1] 2006-11-02 11:30:39 6 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\desktop.ini ()

    [1] 2008-01-20 23:20:34 6 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\desktop.ini ()

    [1] 2010-10-22 22:28:19 95 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini ()

    [1] 2010-10-22 22:28:19 146 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini ()

    [1] 2010-09-29 21:01:52 432 C:\Windows\SysWOW64\config\systemprofile\Contacts\desktop.ini ()

    [1] 2010-10-22 22:26:03 402 C:\Windows\SysWOW64\config\systemprofile\Favorites\desktop.ini ()

    [1] 2010-10-22 22:28:25 80 C:\Windows\SysWOW64\config\systemprofile\Favorites\Links\desktop.ini ()

    [1] 2010-09-29 21:01:52 282 C:\Windows\SysWOW64\config\systemprofile\Links\desktop.ini ()

    [1] 2010-09-29 21:01:52 282 C:\Windows\SysWOW64\config\systemprofile\Saved Games\desktop.ini ()

    [1] 2010-09-29 21:01:52 278 C:\Windows\SysWOW64\config\systemprofile\Searches\desktop.ini ()

    [1] 2006-09-18 17:35:48 65 C:\Windows\winsxs\amd64_microsoft-windows-fontext_31bf3856ad364e35_6.0.6001.18000_none_faa43406abfabc54\desktop.ini ()

    [1] 2006-09-18 17:35:48 65 C:\Windows\winsxs\amd64_microsoft-windows-fontext_31bf3856ad364e35_6.0.6002.18005_none_fc8fad12a91c87a0\desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_9c039c9a7c9b86cc\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16721_none_9c240e447c833020\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_9beefef27caad52c\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_9c34e3b87c75a687\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_9c73cba795cb2bca\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20885_none_9c70ccaf95cddcec\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_9ca00f6d95a9cfab\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_9cbe58a595937993\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18000_none_9e1eea92799a72b1\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_9e007b6279b0f932\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18112_none_9e161d2079a0be77\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_9de30e6279c69631\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_9e09506c79aaa208\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18461_none_9ddf12ec79ca284a\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18520_none_9e09543879aa9c56\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_9e8a182d92ce98fc\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22233_none_9e8b1a5d92cdaf7a\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_9e503c9192f8ef2a\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_9eb1918f92afeb26\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22672_none_9e5ee1fb92eefa83\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22750_none_9e72832592e08d1a\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18005_none_a00a639e76bc3dfd\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_a006645c76bfd5c8\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18179_none_9fc2b73876f16417\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18244_none_9fde277076dd8eb8\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18301_none_a006682876bfd016\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_a08731cf8fe3c431\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22303_none_a09203a18fdba567\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22384_none_a03c848b901b9e46\Desktop.ini ()

    [1] 2006-11-02 11:02:18 629 C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22475_none_a04856a7901298d3\Desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16830_none_913e5911cf724417\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16851_none_9129b983cf819550\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16890_none_90fd7989cfa2ebbd\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21023_none_91d59ec8e8854737\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21046_none_91c2ffcee892cb1e\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21089_none_919ac0fce8b086e7\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18000_none_934503afcc8086e7\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18226_none_9335695fcc8b5121\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18248_none_9321ca1bcc99bbb1\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18294_none_92e7b957ccc5e20a\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22389_none_93812780e5d6e496\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22418_none_93cbd890e59f04cf\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22475_none_9387f82ae5d26070\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6002.18005_none_95307cbbc9a25233\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18702_none_76302609e24bf744\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18813_none_7626584de25329b3\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18828_none_762089d3e256c457\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18865_none_75f24945e279e816\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18882_none_75d9a88fe28cd3f3\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18904_none_76322a69e24a2440\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18928_none_76208bb9e256c17e\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18943_none_7605ea6fe26b7aad\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18975_none_75e77b3fe282012e\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22903_none_76bac504fb68ad8c\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22918_none_76b4f68afb6c4830\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22956_none_7687b646fb8e8546\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22973_none_766f1590fba17123\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22995_none_765b764cfbafdbb3\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.23019_none_76b5cef6fb6b94c9\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.23040_none_768c5c98fb8c048d\desktop.ini ()

    [1] 2006-09-18 17:24:04 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.23067_none_767dbec6fb95edd0\desktop.ini ()

    [1] 2006-09-18 17:24:26 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_6.0.6001.18000_none_bd4a7e7c0a1701cb\desktop.ini ()

    [1] 2006-09-18 17:24:26 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_6.0.6002.18005_none_bf35f7880738cd17\desktop.ini ()

    [1] 2006-09-18 17:24:26 65 C:\Windows\winsxs\amd64_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.6001.18702_none_a035a0d61fe27228\desktop.ini ()

    [1] 2006-11-02 11:02:11 645 C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_4d76c90c0812a431\Desktop.ini ()

    [1] 2006-11-02 11:02:11 645 C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_4f62421805346f7d\Desktop.ini ()

    [1] 2006-11-02 11:05:17 322 C:\Windows\winsxs\amd64_microsoft-windows-moviesamples_31bf3856ad364e35_6.0.6000.16386_none_8e83937253e03817\desktop.ini ()

    [1] 2006-11-02 11:04:25 702 C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.0.6000.16386_none_043c39ea6d9a42f6\desktop.ini ()

    [1] 2006-11-02 11:01:45 906 C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.0.6000.16386_none_f160f6463d419c79\desktop.ini ()

