Rkill, MBAM, FixExe and TDSS all fail

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
←
1
2

You cannot start a new topic
This topic is locked

Rkill, MBAM, FixExe and TDSS all fail Unknown infection that seems impossible to remove!

#16 g0dsweed

Member

Group: Members
Posts: 31
Joined: 09-August 11

Posted 20 August 2011 - 11:08 PM

ComboFix 11-08-21.01 - ramon somoano 08/20/2011 4:07.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.181 [GMT -4:00]
Running from: c:\documents and settings\ramon somoano\Desktop\CombFix.exe
Command switches used :: c:\documents and settings\ramon somoano\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\All Users\Application Data\fbhq.exe"
"c:\documents and settings\All Users\Application Data\hnjg.exe"
"c:\documents and settings\All Users\Application Data\ncfo.exe"
"c:\documents and settings\All Users\Application Data\tnyp.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\fbhq.exe
c:\documents and settings\All Users\Application Data\hnjg.exe
c:\documents and settings\All Users\Application Data\ncfo.exe
c:\documents and settings\All Users\Application Data\tnyp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-20 to 2011-08-20 )))))))))))))))))))))))))))))))
.
.
2011-08-19 05:02 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-19 05:00 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-18 05:30 . 2011-07-15 13:29 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-06 23:54 . 2011-08-06 23:54 -------- dc----w- C:\946c50e7d51d913ea1b3b6fbb2
2011-07-29 18:14 . 2011-07-29 18:14 -------- d-----w- c:\documents and settings\ramon somoano\Local Settings\Application Data\WinZip
2011-07-29 18:14 . 2011-07-29 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2011-07-28 05:28 . 2011-07-28 05:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2011-07-26 14:50 . 2011-07-26 14:50 -------- d-----w- c:\documents and settings\lily somoano\.thumbnails
2011-07-26 14:49 . 2011-07-31 01:26 -------- d-----w- c:\documents and settings\lily somoano\.gimp-2.6
2011-07-25 23:10 . 2011-07-25 23:10 218624 ----a-w- c:\windows\system32\termlw32.dll
2011-07-25 23:10 . 2011-07-25 23:10 35840 ----a-w- c:\windows\system32\ter1mw32.dll
2011-07-25 09:21 . 2011-07-25 09:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-07-25 09:10 . 2011-07-25 09:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 00:23 . 2003-08-05 17:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-09 17:44 . 2011-05-29 01:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-08 14:02 . 2002-08-29 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2002-08-29 10:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2002-08-29 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2002-08-29 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-08-29 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-15 14:34 . 2011-05-15 19:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-02 14:02 . 2002-08-29 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 04:17 . 2004-08-26 05:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 02:47 . 2008-11-25 20:41 324976 -c--a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-19_05.28.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-20 07:56 . 2011-08-20 07:56 16384 c:\windows\Temp\Perflib_Perfdata_7f8.dat
+ 2004-09-16 05:53 . 2011-08-19 06:11 73346 c:\windows\SYSTEM32\PERFC009.DAT
- 2004-09-16 05:53 . 2011-06-16 01:26 73346 c:\windows\SYSTEM32\PERFC009.DAT
- 2002-08-29 10:00 . 2011-04-25 16:11 66560 c:\windows\SYSTEM32\mshtmled.dll
+ 2002-08-29 10:00 . 2011-06-23 18:36 66560 c:\windows\SYSTEM32\mshtmled.dll
- 2006-10-27 20:09 . 2011-04-25 16:11 55296 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2006-10-27 20:09 . 2011-06-23 18:36 55296 c:\windows\SYSTEM32\msfeedsbs.dll
- 2002-08-29 10:00 . 2011-04-25 16:11 25600 c:\windows\SYSTEM32\jsproxy.dll
+ 2002-08-29 10:00 . 2011-06-23 18:36 25600 c:\windows\SYSTEM32\jsproxy.dll
- 2009-06-09 22:48 . 2011-04-25 16:11 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll
+ 2009-06-09 22:48 . 2011-06-23 18:36 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll
+ 2006-05-10 05:23 . 2011-06-23 18:36 66560 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2006-05-10 05:23 . 2011-04-25 16:11 66560 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2007-05-08 20:22 . 2011-04-25 16:11 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2007-05-08 20:22 . 2011-06-23 18:36 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2006-10-17 18:05 . 2011-04-25 16:11 43520 c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll
+ 2006-10-17 18:05 . 2011-06-23 18:36 43520 c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll
- 2006-05-10 05:22 . 2011-04-25 16:11 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2006-05-10 05:22 . 2011-06-23 18:36 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\SYSTEM32\DLLCACHE\csrsrv.dll
+ 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\SYSTEM32\DLLCACHE\csrsrv.dll
+ 2002-08-29 10:00 . 2011-04-26 11:07 33280 c:\windows\SYSTEM32\csrsrv.dll
- 2002-08-29 10:00 . 2010-12-09 14:30 33280 c:\windows\SYSTEM32\csrsrv.dll
+ 2011-08-19 06:02 . 2011-04-25 16:11 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-08-19 06:02 . 2011-04-25 16:11 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-08-19 06:02 . 2011-04-25 16:11 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-08-19 06:02 . 2011-04-25 16:11 43520 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-08-19 06:02 . 2011-04-25 16:11 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-08-19 06:16 . 2011-08-19 06:16 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\e01941c4292a588e4f1eb5585822087c\WindowsLiveWriter.ni.exe