    [1] 2006-09-18 17:27:22 166 C:\Windows\winsxs\amd64_microsoft-windows-s..i-accessibilityuser_31bf3856ad364e35_6.0.6000.16386_none_bd2c5389c42f60bd\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\winsxs\amd64_microsoft-windows-s..i-extrasandupgrades_31bf3856ad364e35_6.0.6000.16386_none_09e3a6f16c11592d\Desktop.ini ()

    [1] 2006-09-18 17:27:22 170 C:\Windows\winsxs\amd64_microsoft-windows-s..ini-accessoriesuser_31bf3856ad364e35_6.0.6000.16386_none_7dec073dcf98212b\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\winsxs\amd64_microsoft-windows-s..ini-maintenanceuser_31bf3856ad364e35_6.0.6000.16386_none_5fef799411517542\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\winsxs\amd64_microsoft-windows-s..ini-systemtoolsuser_31bf3856ad364e35_6.0.6000.16386_none_7a9387469ef9d813\Desktop.ini ()

    [1] 2006-09-18 17:27:22 170 C:\Windows\winsxs\amd64_microsoft-windows-s..ktopini-accessories_31bf3856ad364e35_6.0.6000.16386_none_45fef56c74dc3dfa\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\winsxs\amd64_microsoft-windows-s..ktopini-maintenance_31bf3856ad364e35_6.0.6000.16386_none_b8820d8458997423\Desktop.ini ()

    [1] 2006-09-18 17:27:23 170 C:\Windows\winsxs\amd64_microsoft-windows-s..ktopini-systemtools_31bf3856ad364e35_6.0.6000.16386_none_d8551a2143164d12\Desktop.ini ()

    [1] 2006-09-18 17:27:22 166 C:\Windows\winsxs\amd64_microsoft-windows-s..opini-accessibility_31bf3856ad364e35_6.0.6000.16386_none_3453368938bb0338\Desktop.ini ()

    [1] 2006-09-18 17:27:23 438 C:\Windows\winsxs\amd64_microsoft-windows-s..sktopini-sendtouser_31bf3856ad364e35_6.0.6000.16386_none_622c6b094f8b1f58\Desktop.ini ()

    [1] 2006-09-18 17:43:26 2480 C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.0.6000.16386_none_70fa55ba70fbf789\Desktop.ini ()

    [1] 2006-11-02 11:04:06 91 C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6001.18000_none_73d023d55cf5a71b\Desktop.ini ()

    [1] 2006-11-02 11:04:06 91 C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.18005_none_75bb9ce15a177267\Desktop.ini ()

    [1] 2006-11-02 11:04:10 91 C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-stickynotes_31bf3856ad364e35_6.0.6000.16386_none_6ccb85afefd52f98\Desktop.ini ()

    [1] 2006-11-02 11:04:27 183 C:\Windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.0.6000.16386_none_4f9506e3d1c509b8\desktop.ini ()

    [1] 2006-11-02 11:02:25 645 C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\Desktop.ini ()

    [1] 2006-11-02 11:02:25 645 C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\Desktop.ini ()



    Cannot access: C:\Windows\bthservsdp.dat

    [1] 2010-11-02 17:56:54 12 C:\Windows\bthservsdp.dat ()

    [1] 2010-10-22 17:36:02 12 C:\System Volume Information\SystemRestore\FRStaging\Windows\bthservsdp.dat ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

    [1] 2010-11-02 17:58:09 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

    [1] 2010-11-02 17:57:57 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

    [1] 2010-11-02 17:57:57 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

    [1] 2010-11-02 17:57:57 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMuroc System Trace.etl

    [1] 2010-11-02 17:58:12 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMuroc System Trace.etl ()





    Finished!


    Let me know if that does anything for ya' ;)
    thanks
    Maureen
     
  16. mfarnand

    mfarnand Private E-2


    Chaslang,
    I thought I was on a roll, but when I got to the step where I typed the command in the 'Run' box.... I got nuthin'. No request to accept a license agreement.... just nuthin'. Maybe I screwed something up- but if so, I am not sure what. I created a folder in the C drive called "Junction.zip" and in that folder I saved the Junction.zip file. I opened the file and saved the file "Junction.exe" in a folder also in the C drive called "Junction.exe". Then I went to Start then Run and cut/pasted the command you had in your post. When I got nothing back, I retyped the command from scratch, but once again I got nothing.
    Ideas?
    thanks
    Maureen
     
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No! You need to have Junction.exe directly in the the root folder of the C drive. It must be located at C:\junction.exe The command I gave you will only find junction.exe if it has been extracted from the ZIP file and only if the actual executable file is located at C:\junction.exe
     
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No matter what the outcome is for trying to run Junction, please continue on with the below.


    Download OTL and scan.txt to your Desktop.
    • Double click on the OTL icon to run it.
    • Make sure all other windows and unnecessary processes are closed.
    • Double click inside the Custom Scan box at the bottom
    • A window will appear saying Click Ok to load a custom scan from a file or Cancel to cancel
    • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
    • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
    • Click the Quick Scan button.
    • Do not change any settings unless otherwise told to do so.
    • The scan wont take long.
    • When the scan completes, it will open two notepad windows.OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please attach them to your next message.
     
  19. mfarnand

    mfarnand Private E-2

    Chaslang,
    OK..... I put the Junction.exe file directly in the C drive.... this time no folder. Then I followed the path Start=> Run=> cmd /c junction -s c:\ >C:\log.txt and still nothing happened.
    But I did have no issues with the next step in the process and tried attaching the two log files- OTL. Txt and Extras. Txt. I got an upload error on the OTL log file- The file is huge.... 2.77M- maybe there is a file size limit on upload?
    Ideas?
    Maureen
     

    Attached Files:

  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes! Please compress it into a ZIP file and attach it. Also do the below.



    Run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below log:
    • C:\MGlogs.zip
     
  21. mfarnand

    mfarnand Private E-2

    Chaslang,
    1. Need the process for how to zip the text file. And I was wrong... the file is closer to 5Meg. Maybe it is just late... but I don't see the option to save it in a compressed format
    2. I attached the latest MGLogs.zip file

    I will be flying to Denver tomorrow in the early a.m. and won't be back home until very late on Thursday evening. I will catch up on my latest homework when I get back. Meanwhile, thanks again for your help.
    Maureen
     

    Attached Files:

  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This is not looking good. You have a new form of infection that has been giving everyone trouble in removing it. The below seen in your process list is the problem.

    \\.\globalroot\systemroot\syswow64\mswsock.dll

    mswsock.dll itself would normally be legit. But it does not normally load this way. This infection has been causing some people to give up and just reinstall since no easy cure has been determined yet. Let's try to get some more info.

    See if you can download and run the below tool from Microsoft.

    Process Explorer


    If it will run please do the below.



    Download ProcessExplorer
    • Unzip it to its own folder somewhere you can locate it.
    • Now run procexp.exe by double clicking on it.
    • Let's configure some options first:
      • Click View and select Show Lower Pane. And where it says "Lower Pane View" make sure DLL's is checked.
      • Now click on C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe.
      • Now also under the View menu choose "Select columns" and put a check mark on "Image Path".
    • Now click on File and then Save As. And save the process list.
    • Post it back here as an attachment.
    Also try the below from Process Explorer.

    In the top section of the Process Explorer screen double click on VCSW.exe to bring up the VCSW.exe properties screen. Click on the Threads tab at the top.

    Once you see this screen click on each instance of any of the below DLL files (if found) and then click the kill button. ( The below is not the same as C:\Windows\syswow64\mswsock.dll which is valid)

    \\.\globalroot\systemroot\syswow64\mswsock.dll

    After you have killed all instances of any of the above DLL under VCSW.exe click ok and exit ProcessExplorer. I want to see if this will work at all. The above globalroot infection is tied into many processes you are running including your browser. It may be necessary to limit unhook this from all processes one by one and then see if we can replace the mswsock.dll on your system just incase it is infected. I have a feeling that there may be other hidden ( rootkit like) components of this infection though and mswsock.dll may not fully be the source of the problem but rather just a symptom.
     
    Last edited: Nov 5, 2010
  23. mfarnand

    mfarnand Private E-2

    Chaslang,
    Jeez..... I hope after all these scans and uploading logs and downloading tools this thing doesn't have us beat...
    Here is what I have to show for this latest attempt at outwitting it..
    I was able to download process explorer and run procexp.exe. I have attached the process list as processlist1.txt.
    When I brought up the VCSW.exe properties screen- I saw no instances of the targeted dll files- so there was nothing to 'kill' but time.
    Anyway, I am back from Denver and await your advice- thanks!
    Maureen
     

    Attached Files:

  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay it looks like it will appear as the below.

    {E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb

    See if you can kill this. Then look check for it in all other processes and kill those instances too. ( To save time, it would be best to shutdown all other unnecessary applications so that you have fewer processes running that could have this hooked in). After killing all instances in all processes, see if you can delete the C:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb file and also the C:\Users\Farnand Parents Only\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb file
     
  25. mfarnand

    mfarnand Private E-2

    Chaslang,
    I do not see your second suggestion as a file to 'kill' either. I can send you screen prints of what I do see, but when I tried to upload a screen print from a word file- it wouldn't upload. I also tried to delete the two files you suggested despite not being able to perform the previous step- and I got a 'you do not have permission to perform this function- access denied' msg.
    Any other suggestions?
    thanks
    Maureen
     
  26. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    We need to find out why Junction will not run.

    Click Start, Run, and enter cmd and click OK. This should open a command prompt Window. Tell me what happens when you type the below in the command prompt windown and then hit the enter key:

    C:\junction.exe



    Now also download OTL by Old Timer and save it to your Desktop.
    • Double-click OTL.exe to start the program.
    • Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not include the word Code
      Code:
      :processes
      :files
      C:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb
      C:\Users\Farnand Parents Only\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb
      C:\ProgramData\.wtav
      
      :commands
      [PURITY]
      [EMPTYTEMP]
      [RESETHOSTS]
      [CREATERESTOREPOINT]
      [CLEARALLRESTOREPOINTS
      [REBOOT]
      
    • Then click the Run Fix button at the top.
    • Click the OK button.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Just close notepad and attach this log form OTL to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the log from OTL
    • C:\MGlogs.zip
     
  27. mfarnand

    mfarnand Private E-2

    Chaslang,
    OK.... here is the latest update...
    1. When I typed C:\junction.exe at the command prompt, I got the pop-up to 'agree' to the terms prior to running it- which I did. Then I got a bunch of lines in the command window.... I didn't pay much attention as to what they all said, but there was no way to cut/paste them and no log file generated. There were maybe about 15 lines.... But at least I didn't get an error... so maybe things will run OK if we reattempt running that again?
    2. I have attached the log file from running the OTL program and I was prompted to restart my machine. Upon restart I got a popup to clear 20 register errors using a trial version of some s/w; I shut down the window using Task Manager.
    3. Next I ran the MGtools program and the MG log zip file is also attached.
    thanks!
    Maureen
     

    Attached Files:

    Last edited by a moderator: Nov 7, 2010
  28. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Those .tlb files came right back.