+ 2011-08-19 06:17 . 2011-08-19 06:17 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6730cd9fbbafc6c69651abefafb0667a\WindowsLive.Writer.Api.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\343c52b741531ce9ae874ea7508831a7\System.Windows.Presentation.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll
+ 2011-08-19 06:18 . 2011-08-19 06:18 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ace861fe8dbf146c3e449abaa7691e9f\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-19 06:13 . 2011-08-19 06:13 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\40ee65aacd9d7472cd6f8dddbfca604b\PresentationFontCache.ni.exe
+ 2011-08-19 06:12 . 2011-08-19 06:12 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\12c424eed7ee0e9c017bf72ff09eb78c\PresentationCFFRasterizer.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2002-08-29 10:00 . 2009-03-08 08:34 105984 c:\windows\SYSTEM32\url.dll
+ 2002-08-29 10:00 . 2011-06-23 18:36 105984 c:\windows\SYSTEM32\url.dll
+ 2004-03-30 01:48 . 2011-04-29 17:25 151552 c:\windows\SYSTEM32\schannel.dll
- 2004-09-16 05:53 . 2011-06-16 01:26 446124 c:\windows\SYSTEM32\PERFH009.DAT
+ 2004-09-16 05:53 . 2011-08-19 06:11 446124 c:\windows\SYSTEM32\PERFH009.DAT
- 2002-08-29 10:00 . 2011-04-25 16:11 206848 c:\windows\SYSTEM32\occache.dll
+ 2002-08-29 10:00 . 2011-06-23 18:36 206848 c:\windows\SYSTEM32\occache.dll
+ 2002-08-29 10:00 . 2011-06-23 18:36 611840 c:\windows\SYSTEM32\mstime.dll
- 2002-08-29 10:00 . 2011-04-25 16:11 611840 c:\windows\SYSTEM32\mstime.dll
- 2006-10-27 20:09 . 2011-04-25 16:11 602112 c:\windows\SYSTEM32\msfeeds.dll
+ 2006-10-27 20:09 . 2011-06-23 18:36 602112 c:\windows\SYSTEM32\msfeeds.dll
+ 2002-08-29 10:00 . 2011-06-23 18:36 184320 c:\windows\SYSTEM32\iepeers.dll
- 2002-08-29 10:00 . 2011-04-25 16:11 184320 c:\windows\SYSTEM32\iepeers.dll
+ 2002-08-29 10:00 . 2011-06-23 18:36 387584 c:\windows\SYSTEM32\iedkcs32.dll
- 2002-08-29 10:00 . 2011-04-25 16:11 387584 c:\windows\SYSTEM32\iedkcs32.dll
- 2002-08-29 10:00 . 2011-04-25 12:01 173568 c:\windows\SYSTEM32\ie4uinit.exe
+ 2002-08-29 10:00 . 2011-06-23 12:05 173568 c:\windows\SYSTEM32\ie4uinit.exe
- 2002-09-03 14:05 . 2011-05-24 14:06 243128 c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2002-09-03 14:05 . 2011-08-19 06:28 243128 c:\windows\SYSTEM32\FNTCACHE.DAT
- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\SYSTEM32\DLLCACHE\winsrv.dll
+ 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\SYSTEM32\DLLCACHE\winsrv.dll
+ 2006-05-10 05:23 . 2011-06-23 18:36 916480 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2006-05-10 05:23 . 2011-04-25 16:11 916480 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2006-10-17 18:05 . 2011-06-23 18:36 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2006-10-17 18:05 . 2009-03-08 08:34 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\SYSTEM32\DLLCACHE\schannel.dll
- 2006-10-17 18:04 . 2011-04-25 16:11 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2006-10-17 18:04 . 2011-06-23 18:36 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2006-05-10 05:23 . 2011-06-23 18:36 611840 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2006-05-10 05:23 . 2011-04-25 16:11 611840 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2007-05-08 20:22 . 2011-04-25 16:11 602112 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2007-05-08 20:22 . 2011-06-23 18:36 602112 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-11-12 20:28 . 2011-07-15 13:29 457856 c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
+ 2009-06-09 22:48 . 2011-06-23 18:36 247808 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll
- 2009-06-09 22:48 . 2011-04-25 16:11 247808 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll
- 2006-05-10 05:22 . 2011-04-25 16:11 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2006-05-10 05:22 . 2011-06-23 18:36 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
- 2010-06-12 17:44 . 2011-04-25 16:11 743424 c:\windows\SYSTEM32\DLLCACHE\iedvtool.dll
+ 2010-06-12 17:44 . 2011-06-23 18:36 743424 c:\windows\SYSTEM32\DLLCACHE\iedvtool.dll
+ 2006-10-27 07:44 . 2011-06-23 18:36 387584 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2006-10-27 07:44 . 2011-04-25 16:11 387584 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2006-10-27 07:44 . 2011-04-25 12:01 173568 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2006-10-27 07:44 . 2011-06-23 12:05 173568 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2011-08-19 06:02 . 2011-04-25 16:11 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-08-19 06:02 . 2009-03-08 08:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-08-19 06:02 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-08-19 06:02 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-08-19 06:02 . 2011-04-25 16:11 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-08-19 06:02 . 2011-04-25 16:11 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-08-19 06:02 . 2011-04-25 16:11 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-08-19 06:02 . 2011-04-25 16:11 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-08-19 06:02 . 2011-04-25 16:11 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-08-19 06:02 . 2011-04-25 16:11 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-08-19 06:02 . 2011-04-25 16:11 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-08-19 06:02 . 2011-04-25 12:01 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