    Do you have access to the internet if you boot in safe mode?
    Do you have all important data backed up?
    Do you have the disks required to reinstall Windows if necessary?
     
  29. mfarnand

    mfarnand Private E-2

    Chaslang,
    Is this where we are heading? Should I back up all my important files and dig up my Windows disks?
    Maureen
     
  30. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    At least get the backup done just incase something goes wrong in trying to run some special scans. But yes dig out the Windows disks to since we may get to that point where a reinstall is necessary.

    Where I was immediately headed to was to run some online scanners in safe boot mode ( if you can access the internet in safe mode) and then next to have you make one or more special boot CDs that can run scans while Windows is not running. This could possible root out the infected, but if the infection is in important system files we risk have the scans delete the files which could make a PC unbootable ( hence the reason for backing up, but it is prudent to backup anyway since an infection like this could eventually have catastrophic effects at any time).
     
  31. mfarnand

    mfarnand Private E-2

    Chaslang,
    Well I rebooted in 'Safe Mode with Networking' and had no problem getting to the internet. I also found that my redirection problem disappears in this mode.
    I copied all my files to a portable hard drive- ooops! just realized I forgot to backup my email.... I will do that next.
    I will head upstairs and dig up the Windows Vista CDs too.
    Maureen
     
  32. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

  33. mfarnand

    mfarnand Private E-2

    Chaslang,
    OK I am glad to run the scans.... but I must tell you I now am experiencing a very odd thing...
    In the process of backing up my pc- I decided to save only the files I really needed...so I started deleting a lot of files that were pretty old....
    Anyway, now my browser is not being redirected. It may just be a temporary thing- but I just ran about 10 different searches in Google without a problem. Can you give me some steps to take to see if the original problem has somehow gone away? Or do you think I should just run those three scans you suggested in your last post?
    I am afraid to hope that this virus is somehow gone... I have a feeling it is still lurking in some remote broom closet somewhere..

    But now that I think of it...I was able to successfully use my browser in safe mode too, so now I am not sure exactly when it started working again.

    Maureen
     
  34. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Is this in normal boot mode or are you still in safe mode?

    I doubt the problem is fixed. If you run GetLogs.bat in normal boot mode and then look at the C:\MGtools\procdll.txt file afterwards ( this is also a file in the MGlogs.zip file ). Search the procdll.txt file for a line having \\.\globalroot\systemroot\syswow64\mswsock.dll. If you see this, then nothing has changed.
     
  35. mfarnand

    mfarnand Private E-2

    Chaslang,
    Ok now you gotta' appreciate what my desktop looks like.... During the course of trying to fix this problem I have downloaded the following applications to my desktop: Malawarebytes, RKUnhooker, OTL.exe, SuperAntispyware.exe, ATFCleaner, CCleaner, TDSSKiller,MBRcheck.exe, in addition to my basic Norton. I also have multiple log files, scan files and zip files. My desktop looks like my front lawn after a sewer pipe explosion- there is stuff everywhere- some useful- some not so useful. And in addition I have other tools in my C drive and more in their own folders stuck somewhere-
    So help me out here...where do I find GetLogs.bat? I remember that MGTools is in my C drive, but I have lost track of where GetLogs is now hiding.
    Maureen
     
  36. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes GetLogs.bat is part of MGtools and we have run it previously so I just abbreviated the path to it. You will find it here; C:\MGtools\GetLogs.bat
     
  37. mfarnand

    mfarnand Private E-2

    Chaslang,
    OK... so maybe I was too overly optimistic...
    sure enough when I looked in the procdll.txt file, there it was... about halfway down..


    AppleMobileDeviceService (C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe)

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Windows\SysWOW64\ntdll.dll
    C:\Windows\syswow64\kernel32.dll
    C:\Windows\system32\WSOCK32.dll
    C:\Windows\syswow64\WS2_32.dll
    C:\Windows\syswow64\msvcrt.dll
    C:\Windows\syswow64\ADVAPI32.dll
    C:\Windows\syswow64\RPCRT4.dll
    C:\Windows\syswow64\Secur32.dll
    C:\Windows\syswow64\NSI.dll
    C:\Windows\syswow64\SETUPAPI.dll
    C:\Windows\syswow64\GDI32.dll
    C:\Windows\syswow64\USER32.dll
    C:\Windows\syswow64\OLEAUT32.dll
    C:\Windows\syswow64\ole32.dll
    C:\Windows\system32\WTSAPI32.dll
    C:\Windows\system32\USERENV.dll
    C:\Windows\system32\IMM32.DLL
    C:\Windows\syswow64\MSCTF.dll
    C:\Windows\syswow64\LPK.DLL
    C:\Windows\syswow64\USP10.dll
    C:\Windows\system32\NTMARTA.DLL
    C:\Windows\syswow64\WLDAP32.dll
    C:\Windows\syswow64\PSAPI.DLL
    C:\Windows\system32\SAMLIB.dll
    C:\Windows\syswow64\mswsock.dll
    \\.\globalroot\systemroot\syswow64\mswsock.dll
    C:\Windows\System32\wshtcpip.dll
    C:\Windows\system32\SXS.DLL
    C:\Windows\syswow64\CLBCatQ.DLL
    C:\Windows\SysWOW64\jscript.dll
    C:\Windows\syswow64\SHLWAPI.dll
    C:\Windows\SysWOW64\VERSION.dll
    C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    C:\Windows\system32\WINTRUST.dll
    C:\Windows\system32\CRYPT32.dll
    C:\Windows\system32\MSASN1.dll
    C:\Windows\syswow64\imagehlp.dll
    C:\Windows\system32\rsaenh.dll


    And then again, about halfway down in this section:

    ccSvcHst (C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe)

    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    C:\Windows\SysWOW64\ntdll.dll
    C:\Windows\syswow64\kernel32.dll
    C:\Windows\syswow64\USER32.dll
    C:\Windows\syswow64\GDI32.dll
    C:\Windows\syswow64\ADVAPI32.dll
    C:\Windows\syswow64\RPCRT4.dll
    C:\Windows\syswow64\Secur32.dll
    C:\Windows\syswow64\ole32.dll
    C:\Windows\syswow64\msvcrt.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\MSVCP90.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\MSVCR90.dll
    C:\Windows\system32\IMM32.DLL
    C:\Windows\syswow64\MSCTF.dll
    C:\Windows\syswow64\LPK.DLL
    C:\Windows\syswow64\USP10.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccL100U.dll
    C:\Windows\syswow64\OLEAUT32.dll
    C:\Windows\system32\ws2_32.dll
    C:\Windows\syswow64\NSI.dll
    C:\Windows\syswow64\SHLWAPI.dll
    C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    C:\Windows\system32\DBGHELP.DLL
    C:\Windows\system32\VERSION.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccVrTrst.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\EFACli.dll
    C:\Windows\system32\FLTLIB.DLL
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\SymNeti.dll
    C:\Windows\system32\IPHLPAPI.DLL
    C:\Windows\system32\dhcpcsvc.DLL
    C:\Windows\system32\DNSAPI.dll
    C:\Windows\system32\WINNSI.DLL
    C:\Windows\system32\dhcpcsvc6.DLL
    C:\Windows\system32\PSAPI.DLL
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvc.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\srtsp32.dll
    C:\Windows\syswow64\SHELL32.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccIPC.dll
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\DIMASTER.DLL
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSet.dll
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\COSVCPLG.DLL
    C:\Windows\system32\CRYPT32.dll
    C:\Windows\system32\MSASN1.dll
    C:\Windows\system32\USERENV.dll
    C:\Windows\system32\WINHTTP.dll
    C:\Windows\system32\WTSAPI32.dll
    C:\Windows\system32\WINSTA.dll
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\CCGEVT.DLL
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccGLog.dll
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\CCJOBMGR.DLL
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\CCSUBENG.DLL
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\CCEMLPXY.DLL
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\IRON.DLL
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\SymRedir.dll
    C:\Windows\system32\rsaenh.dll
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\SNDSVC.DLL
    C:\Windows\system32\POWRPROF.dll
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\SYMRDRSV.DLL
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\HNCORE.DLL
    C:\Windows\system32\RASAPI32.DLL
    C:\Windows\system32\rasman.dll
    C:\Windows\system32\NETAPI32.dll
    C:\Windows\system32\TAPI32.dll
    C:\Windows\system32\rtutils.dll
    C:\Windows\system32\WINMM.dll
    C:\Windows\system32\OLEACC.dll
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\APPMGR32.DLL
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\ISDATAPR.DLL
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\NCW.DLL
    C:\Windows\syswow64\WININET.dll
    C:\Windows\syswow64\Normaliz.dll
    C:\Windows\syswow64\urlmon.dll
    C:\Windows\syswow64\iertutil.dll
    C:\Windows\system32\WINTRUST.dll
    C:\Windows\syswow64\imagehlp.dll
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\AVPSVC32.DLL
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\cltLMC.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\avModule.dll
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\ISERROR.DLL
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\CLTLMS.DLL
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\BHSVCPLG.DLL
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\IPSPLUG.DLL
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\ISDATASV.DLL
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\FWCORE.DLL
    C:\Windows\system32\NTMARTA.DLL
    C:\Windows\syswow64\WLDAP32.dll
    C:\Windows\system32\SAMLIB.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\FWGenPlg.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\DSCli.dll
    C:\Windows\system32\apphelp.dll
    C:\Windows\system32\ncrypt.dll
    C:\Windows\system32\BCRYPT.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\FWSetup.dll
    C:\Windows\syswow64\CLBCatQ.DLL
    C:\Windows\system32\comsvcs.dll
    C:\Windows\system32\ATL.DLL
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101029.001\BHEngine.dll
    C:\Windows\system32\sfc.dll
    C:\Windows\system32\sfc_os.dll
    C:\Windows\syswow64\SETUPAPI.dll
    C:\Windows\syswow64\mswsock.dll
    \\.\globalroot\systemroot\syswow64\mswsock.dll
    C:\Windows\System32\wshtcpip.dll
    C:\Windows\system32\Wlanapi.dll
    C:\Windows\system32\OneX.DLL
    C:\Windows\system32\eappprxy.dll
    C:\Windows\system32\eappcfg.dll
    C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll
    C:\Windows\system32\DUser.dll
    C:\Windows\system32\UxTheme.dll
    C:\Windows\system32\wlanutil.dll
    C:\Windows\system32\SXS.DLL
    C:\Windows\System32\wship6.dll
    C:\Windows\SysWOW64\jscript.dll
    C:\Windows\system32\credssp.dll
    C:\Windows\SysWOW64\schannel.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\asEngine.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\AVMail.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\BHClient.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\AVIfc.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coDataPr.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\cltElPrv.dll
    C:\Windows\System32\netprofm.dll
    C:\Windows\System32\GPAPI.dll
    C:\Windows\System32\slc.dll
    C:\Windows\System32\nlaapi.dll
    C:\Windows\System32\npmproxy.dll
    C:\Windows\system32\PDH.DLL
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\QBackup.dll
    C:\Windows\system32\perfdisk.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IMCfg.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\diStRptr.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\AVPAPP32.dll
    C:\Windows\system32\napinsp.dll
    C:\Windows\system32\pnrpnsp.dll
    C:\Windows\system32\wshbth.dll
    C:\Windows\System32\winrnr.dll
    C:\Windows\system32\rasadhlp.dll
    C:\Windows\system32\dssenh.dll
    C:\Windows\SysWOW64\taskschd.dll
    C:\Windows\SysWOW64\XmlLite.dll
    C:\Windows\system32\mlang.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\asHelper.dll
    C:\Windows\system32\wbem\wbemprox.dll
    C:\Windows\system32\wbemcomn.dll
    C:\Windows\system32\wbem\wbemsvc.dll
    C:\Windows\system32\wbem\fastprox.dll
    C:\Windows\system32\NTDSAPI.dll
    C:\Windows\system32\msi.dll
    C:\Windows\system32\PROPSYS.dll
    C:\Windows\system32\LINKINFO.dll
    C:\Windows\system32\ntshrui.dll
    C:\Windows\system32\cscapi.dll
    C:\Windows\System32\mstask.dll
    C:\Windows\syswow64\COMDLG32.dll
    C:\Windows\SysWOW64\actxprxy.dll
    C:\Windows\system32\perfos.dll
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101108.002\IDSxpx86.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccScanw.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ecmldr32.dll
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\NUMEng.dll
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\LUE.DLL