+ 2008-11-12 20:28 . 2011-07-15 13:29 457856 c:\windows\Driver Cache\I386\mrxsmb.sys
+ 2011-08-19 06:17 . 2011-08-19 06:17 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe
+ 2011-08-19 06:17 . 2011-08-19 06:17 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\3c563025202d24342179c8a1a0a755ad\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fe621804d2c95c0e4fc8dff970b4f3f3\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fc64a3a9c3629479f0b1239f00825bbc\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\efe876b4b72a7027fdec114bf09e7a88\WindowsLive.Writer.Passport.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ed53ada3701a243ad82946a6565391e9\WindowsLive.Writer.Instrumentation.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\93c0a88195c257f98b0fb4371bfccc03\WindowsLive.Writer.SpellChecker.ni.dll
+ 2011-08-19 06:16 . 2011-08-19 06:16 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8211d331938ec70d8f6c630b2eb74658\WindowsLive.Writer.Controls.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7a787d90ccf09155f4436bb4d53c941b\WindowsLive.Writer.Localization.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5f4061dfd69553f192267517ab2dc226\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\486d51f1da2fb066734ce15fdf8c9733\WindowsLive.Writer.BrowserControl.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\470af3d7e20d0819ac6dab6f001264c1\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3e2eb2d5abfe8d71ae30931a68ce6fe4\WindowsLive.Writer.FileDestinations.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\21b955e068018c3e384bd504b600a78a\WindowsLive.Writer.Extensibility.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0d88a9ab4974e271b5ad2fc0a699d8c4\WindowsLive.Writer.Interop.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\50952e96ff796d55954df71508ec0899\WindowsLive.Client.ni.dll
+ 2011-08-19 06:14 . 2011-08-19 06:14 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\39ce0c9c9cc294c0ee26c4ff01522961\WindowsFormsIntegration.ni.dll
+ 2011-08-19 06:14 . 2011-08-19 06:14 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\431e918aee8da919f5b9e3a5195ccf93\UIAutomationClient.ni.dll
+ 2011-08-19 06:20 . 2011-08-19 06:20 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\946eefb99bc116ee68e0e7c69a5a8a5c\System.Xml.Linq.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\a82eef3128b9527dc05b3c8667e713bc\System.Web.Routing.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54\System.Web.Extensions.Design.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2314ff800782dc85224e69e802a073f7\System.Web.Entity.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f690a8f5d784a5bb20f2cbaa7277eb6c\System.Web.Entity.Design.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5c96400424b85536443623f96f64581\System.Web.DynamicData.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5f8e87b47465a038403e73012c6d102a\System.Web.Abstractions.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\480ea914e13fe41cdd8fb542bb1f7e81\System.Net.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\dc72c7581f1b3794c0ea595ba02ff7ad\System.Management.Instrumentation.ni.dll
+ 2011-08-19 06:16 . 2011-08-19 06:16 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll
+ 2011-08-19 06:16 . 2011-08-19 06:16 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
+ 2011-08-19 06:14 . 2011-08-19 06:14 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\f7cd3d07c15366b76fe4c38d24455d6b\System.Drawing.Design.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\822c996e6ad4901219b7de399a6f78bf\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e1c009b2c9becdb732a2ea45f32a46b8\System.Data.Services.Design.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1defd94e1662a4478ccf2cd0b1b4e6a6\System.Data.Services.Client.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04267c1dbdcdd8ec37e1518126767ead\System.Data.Entity.Design.ni.dll
+ 2011-08-19 06:18 . 2011-08-19 06:18 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\f2a6d41b3f6e26eea6dcac9298aa637b\System.Data.DataSetExtensions.ni.dll
+ 2011-08-19 06:16 . 2011-08-19 06:16 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
+ 2011-08-19 06:18 . 2011-08-19 06:18 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fbf6ef12d1456058acde29f2640092fb\System.AddIn.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe
+ 2011-08-19 06:17 . 2011-08-19 06:17 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe
+ 2011-08-19 06:13 . 2011-08-19 06:13 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f52e48f55258d0a04fbab3a1f93752e9\PresentationFramework.Classic.ni.dll
+ 2011-08-19 06:13 . 2011-08-19 06:13 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cf812b99f587ab514afb36fa9d4c1567\PresentationFramework.Aero.ni.dll
+ 2011-08-19 06:13 . 2011-08-19 06:13 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll
+ 2011-08-19 06:13 . 2011-08-19 06:13 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09f5af61ea2af04eb32c04b3091ffc86\PresentationFramework.Royale.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe
+ 2011-08-19 06:17 . 2011-08-19 06:17 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-19 06:18 . 2011-08-19 06:18 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll
+ 2011-08-19 06:18 . 2011-08-19 06:18 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9250f038410f0d6432e3ccb0b046862b\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\37db660a84ee52b61a7ca55812581bbd\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe
+ 2011-08-19 06:16 . 2011-08-19 06:16 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-06-16 01:25 . 2011-06-16 01:25 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2004-01-21 21:20 . 2011-06-23 18:36 1212416 c:\windows\SYSTEM32\urlmon.dll