    And then a third time here..

    mDNSResponder (C:\Program Files (x86)\Bonjour\mDNSResponder.exe)

    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\ntdll.dll
    C:\Windows\syswow64\kernel32.dll
    C:\Windows\syswow64\WS2_32.dll
    C:\Windows\syswow64\msvcrt.dll
    C:\Windows\syswow64\ADVAPI32.dll
    C:\Windows\syswow64\RPCRT4.dll
    C:\Windows\syswow64\Secur32.dll
    C:\Windows\syswow64\NSI.dll
    C:\Windows\system32\IPHLPAPI.DLL
    C:\Windows\system32\dhcpcsvc.DLL
    C:\Windows\system32\DNSAPI.dll
    C:\Windows\system32\WINNSI.DLL
    C:\Windows\system32\dhcpcsvc6.DLL
    C:\Windows\syswow64\USER32.dll
    C:\Windows\syswow64\GDI32.dll
    C:\Windows\syswow64\ole32.dll
    C:\Windows\syswow64\OLEAUT32.dll
    C:\Windows\system32\IMM32.DLL
    C:\Windows\syswow64\MSCTF.dll
    C:\Windows\syswow64\LPK.DLL
    C:\Windows\syswow64\USP10.dll
    C:\Windows\system32\rsaenh.dll
    C:\Windows\syswow64\SHELL32.dll
    C:\Windows\syswow64\SHLWAPI.dll
    C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    C:\Windows\system32\USERENV.dll
    C:\Windows\syswow64\mswsock.dll
    \\.\globalroot\systemroot\syswow64\mswsock.dll
    C:\Windows\System32\wshtcpip.dll
    C:\Windows\System32\wship6.dll
    C:\Windows\system32\SXS.DLL
    C:\Windows\syswow64\CLBCatQ.DLL
    C:\Windows\SysWOW64\jscript.dll
    C:\Windows\SysWOW64\VERSION.dll


    And a 4th time....

    VCSW (C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe)

    C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Windows\SysWOW64\ntdll.dll
    C:\Windows\syswow64\kernel32.dll
    C:\Windows\syswow64\ADVAPI32.dll
    C:\Windows\syswow64\RPCRT4.dll
    C:\Windows\syswow64\Secur32.dll
    C:\Windows\syswow64\SHELL32.dll
    C:\Windows\syswow64\msvcrt.dll
    C:\Windows\syswow64\GDI32.dll
    C:\Windows\syswow64\USER32.dll
    C:\Windows\syswow64\SHLWAPI.dll
    C:\Windows\syswow64\ole32.dll
    C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\sonyuppc.dll
    C:\Windows\syswow64\OLEAUT32.dll
    C:\Windows\syswow64\WS2_32.dll
    C:\Windows\syswow64\NSI.dll
    C:\Windows\system32\iphlpapi.dll
    C:\Windows\system32\dhcpcsvc.DLL
    C:\Windows\system32\DNSAPI.dll
    C:\Windows\system32\WINNSI.DLL
    C:\Windows\system32\dhcpcsvc6.DLL
    C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\UPnPCtrl.dll
    C:\Windows\system32\MSVCP60.dll
    C:\Windows\system32\CRYPT32.dll
    C:\Windows\system32\MSASN1.dll
    C:\Windows\system32\USERENV.dll
    C:\Windows\syswow64\imagehlp.dll
    C:\Windows\system32\WINMM.dll
    C:\Windows\system32\OLEACC.dll
    C:\Windows\system32\IMM32.DLL
    C:\Windows\syswow64\MSCTF.dll
    C:\Windows\syswow64\LPK.DLL
    C:\Windows\syswow64\USP10.dll
    C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    C:\Windows\syswow64\CLBCatQ.DLL
    C:\Windows\system32\rsaenh.dll
    C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSWEXEps.dll
    C:\Windows\syswow64\mswsock.dll
    \\.\globalroot\systemroot\syswow64\mswsock.dll
    C:\Windows\System32\wshtcpip.dll
    C:\Windows\system32\SXS.DLL
    C:\Windows\SysWOW64\jscript.dll
    C:\Windows\SysWOW64\VERSION.dll
    C:\Windows\System32\msxml3.dll


    Ugh and again here a 5th time...

    iTunesHelper (C:\Program Files (x86)\iTunes\iTunesHelper.exe)

    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\SysWOW64\ntdll.dll
    C:\Windows\syswow64\kernel32.dll
    C:\Windows\syswow64\USER32.dll
    C:\Windows\syswow64\GDI32.dll
    C:\Windows\syswow64\ADVAPI32.dll
    C:\Windows\syswow64\RPCRT4.dll
    C:\Windows\syswow64\Secur32.dll
    C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
    C:\Windows\syswow64\SHLWAPI.dll
    C:\Windows\syswow64\msvcrt.dll
    C:\Windows\system32\IMM32.DLL
    C:\Windows\syswow64\MSCTF.dll
    C:\Windows\syswow64\LPK.DLL
    C:\Windows\syswow64\USP10.dll
    C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    C:\Program Files (x86)\iTunes\iTunesHelper.dll
    C:\Windows\syswow64\ole32.dll
    C:\Windows\syswow64\OLEAUT32.dll
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
    C:\Windows\syswow64\SHELL32.dll
    C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\MSVCR80.dll
    C:\Windows\syswow64\WS2_32.dll
    C:\Windows\syswow64\NSI.dll
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
    C:\Windows\system32\WSOCK32.dll
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
    C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\MSVCP80.dll
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuin40.dll
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuuc40.dll
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt40.dll
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
    C:\Windows\system32\VERSION.dll
    C:\Windows\syswow64\SETUPAPI.dll
    C:\Windows\syswow64\WININET.dll
    C:\Windows\syswow64\Normaliz.dll
    C:\Windows\syswow64\urlmon.dll
    C:\Windows\syswow64\iertutil.dll
    C:\Windows\system32\uxtheme.dll
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\ASOEHOOK.DLL
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\Microsoft.VC90.CRT\MSVCR90.dll
    C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.1.0.37\Microsoft.VC90.CRT\MSVCP90.dll
    C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
    C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
    C:\Windows\system32\WINTRUST.dll
    C:\Windows\system32\CRYPT32.dll
    C:\Windows\system32\MSASN1.dll
    C:\Windows\system32\USERENV.dll
    C:\Windows\syswow64\imagehlp.dll
    C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts
    C:\Program Files (x86)\QuickTime\QTSystem\QTCF.dll
    C:\Windows\system32\WINMM.dll
    C:\Windows\system32\OLEACC.dll
    C:\Windows\syswow64\comdlg32.dll
    C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll
    C:\Windows\system32\DSOUND.dll
    C:\Windows\system32\POWRPROF.dll
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.DLL
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    C:\Windows\system32\iphlpapi.dll
    C:\Windows\system32\dhcpcsvc.DLL
    C:\Windows\system32\DNSAPI.dll
    C:\Windows\system32\WINNSI.DLL
    C:\Windows\system32\dhcpcsvc6.DLL
    C:\Windows\system32\ddraw.dll
    C:\Windows\system32\DCIMAN32.dll
    C:\Windows\system32\dwmapi.dll
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll
    C:\Windows\syswow64\mswsock.dll
    \\.\globalroot\systemroot\syswow64\mswsock.dll
    C:\Windows\System32\wshtcpip.dll
    C:\Windows\system32\SXS.DLL
    C:\Windows\syswow64\CLBCatQ.DLL
    C:\Windows\SysWOW64\jscript.dll
    C:\Windows\system32\rsaenh.dll
    C:\Windows\system32\Wtsapi32.dll
    C:\Windows\system32\WINSTA.dll
    C:\Windows\SysWOW64\actxprxy.dll

    So despite the fact that my browser seems to be going where it is supposed to... let's assume something is still amiss. I will rewind to your previous request to run the three scans:
    ESET's Online Scanner
    Kaspersky Online Scanner
    BitDefender Online Scan
    Also while in safe mode, run C:\MGtools\GetLogs.bat and attach the new C:\MGlogs.zip file.

    So I am off to do those tasks and will repost the logs.
    thanks!'
    Maureen
     
  38. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes finish this and then post back. Hopefully we will have some luck in safe mode.;)
     
  39. mfarnand

    mfarnand Private E-2

    Chaslang,
    When I ran the BitDefender scan, there was nothing found. I didn't see an option to save the log that say that- maybe because nothing was found. Here is a cut/paste of the log..

    BitDefender Online Scanner - Real Time Virus Report



    Generated at: Wed, Nov 10, 2010 - 09:44:29


    --------------------------------------------------------------------------------





    Scan Info



    Scanned Files
    24180

    Infected Files
    0








    Virus Detected



    No virus found.











    --------------------------------------------------------------------------------



    This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.


    The Kaspersky scan also found nothing.
    The ESET scan did find one file:
    C:\MGtools\Process.exe Win32/PrcView application cleaned by deleting - quarantined

    I have attached the second two log files as well as the MGLogs.zip file
    thanks
    Maureen
     

    Attached Files:

  40. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Now what is interesting in your logs from safe mode is that the globalroot entry does not appear hooked into any processes like it does in normal boot mode. The task now would be to find what driver loads in normal mode that is not loading in safe mode which is the root cause of the infection. This could be quite a tedious task especially since no scanners are automatically locating a problem for us.

    Let me think about what we could try next. :confused

    Note that ESET did not find an infection in MGtools. It was a false detection. process.exe is just a simple process manager ( like a command line Task Manager ).
     