+ 2004-01-21 21:19 . 2011-07-25 15:17 5969920 c:\windows\SYSTEM32\mshtml.dll
+ 2006-10-17 17:57 . 2011-06-23 18:36 1991680 c:\windows\SYSTEM32\iertutil.dll
- 2006-10-17 17:57 . 2011-04-25 16:11 1991680 c:\windows\SYSTEM32\iertutil.dll
+ 2008-10-16 00:34 . 2011-06-02 14:02 1858944 c:\windows\SYSTEM32\DLLCACHE\win32k.sys
+ 2006-05-10 05:23 . 2011-06-23 18:36 1212416 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2006-05-19 15:08 . 2011-07-25 15:17 5969920 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2007-05-08 20:22 . 2011-06-23 18:36 1991680 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2007-05-08 20:22 . 2011-04-25 16:11 1991680 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2011-04-29 01:50 . 2011-04-29 01:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-05-02 04:06 . 2011-05-02 04:06 2705920 c:\windows\Installer\25632f.msp
+ 2011-08-19 06:02 . 2011-04-25 16:11 1211904 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-08-19 06:02 . 2011-05-30 22:19 5964800 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-08-19 06:02 . 2011-04-25 16:11 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fd91703869c4577ee385f6950b744cbe\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2011-08-19 06:16 . 2011-08-19 06:16 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dae5a7d92344cb126cd6f3fdfd661c07\WindowsLive.Writer.PostEditor.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9855902aee545bdeae2cbbd1bd6151c9\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-08-19 06:12 . 2011-08-19 06:12 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
+ 2011-08-19 06:14 . 2011-08-19 06:14 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\162600dde59fbaa0c048a949158ecba3\UIAutomationClientsideProviders.ni.dll
+ 2011-08-19 06:12 . 2011-08-19 06:12 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
+ 2011-08-19 06:14 . 2011-08-19 06:14 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
+ 2011-08-19 06:20 . 2011-08-19 06:20 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\22229a30650a9afbac984e1093898b13\System.WorkflowServices.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\4d6b3cc1fc7a4788612241af7966715a\System.Workflow.Runtime.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e4c9853af945c9cfede19f3faf18af6e\System.Workflow.ComponentModel.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ab4b50c7c789e46a485903365765fde8\System.Workflow.Activities.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3da92a0b9b8ac97e11ca8bf4df671a78\System.Web.Mobile.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1\System.Web.Extensions.ni.dll
+ 2011-08-19 06:14 . 2011-08-19 06:14 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e1208f0d981c420fc59f806bfbaa713b\System.Speech.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll
+ 2011-08-19 06:16 . 2011-08-19 06:16 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
+ 2011-08-19 06:14 . 2011-08-19 06:14 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\90b444d02047ef27921153d46967ef0e\System.Printing.ni.dll
+ 2011-08-19 06:16 . 2011-08-19 06:16 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
+ 2011-08-19 06:14 . 2011-08-19 06:14 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll
+ 2011-08-19 06:13 . 2011-08-19 06:13 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c1b9b8ce390548dcca661a5e6a908408\System.Data.Services.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\c729750d54f6e7427230622bcccd4709\System.Data.OracleClient.ni.dll
+ 2011-08-19 06:13 . 2011-08-19 06:13 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\571af34939797a7c1cd05b0b925a45bf\System.Data.Linq.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\2b58cc071d6bf0c741e91f86c09de5d7\System.Data.Entity.ni.dll
+ 2011-08-19 06:13 . 2011-08-19 06:13 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e54e013315849f5e34d8f2a8e7fdb450\System.Core.ni.dll
+ 2011-08-19 06:13 . 2011-08-19 06:13 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\24ab0cacc77e8696ceff3157942a2de4\ReachFramework.ni.dll
+ 2011-08-19 06:13 . 2011-08-19 06:13 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fac1ca86f4fea17de40d7fdaba38563e\PresentationUI.ni.dll
+ 2011-08-19 06:12 . 2011-08-19 06:12 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b187becbc388c4ce7f33ede4da76e7b1\PresentationBuildTasks.ni.dll
+ 2011-08-19 06:18 . 2011-08-19 06:18 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-19 06:19 . 2011-08-19 06:19 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\345abd035c9378667b1cac54c1f21c97\Microsoft.JScript.ni.dll
+ 2011-08-19 06:18 . 2011-08-19 06:18 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\906cd5555b79e4e0486dc8ef2a748b13\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-19 06:18 . 2011-08-19 06:18 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-06-16 01:25 . 2011-06-16 01:25 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-08-19 06:10 . 2011-08-19 06:10 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-06-16 01:26 . 2011-08-19 06:10 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-16 01:26 . 2011-06-16 01:26 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2005-05-11 21:13 . 2011-07-30 14:05 52390856 c:\windows\SYSTEM32\MRT.exe
- 2006-10-27 20:09 . 2011-04-26 14:11 11081728 c:\windows\SYSTEM32\ieframe.dll
+ 2006-10-27 20:09 . 2011-06-23 18:36 11081728 c:\windows\SYSTEM32\ieframe.dll
- 2007-05-08 20:22 . 2011-04-26 14:11 11081728 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2007-05-08 20:22 . 2011-06-23 18:36 11081728 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2011-08-19 06:02 . 2011-04-26 14:11 11081728 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
+ 2011-08-19 06:14 . 2011-08-19 06:14 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
+ 2011-08-19 06:17 . 2011-08-19 06:17 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
+ 2011-08-19 06:16 . 2011-08-19 06:16 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
+ 2011-08-19 06:14 . 2011-08-19 06:14 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\63ad0cd9b5e038c8e2e41415657db8fc\System.Design.ni.dll
+ 2011-08-19 06:13 . 2011-08-19 06:13 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\704556e34128441ea9f1a81cc89f8a79\PresentationFramework.ni.dll
+ 2011-08-19 06:12 . 2011-08-19 06:12 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{180E37B8-072D-48E4-800D-F353EE800672}]
2011-07-04 04:36 1550336 ----a-w- c:\program files\myYearbook Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4728c29f-7ff4-4fa1-9d34-199451b03bd3}]
2009-11-07 05:07 297808 ----a-w- c:\windows\SYSTEM32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B05CABA4-89F3-410B-8471-6BC0EDC8C91F}"= "c:\program files\myYearbook Toolbar\Toolbar.dll" [2011-07-04 1550336]
.
[HKEY_CLASSES_ROOT\clsid\{b05caba4-89f3-410b-8471-6bc0edc8c91f}]
[HKEY_CLASSES_ROOT\FCTB000059563.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{6049A1AE-71DE-4EF3-99D5-693BF60B4E1D}]
[HKEY_CLASSES_ROOT\FCTB000059563.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B05CABA4-89F3-410B-8471-6BC0EDC8C91F}"= "c:\program files\myYearbook Toolbar\Toolbar.dll" [2011-07-04 1550336]
.
[HKEY_CLASSES_ROOT\clsid\{b05caba4-89f3-410b-8471-6bc0edc8c91f}]
[HKEY_CLASSES_ROOT\FCTB000059563.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{6049A1AE-71DE-4EF3-99D5-693BF60B4E1D}]
[HKEY_CLASSES_ROOT\FCTB000059563.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-10 4600704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2005-10-18 1921024]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-15 273544]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-4-3 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ter1mw32]
2011-07-25 23:10 35840 ----a-w- c:\windows\SYSTEM32\ter1mw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsvces]
2011-07-25 23:10 35840 ----a-w- c:\windows\SYSTEM32\ter1mw32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]
/L:ENG [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2008-03-27 15:13 320168 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-05-10 20:03 1205760 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon]
2008-03-27 15:13 16040 ----a-w- c:\program files\Lexmark 2600 Series\lxdnamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
2008-03-27 15:13 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 17:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\migwiz.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\YVD\\YVD Relay Server.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdncoms.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnwbgw.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [8/26/2004 6:01 AM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/8/2011 4:41 PM 121216]
R2 LBeepKE;LBeepKE;c:\windows\SYSTEM32\DRIVERS\LBeepKE.sys [4/3/2011 4:14 AM 10384]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdnserv.exe [7/25/2009 10:03 PM 94208]
R2 TermServices;Remote Desktop Service;c:\windows\System32\svchost.exe -k termsvc [8/29/2002 6:00 AM 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 11:09 PM 24652]
S0 72241172;72241172;c:\windows\system32\drivers\75181833.sys --> c:\windows\system32\drivers\75181833.sys [?]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2011 4:15 PM 130560]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 9:19 AM 1181328]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2011 4:15 PM 130560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
termsvc REG_MULTI_SZ TermServices
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 20:15]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 20:15]
.
2011-08-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-203738149-2672565153-116142669-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-203738149-2672565153-116142669-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-203738149-2672565153-116142669-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-203738149-2672565153-116142669-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-20 c:\windows\Tasks\User_Feed_Synchronization-{D4646577-4383-443A-946C-DA47006B9942}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
FF - ProfilePath - c:\documents and settings\ramon somoano\Application Data\Mozilla\Firefox\Profiles\ddbon1ht.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-20 04:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\3308045974:1765397306.exe 816 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-203738149-2672565153-116142669-1007\Software\SecuROM\License information*]
"datasecu"=hex:9b,5d,56,b4,c5,79,94,90,a6,49,fb,e3,a6,fe,aa,d7,0b,fb,9a,5f,ab,
14,f2,3f,c3,ef,c2,b0,12,04,72,aa,a7,99,ce,19,d3,5e,7d,2f,e3,0d,4a,dc,e8,08,\
"rkeysecu"=hex:f6,5d,a5,c3,32,7e,03,a7,d6,e6,0b,14,42,ca,29,96
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{B91B4988-2671-4C7A-9B84-5FE9E38EDDE0}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.42.0"
"UniqueId"="0009351D4DE3F4FF"
"ScannerBuild"=dword:0000244b
"ScannerVersionId"=dword:000017fb
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000007
"ei2"=hex(

:10,17,d5,a3,70,73,a3,1c
"ei1"=hex(

:00,11,11,62,df,f6,00,00
"ei3"=hex(

:7d,45,1e,4e,00,00,00,00
"ei4"=dword:00000002
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\ter1mw32.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2011-08-20 04:25:26
ComboFix-quarantined-files.txt 2011-08-20 08:25
ComboFix2.txt 2011-08-19 05:33
ComboFix3.txt 2011-08-18 06:08
.
Pre-Run: 10,513,170,432 bytes free
Post-Run: 10,515,517,440 bytes free
.
- - End Of File - - 1FA624EC5EEED69601AEC7169340A6C9

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7524

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/20/2011 4:44:22 AM
mbam-log-2011-08-20 (04-44-22).txt

Scan type: Quick scan
Objects scanned: 240430
Time elapsed: 12 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{10026069-7A5F-4531-811E-C8DF20643BEE} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AE8A9CE-80DE-4951-AD58-BE6FC7A0E231} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\ramon somoano\Local Settings\Application Data\pac.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\daniel somoano\start menu\search online.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\documents and settings\daniel somoano\start menu\SMS TRAP.url (Rogue.Link) -> Quarantined and deleted successfully.

#17 g0dsweed

Member

Group: Members
Posts: 31
Joined: 09-August 11

Posted 21 August 2011 - 12:56 AM

Results of Full MBAM scan also.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7524

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/20/2011 6:32:44 AM
mbam-log-2011-08-20 (06-32-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 399494
Time elapsed: 1 hour(s), 22 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\getdislike\uninstall.exe (Trojan.FakeAlert) -> No action taken.
c:\program files\getdislike\getdislike\uninstall.exe (Trojan.FakeAlert) -> No action taken.

This post has been edited by g0dsweed: 21 August 2011 - 12:58 AM

#18 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 21 August 2011 - 05:08 PM

These trojans dig deep. Please run a scan with ESET next

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Under scan settings, check and check Remove found threats
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

If no log is generated that means nothing was found. Please let me know if this happens.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#19 g0dsweed

Member

Group: Members
Posts: 31
Joined: 09-August 11

Posted 21 August 2011 - 11:04 PM

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\ESET4 Box4EVER_v4.30A.exe Win32/HackAV.DN application cleaned by deleting - quarantined
C:\Documents and Settings\daniel somoano\Desktop\VDownloaderSetup.exe Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\daniel somoano\Local Settings\Temp\OpenCandy\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\daniel somoano\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe Win32/PowerReg application cleaned by deleting - quarantined
C:\Documents and Settings\lily somoano\Local Settings\Temp\WZSE0.TMP\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\lily somoano\My Documents\Downloads\winzip155.exe Win32/OpenCandy application deleted - quarantined
C:\Program Files\Bonjour\mDNSResponder.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Common Files\AOL\ACS\acsd.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Dell Support Center\bin\sprtsvc.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Java\jre6\bin\jqs.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Lavasoft\Ad-Aware\threatwork.exe Win32/Patched.HN trojan cleaned - quarantined
C:\Program Files\SUPERAntiSpyware\SASCore.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Viewpoint\Common\ViewpointService.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe Win32/Patched.HN trojan error while cleaning
C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mrxsmb.sys.vir a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP0\A0000252.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP0\A0000253.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP0\A0000335.exe Win32/OpenCandy application deleted - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001166.exe Win32/OpenCandy application deleted - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001167.exe Win32/PowerReg application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001168.exe Win32/Patched.HN trojan cleaned - quarantined
C:\WINDOWS\3308045974:1765397306.exe a variant of Win32/Sirefef.CR trojan cleaned by deleting - quarantined
C:\WINDOWS\wanmpsvc.exe Win32/Patched.HN trojan error while cleaning
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE Win32/Patched.HN trojan error while cleaning
C:\WINDOWS\SYSTEM32\c_41001.nl_ Win32/Sirefef.CR trojan cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\lxdncoms.exe Win32/Patched.HN trojan error while cleaning
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe Win32/Patched.HN trojan error while cleaning
C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys a variant of Win32/Sirefef.CO trojan unable to clean
Operating memory Win32/Patched.HN trojan

#20 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 22 August 2011 - 07:18 AM

ESET is struggling with some of these files. Please run Combofix with this script

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

Quote

File::
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SUPERAntiSpyware\SASCore.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\WINDOWS\SYSTEM32\lxdncoms.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys

Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#21 g0dsweed

Member

Group: Members
Posts: 31
Joined: 09-August 11

Posted 22 August 2011 - 12:41 PM

ComboFix 11-08-22.03 - ramon somoano 08/21/2011 17:52:54.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.265 [GMT -4:00]
Running from: c:\documents and settings\ramon somoano\Desktop\CombFix.exe
Command switches used :: c:\documents and settings\ramon somoano\Desktop\CFScript.txt
.
FILE ::
"c:\program files\Bonjour\mDNSResponder.exe"
"c:\program files\Common Files\AOL\ACS\acsd.exe"
"c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"c:\program files\Dell Support Center\bin\sprtsvc.exe"
"c:\program files\Java\jre6\bin\jqs.exe"
"c:\program files\SUPERAntiSpyware\SASCore.exe"
"c:\program files\Viewpoint\Common\ViewpointService.exe"
"c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
"c:\windows\SYSTEM32\CTSVCCDA.EXE"
"c:\windows\SYSTEM32\DRIVERS\serial.sys"
"c:\windows\SYSTEM32\lxdncoms.exe"
"c:\windows\SYSTEM32\MsPMSPSv.exe"
"c:\windows\wanmpsvc.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\SUPERAntiSpyware\SASCore.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\windows\SYSTEM32\lxdncoms.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\wanmpsvc.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_!SASCORE
-------\Legacy_Apple_Mobile_Device
-------\Legacy_JavaQuickStarterService
-------\Legacy_lxdn_device
-------\Legacy_sprtsvc_dellsupportcenter
-------\Legacy_Viewpoint_Manager_Service
-------\Legacy_WANMiniportService
-------\Legacy_WMDM_PMSP_Service
-------\Legacy_YahooAUService
-------\Service_!SASCORE
-------\Service_Apple Mobile Device
-------\Service_JavaQuickStarterService
-------\Service_lxdn_device
-------\Service_sprtsvc_dellsupportcenter
-------\Service_Viewpoint Manager Service
-------\Service_WANMiniportService
-------\Service_WMDM PMSP Service
-------\Service_YahooAUService
.
.
((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 06:02 . 2011-08-21 06:02 -------- d-----w- c:\program files\ESET
2011-08-20 08:30 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-20 08:30 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-19 05:02 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-19 05:00 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-18 05:30 . 2011-07-15 13:29 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-06 23:54 . 2011-08-06 23:54 -------- dc----w- C:\946c50e7d51d913ea1b3b6fbb2
2011-07-29 18:14 . 2011-07-29 18:14 -------- d-----w- c:\documents and settings\ramon somoano\Local Settings\Application Data\WinZip
2011-07-29 18:14 . 2011-07-29 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2011-07-28 05:28 . 2011-07-28 05:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2011-07-26 14:50 . 2011-07-26 14:50 -------- d-----w- c:\documents and settings\lily somoano\.thumbnails
2011-07-26 14:49 . 2011-07-31 01:26 -------- d-----w- c:\documents and settings\lily somoano\.gimp-2.6
2011-07-25 23:10 . 2011-07-25 23:10 218624 ----a-w- c:\windows\system32\termlw32.dll
2011-07-25 23:10 . 2011-07-25 23:10 35840 ----a-w- c:\windows\system32\ter1mw32.dll
2011-07-25 09:21 . 2011-07-25 09:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-07-25 09:10 . 2011-07-25 09:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 00:23 . 2003-08-05 17:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-09 17:44 . 2011-05-29 01:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-08 14:02 . 2002-08-29 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2002-08-29 10:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2002-08-29 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2002-08-29 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-08-29 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-15 14:34 . 2011-05-15 19:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-02 14:02 . 2002-08-29 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 04:17 . 2004-08-26 05:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 02:47 . 2008-11-25 20:41 324976 -c--a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-20_08.22.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-09-03 07:08 . 2011-08-21 21:34 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2002-09-03 07:08 . 2011-02-24 02:23 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2011-08-21 21:34 . 2011-08-21 21:34 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{180E37B8-072D-48E4-800D-F353EE800672}]
2011-07-04 04:36 1550336 ----a-w- c:\program files\myYearbook Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4728c29f-7ff4-4fa1-9d34-199451b03bd3}]
2009-11-07 05:07 297808 ----a-w- c:\windows\SYSTEM32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B05CABA4-89F3-410B-8471-6BC0EDC8C91F}"= "c:\program files\myYearbook Toolbar\Toolbar.dll" [2011-07-04 1550336]
.
[HKEY_CLASSES_ROOT\clsid\{b05caba4-89f3-410b-8471-6bc0edc8c91f}]
[HKEY_CLASSES_ROOT\FCTB000059563.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{6049A1AE-71DE-4EF3-99D5-693BF60B4E1D}]
[HKEY_CLASSES_ROOT\FCTB000059563.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B05CABA4-89F3-410B-8471-6BC0EDC8C91F}"= "c:\program files\myYearbook Toolbar\Toolbar.dll" [2011-07-04 1550336]
.
[HKEY_CLASSES_ROOT\clsid\{b05caba4-89f3-410b-8471-6bc0edc8c91f}]
[HKEY_CLASSES_ROOT\FCTB000059563.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{6049A1AE-71DE-4EF3-99D5-693BF60B4E1D}]
[HKEY_CLASSES_ROOT\FCTB000059563.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-10 4600704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2005-10-18 1921024]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-15 273544]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-4-3 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ter1mw32]
2011-07-25 23:10 35840 ----a-w- c:\windows\SYSTEM32\ter1mw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsvces]
2011-07-25 23:10 35840 ----a-w- c:\windows\SYSTEM32\ter1mw32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]
/L:ENG [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2008-03-27 15:13 320168 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-05-10 20:03 1205760 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon]
2008-03-27 15:13 16040 ----a-w- c:\program files\Lexmark 2600 Series\lxdnamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
2008-03-27 15:13 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 17:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\migwiz.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\YVD\\YVD Relay Server.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnwbgw.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [8/26/2004 6:01 AM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 LBeepKE;LBeepKE;c:\windows\SYSTEM32\DRIVERS\LBeepKE.sys [4/3/2011 4:14 AM 10384]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdnserv.exe [7/25/2009 10:03 PM 94208]
R2 TermServices;Remote Desktop Service;c:\windows\System32\svchost.exe -k termsvc [8/29/2002 6:00 AM 14336]
S0 72241172;72241172;c:\windows\system32\drivers\75181833.sys --> c:\windows\system32\drivers\75181833.sys [?]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2011 4:15 PM 130560]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 9:19 AM 1181328]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2011 4:15 PM 130560]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [8/20/2011 4:30 AM 41272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
termsvc REG_MULTI_SZ TermServices
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 20:15]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 20:15]
.
2011-08-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-203738149-2672565153-116142669-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-203738149-2672565153-116142669-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-203738149-2672565153-116142669-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-203738149-2672565153-116142669-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-21 c:\windows\Tasks\User_Feed_Synchronization-{D4646577-4383-443A-946C-DA47006B9942}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
FF - ProfilePath - c:\documents and settings\ramon somoano\Application Data\Mozilla\Firefox\Profiles\ddbon1ht.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-21 18:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-203738149-2672565153-116142669-1007\Software\SecuROM\License information*]
"datasecu"=hex:9b,5d,56,b4,c5,79,94,90,a6,49,fb,e3,a6,fe,aa,d7,0b,fb,9a,5f,ab,
14,f2,3f,c3,ef,c2,b0,12,04,72,aa,a7,99,ce,19,d3,5e,7d,2f,e3,0d,4a,dc,e8,08,\
"rkeysecu"=hex:f6,5d,a5,c3,32,7e,03,a7,d6,e6,0b,14,42,ca,29,96
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{B91B4988-2671-4C7A-9B84-5FE9E38EDDE0}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.42.0"
"UniqueId"="0009351D4DE3F4FF"
"ScannerBuild"=dword:0000244b
"ScannerVersionId"=dword:000017fb
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000007
"ei2"=hex(

:10,17,d5,a3,70,73,a3,1c
"ei1"=hex(

:00,11,11,62,df,f6,00,00
"ei3"=hex(

:7d,45,1e,4e,00,00,00,00
"ei4"=dword:00000002
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\ter1mw32.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(2124)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\msiexec.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-08-21 18:16:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-21 22:16
ComboFix2.txt 2011-08-20 08:25
ComboFix3.txt 2011-08-19 05:33
ComboFix4.txt 2011-08-18 06:08
.
Pre-Run: 10,425,556,992 bytes free
Post-Run: 10,431,451,136 bytes free
.
- - End Of File - - 03899BF0D04B34E5452DF5C381CA42E5

#22 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 22 August 2011 - 12:44 PM

Please rerun ESET. This time it should be a clean bill of health.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#23 g0dsweed

Member

Group: Members
Posts: 31
Joined: 09-August 11

Posted 22 August 2011 - 07:55 PM

C:\Qoobox\Quarantine\[4]-Submit_2011-08-21_17.52.36.zip multiple threats deleted - quarantined

Wow, I hope this does it.

What can I do about the abandoned and "Access is denied" icons left over?

This post has been edited by g0dsweed: 22 August 2011 - 07:57 PM

#24 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 23 August 2011 - 05:48 PM

Yes, that does it.

Quote

What can I do about the abandoned and "Access is denied" icons left over?

I need to know a bit more about those. Can you tell me more about them? How many? What they are called? What file extension are they? Can they be deleted?

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#25 g0dsweed

Member

Group: Members
Posts: 31
Joined: 09-August 11

Posted 23 August 2011 - 07:51 PM

After running several rkills they all crashed and died, leaving an icon that when I tried to delete responded with "Access is denied. Etc" error message. Each icon also changed from their original custom icon to a generic un-associated file icons.

Using Admin account in Safe mode, I deleted most of them with CMD. Last one, titled ComFix (1).exe would not delete or let me change Attributes (A,R).

Finally resorted to this http://download.cnet.com/Unlocker/3000-2248_4-10493998.html

Thanks m0le.

#26 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 23 August 2011 - 08:09 PM

Sounds like remnants (comfix(1).exe was a copy of Combofix) which Unlocker can deal with as you found out.

Then we have reached the best part...

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

If you used DeFogger now is the time to enable your CD emulation software again.

Uninstall ComboFix

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
(For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
Please follow the prompts to uninstall Combofix.
You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything associated with it.

We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

Download OTC by OldTimer and save it to your desktop.
Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big button.
You will get a prompt saying "Being Cleanup Process". Please select Yes.
Restart your computer when prompted.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean

Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir - though if you choose Avira you should make sure that you uncheck the box offering to install the Ask toolbar. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Finally, here's a treasure trove of antivirus, antimalware and antispyware resources

That's it g0dsweed, happy surfing!

Cheers.

m0le

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#27 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 28 August 2011 - 07:50 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)