  41. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Let's retry TDSSkiller in safe mode but let's get the new version first.

    Delete your current TDSSkiller.exe from your Desktop and then do the below.


    Download TDSSKiller from Kaspersky to your directly onto your Desktop
    • Now boot into safe mode.
    • Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
    • Allow the application to run if prompted by Windows or any security programs you have installed
    • It will start the scan and run rather quickly and will notify you of whether anything is found or not.
    • Follow the instructions to delete/quarantine if asks you what to do when if finds something.
    • Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )
     
  42. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Oh and one more thing to do from Normal Boot mode is the below. I want to try and make use of Junction.exe which you were able to run awhile back.


    Now we need to reset the permissions altered by the malware on some files.
    • Download and save inhertit.exe to your Desktop: Inherit.exe
    • It must be in your Desktop or the below fix will not work!
    Now run the C:\MGtools\FixPerm.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).
    • A command prompt window opens and also a license agreement from SysInternals will appear for Junction.
    • Accept the license agreement and the scan will begin.
    • Wait until it finishes we can take a while to run since it scans your whole harddisk. e patient and don't do anything else while it is scanning.
    • The command prompt window should close when it finishes.
    • While this is running, you will get several/many popups that have a title Finish and say OK. Just click the OK button each time. This is an indication that it has found a file and has attempted to fix permissions. Depending on how many files that need to be fixed, you could get only a few or many of these popups.
    When the above finishes, attach the C:\MGlogs.zip file which will have been updated.
     
  43. mfarnand

    mfarnand Private E-2

    Chaslang
    What does the location where
    \.\globalroot\systemroot\syswow64\mswsock.dll showed up tell me about how the virus exhibits itself? In the sections where it showed up in the scan, what does that mean? So for example it was in the section for Apple Mobile Devices.... does that mean if I have an IPad or an Iphone or an Ipod,I am somehow more vulnerable- more apt to provide opportunities to the virus, more apt to see the symptoms of the virus? What does the five locations where the virus pops up in the scan, tell me about how the virus behaves?
    Also- how can a problem that shows up in several locations not be caught by any of these zillions of scanning tools I have downloaded? Is this virus that new and fresh that it is able to avoid all the scanning tools aut there?
    thanks!
    Maureen
     
  44. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Every process that runs loads additional files like these DLL files you see listed. DLL means Dynamic Link Library. So think of these files as a library of information that gets used by the main process. It has nothing to do with your Apple device or any other process being more susceptible. It just means that the processes where this is appearing happen to make use of that DLL file which is why it is appearing in the procdll.txt log under those processes.

    It just tells you that those processes are using that DLL as stated above.

    Because the malware is using rootkit type technology to totally mask itself from all scans. Basically once the malware is in place, the files that are being scanned ( by any method ) are just reporting back to the scanner like it is real valid Windows file which is why it is so difficult to find the read source of the problem. The mswsock.dll is appearing in the procdll.txt log in a suspicious form, but it may not really be the real source of the infection. It may just be a symptom.

    Yes this is a fairly new form of a family of infections known to do things like this. They constantly evolve to make it harder to find and fix. They basically keep observing how we find and fix them and then they make modifications to get around the fixes. What you have with the globalroot....mswsock.dll file is just one type of the new infection. There are quite a few new forms using different file names. Sometime they do not use DLLs. They use svchost.exe, userinit.exe, winlogon.exe, explorer.exe...etc which are all valid Windows fles.

    There is currently no known fix for these infections. In most cases, reinstalling is the only solution. Which is another reason why I mentioned that you need to get your important data backed up.
     
  45. mfarnand

    mfarnand Private E-2

    Chaslang,
    So my files are backed up and I cannot find a copy of Windows Vista anywhere. I am not even sure I even got one with my PC to be totally honest. It was loaded with Vista and we bought a copy of Microsoft Office and Norton at the time- but that was it. So that being the case- I am not sure how I would ever be able to reload the O/S....
    Maureen
     
  46. mfarnand

    mfarnand Private E-2

    oh- I forgot to say Thanks so much for the tutorial on this annoying virus! As I follow these steps I am always wondering.... hmmmm now why do you suppose this scanner is being suggested..... I wonder what it will do???
    I am amazed how many different versions are out there.....
    Maureen:)
     
  47. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Based on your logs, it looks like your harddisk may have a factory recovery partition. You could check your documentation or with who you purchased it from. This would restore it to the state you had when it came out of the box. Everything you put on it after this time would be gone which is another reason to backup first.

    You need to complete what I requested in messages # 40 & 41. I will be gone for 10 days starting some time tonight. Others here may be able to continue with you but it is really looking like there is no solution right now other than a reinstall.
     
  48. mfarnand

    mfarnand Private E-2

    Chaslang
    I have attached the new TDSSKiller file below.
    Maureen
     

    Attached Files:

  49. mfarnand

    mfarnand Private E-2

    Chaslang,
    I did find the Original Sony VAIO laptop PC books- there a single sheet explaining how to put in the battery, charge it up, etc. and then a small booklet explaining how the PC works, and then a bunch of ads. That is about it as far as what came with the PC. Sony must be really trying to cut down on their materials list. I did see new O/S Vista DVDs are available online
    Maureen
     
  50. mfarnand

    mfarnand Private E-2

    chaslang,
    I believe I have submitted what you asked for.... Message 40 looked like it acknoweges this may take awhile, but you never asked me for anything new.
    Correct? And message 41 asked to download the new version of TDSSKiller and run a scan, which I did and uploaded the log file.
    Maureen
     

Share This Page

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds