Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox / IE Search redirects to ad or bogus sites


  • This topic is locked This topic is locked
17 replies to this topic

#1 akayshabloom

akayshabloom

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, Oklahoma
  • Local time:04:37 PM

Posted 08 June 2010 - 10:34 PM

Dell Computer Dimension 4600 - OS Microsoft Windows XP Home Edition
I use primarily Firefox, but I am having the same problem with IE.

When using search engines - Yahoo, Google, etc. After requesting a search, I click on one of the result links and it directs me to a different location completely. Such as www.tazinga.com, www.searchhero.com, www.monstermarketplace.com, se1.93705.asklots.com, and www.easyreturns.com.

I ran Spybot Search and Destroy, Spyware Blaster, Malwarebytes' Anti-Malware. The problem disappeared for awhile, but it keeps coming back.

We used to play World of WarCraft, sometimes after I close one of the spyware/malware programs a window will open and act like it is going to load World of WarCraft. Very strange. I don't want to delete the program due to the cost of it... but we do not use it anymore, so if adjustments need to be made to the program that is fine.

I need help getting it truly removed.

I have followed your procedure for posting and have included or attached as requested.

Thank you for your help.....

Tina
akayshabloom


DDS (Ver_10-03-17.01) - NTFSx86
Run by Lyon at 21:04:36.79 on Tue 06/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.348 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lyon\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://search.digsby.com/
uSearch Bar =
mSearch Page = hxxp://searchbox.digsby.com/
uInternet Settings,ProxyServer = http=localhost:7070
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
uRun: [DW6]
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:37 PM

Posted 12 June 2010 - 08:10 PM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif
***************************************************

Please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double click on renamed.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
ComboFix log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 akayshabloom

akayshabloom
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, Oklahoma
  • Local time:04:37 PM

Posted 12 June 2010 - 09:59 PM

Blade... first thank you very much for assisting me.

I have tried to advise of all the information I can think of to help you trouble shoot, but ask and I will tell you what I can.


Ok... I disabled all the things on the list you provided.

I downloaded Combofix and rename it renamed.exe.

It worked as you explained it.

The blue box appeared saying it would start the scan, lasting 10 minutes or more.

Within 2 minutes the entire screen goes bright blue with white letters stating that it has been shut down because something could damage my computer.

BAD_POOL_CALLER

It goes on to say I should reboot the computer if I have never seen this before and try again.

It also gives me the following technical numbers (not sure if you want them) Not sure if these are zeros or o's.
0x000000C2 (0x00000007, 0x00000cd4, 0x000000000, 0x805627e4)

I rebooted and checked to make sure all of the files were still turned off and started combofix again.

It got to the same point and the blue screen appeared again.

I have stopped at that point until you tell me differently.


Thanks again,
Tina
akayshabloom
Tina

Don't Forget to Breathe...
It is the beginning of life.

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:37 PM

Posted 12 June 2010 - 10:18 PM

Hello Tina.

This is not normal behavior; I am contacting the developer to see if we can figure out what's going on.

Please stand by.

~Blade

Edited by Blade Zephon, 12 June 2010 - 10:19 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 akayshabloom

akayshabloom
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, Oklahoma
  • Local time:04:37 PM

Posted 13 June 2010 - 11:32 AM

Thank you... I check mail several times a day. Physically I can work on the computer each evening after 3:00 central.

Appreciate the assistance. I am in stand by mode.
akayshabloom
Tina

Don't Forget to Breathe...
It is the beginning of life.

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:37 PM

Posted 14 June 2010 - 10:33 PM

Hello.

It is most likely Mcafee causing problems. We are going to have to uninstall it to be able to move on. (you may reinstall Mcafee when we are complete)

uninstall some programs
    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    McAfee SecurityCenter

    and click on remove
update combofix

I would like you to download an updated version of combofix.
    Delete the version of combofix you have now on your desktop and download a new one from here**Note: It is important that it is saved directly to your desktop**

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note:Do not mouseclick combofix's window while it's running. That may cause it to stall
Now please download this antivirus and install it so you are protected while we finish.

http://www.free-av.com/

~Blade

In your next reply, please include the following:
ComboFix log

Edited by Blade Zephon, 14 June 2010 - 11:08 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 akayshabloom

akayshabloom
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, Oklahoma
  • Local time:04:37 PM

Posted 14 June 2010 - 11:06 PM

McAfee Security Center was uninstalled.

After running Combofix, I installed the anti-virus you advised to download.

Combofix was allowed to run completely this time, here is the log.

Thanks again,

Tina



ComboFix 10-06-14.02 - Lyon 06/14/2010 22:55:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.781 [GMT -5:00]
Running from: c:\documents and settings\Lyon\Desktop\renamed.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref

Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))
.

2010-06-06 23:30 . 2010-06-06 23:30 -------- d-----w- c:\documents and settings\Lyon\Application Data\WinPatrol
2010-06-06 23:30 . 2008-12-28 23:01 0 ----a-w- c:\documents and settings\Lyon\Application Data\WinPatrol\Config.sys
2010-06-06 23:30 . 2008-12-28 23:01 0 ----a-w- c:\documents and settings\Lyon\Application Data\WinPatrol\Autoexec.bat
2010-06-03 01:36 . 2010-06-03 01:36 -------- d-----w- c:\documents and settings\Lyon\Local Settings\Application Data\efhlygrmn
2010-06-03 00:21 . 2010-06-03 00:21 -------- d-----w- c:\documents and settings\Lyon\Local Settings\Application Data\rfqsxhxgd
2010-06-02 01:13 . 2010-06-02 01:13 -------- d-----w- c:\documents and settings\Lyon\Local Settings\Application Data\acvlbxomk
2010-06-01 19:55 . 2010-06-01 19:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-01 19:42 . 2010-06-01 19:42 -------- d-----w- c:\documents and settings\Lyon\Local Settings\Application Data\ltobjlfsk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 03:44 . 2009-03-25 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-14 23:18 . 2008-12-29 17:22 -------- d-----w- c:\documents and settings\Lyon\Application Data\LimeWire
2010-06-09 03:53 . 2009-05-29 22:27 -------- d-----w- c:\program files\World of Warcraft
2010-06-07 01:20 . 2009-01-01 19:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-06 23:46 . 2010-02-01 02:36 117760 ----a-w- c:\documents and settings\Lyon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-06 23:42 . 2009-03-01 02:50 -------- d-----w- c:\program files\SpywareBlaster
2010-05-20 01:04 . 2009-05-03 03:20 -------- d-----w- c:\program files\RealArcade
2010-05-18 21:40 . 2010-01-09 14:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-11 22:44 . 2009-05-30 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-29 20:39 . 2010-01-09 14:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-01-09 14:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-02 09:10 . 2010-01-16 02:02 47274610 ----a-w- c:\program files\Spybot - Search & Destroy.zip
2010-01-16 02:04 . 2010-01-16 02:04 1616400 ----a-w- c:\program files\Malwarebytes' Anti-Malware.zip
2007-06-22 00:38 . 2007-06-22 00:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-22 00:38 . 2007-06-22 00:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-22 00:38 . 2007-06-22 00:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-22 00:38 . 2007-06-22 00:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-22 00:39 . 2007-06-22 00:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-22 00:39 . 2007-06-22 00:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-22 00:39 . 2007-06-22 00:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-22 00:39 . 2007-06-22 00:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-22 00:40 . 2007-06-22 00:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"CTHelper"="CTHELPER.EXE" [2008-06-27 19456]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-04-28 7573504]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-29 01:39 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\System32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7070:TCP"= 7070:TCP:nfr

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/28/2009 6:31 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 8:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 74480]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1029456]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 23:31]

2010-06-15 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2009-04-19 19:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.digsby.com/
uInternet Settings,ProxyServer = http=localhost:7070
uInternet Settings,ProxyOverride = <local>;*.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Lyon\Application Data\Mozilla\Firefox\Profiles\dsjncg8b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=13&tid={BC6AE509-7EE9-BEC9-0966-11CF947257DD}&q=
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\documents and settings\Lyon\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKCU-Run-DW6 - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-14 23:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Sagekey Software\ *{6935-45000}]
"D-Code"="2963150373"
"U-Code"="Demo"
"E-Code"=""
"S-Code"="7993250349"
"C-Code"="3259393601449017"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2010-06-14 23:02:30
ComboFix-quarantined-files.txt 2010-06-15 04:02

Pre-Run: 275,566,096,384 bytes free
Post-Run: 275,935,178,752 bytes free

- - End Of File - - 07F3B0D4C823EE051A23A804C91CA77D
akayshabloom
Tina

Don't Forget to Breathe...
It is the beginning of life.

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:37 PM

Posted 15 June 2010 - 09:02 AM

Hello.

1. Open notepad and copy/paste the text in the codebox below into it:

CODE
DDS::
uInternet Settings,ProxyServer =
uInternet Settings,ProxyOverride =

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7070:TCP"=-


Save this as CFScript.txt, in the same location as ComboFix.exe

2. Close any open browsers.

3. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

~Blade

In your next reply, please include the following:
ComboFix log
How is the computer running now?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 akayshabloom

akayshabloom
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, Oklahoma
  • Local time:04:37 PM

Posted 15 June 2010 - 10:21 PM

Prior to running the script you had me drag to combofix, the computer literally would 25-40 seconds to log each mouse click. It took up to a minute to open or close any program. Plus we were still having problems with redirects.

After running the combofix again, the speed of the computer seems back up to normal. I tested a few web page searches through google.com and they seemed to work correctly. In the past this is the part that usually comes back after I use the spyware / malware/ virus programs to remove it.

Hope this helps.... I see we are getting somewhere.

Ohh I turned the Avira program back on after running the combofix tonight.

Thanks again.
Tina



ComboFix 10-06-15.02 - Lyon 06/15/2010 22:02:57.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.707 [GMT -5:00]
Running from: c:\documents and settings\Lyon\Desktop\renamed.exe
Command switches used :: c:\documents and settings\Lyon\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))
.

2010-06-15 07:20 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-15 04:14 . 2010-06-15 04:14 -------- d-----w- c:\documents and settings\Lyon\Application Data\Avira
2010-06-15 04:10 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-15 04:10 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-15 04:10 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-06-15 04:10 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-06-15 04:10 . 2010-06-15 04:10 -------- d-----w- c:\program files\Avira
2010-06-15 04:10 . 2010-06-15 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-06-06 23:30 . 2010-06-06 23:30 -------- d-----w- c:\documents and settings\Lyon\Application Data\WinPatrol
2010-06-06 23:30 . 2008-12-28 23:01 0 ----a-w- c:\documents and settings\Lyon\Application Data\WinPatrol\Config.sys
2010-06-06 23:30 . 2008-12-28 23:01 0 ----a-w- c:\documents and settings\Lyon\Application Data\WinPatrol\Autoexec.bat
2010-06-03 01:36 . 2010-06-03 01:36 -------- d-----w- c:\documents and settings\Lyon\Local Settings\Application Data\efhlygrmn
2010-06-03 00:21 . 2010-06-03 00:21 -------- d-----w- c:\documents and settings\Lyon\Local Settings\Application Data\rfqsxhxgd
2010-06-02 01:13 . 2010-06-02 01:13 -------- d-----w- c:\documents and settings\Lyon\Local Settings\Application Data\acvlbxomk
2010-06-01 19:55 . 2010-06-01 19:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-01 19:42 . 2010-06-01 19:42 -------- d-----w- c:\documents and settings\Lyon\Local Settings\Application Data\ltobjlfsk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 09:25 . 2010-01-16 16:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-15 09:09 . 2009-05-30 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-15 03:44 . 2009-03-25 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-14 23:18 . 2008-12-29 17:22 -------- d-----w- c:\documents and settings\Lyon\Application Data\LimeWire
2010-06-09 03:53 . 2009-05-29 22:27 -------- d-----w- c:\program files\World of Warcraft
2010-06-07 01:20 . 2009-01-01 19:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-06 23:46 . 2010-02-01 02:36 117760 ----a-w- c:\documents and settings\Lyon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-06 23:42 . 2009-03-01 02:50 -------- d-----w- c:\program files\SpywareBlaster
2010-05-20 01:04 . 2009-05-03 03:20 -------- d-----w- c:\program files\RealArcade
2010-05-18 21:40 . 2010-01-09 14:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 10:41 . 2002-09-03 17:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-09-03 17:11 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 20:39 . 2010-01-09 14:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-01-09 14:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2002-09-03 16:27 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-02 09:10 . 2010-01-16 02:02 47274610 ----a-w- c:\program files\Spybot - Search & Destroy.zip
2010-01-16 02:04 . 2010-01-16 02:04 1616400 ----a-w- c:\program files\Malwarebytes' Anti-Malware.zip
2007-06-22 00:38 . 2007-06-22 00:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-22 00:38 . 2007-06-22 00:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-22 00:38 . 2007-06-22 00:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-22 00:38 . 2007-06-22 00:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-22 00:39 . 2007-06-22 00:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-22 00:39 . 2007-06-22 00:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-22 00:39 . 2007-06-22 00:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-22 00:39 . 2007-06-22 00:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-22 00:40 . 2007-06-22 00:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-15_04.00.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-06-16 03:08 . 2010-06-16 03:08 16384 c:\windows\Temp\Perflib_Perfdata_448.dat
+ 2002-09-03 16:51 . 2010-06-15 09:04 67312 c:\windows\system32\perfc009.dat
- 2002-09-03 16:51 . 2010-03-25 17:21 67312 c:\windows\system32\perfc009.dat
+ 2007-08-14 00:54 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-14 00:54 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
+ 2002-09-03 16:37 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
- 2002-09-03 16:37 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2010-06-15 04:10 . 2009-05-11 15:12 28520 c:\windows\system32\drivers\ssmdrv.sys
- 2009-06-10 09:50 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-10 09:50 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-12-29 05:10 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-12-29 05:10 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-08-14 00:54 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-14 00:54 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2002-09-03 16:27 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-06-15 09:09 . 2010-06-15 09:09 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-04-15 09:04 . 2010-04-15 09:04 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-15 09:09 . 2010-06-15 09:09 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-15 09:08 . 2010-02-25 06:24 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-15 09:08 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-15 09:08 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-06-15 09:16 . 2010-06-15 09:16 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\1c1629f536fa9874ef08d09fb19ab0f0\System.Windows.Presentation.ni.dll
+ 2010-06-15 09:16 . 2010-06-15 09:16 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-15 09:06 . 2010-06-15 09:06 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe
+ 2010-06-15 09:05 . 2010-06-15 09:05 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
+ 2010-06-15 09:15 . 2010-06-15 09:15 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 59904 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.QTOContro#\14c7a174245e5f1c04d64b0fbab7f252\AxInterop.QTOControlLib.ni.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-15 09:05 . 2010-06-15 09:05 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-08-15 09:06 . 2009-08-15 09:06 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2002-09-03 16:52 . 2010-03-25 17:21 432356 c:\windows\system32\perfh009.dat
+ 2002-09-03 16:52 . 2010-06-15 09:04 432356 c:\windows\system32\perfh009.dat
+ 2002-09-03 16:50 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
- 2002-09-03 16:50 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
- 2002-09-03 16:46 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2002-09-03 16:46 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2007-08-14 00:54 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
- 2002-09-03 16:35 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2002-09-03 16:35 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
- 2002-09-03 16:34 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
+ 2002-09-03 16:34 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
+ 2002-09-03 16:34 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2002-09-03 16:34 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
- 2008-12-28 16:54 . 2010-01-01 00:04 228000 c:\windows\system32\FNTCACHE.DAT
+ 2008-12-28 16:54 . 2010-06-15 09:25 228000 c:\windows\system32\FNTCACHE.DAT
- 2007-08-14 00:54 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-14 00:54 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
- 2007-08-14 00:44 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-14 00:44 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-14 00:54 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-08-14 00:54 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-12-29 05:10 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-10 09:50 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-10 09:50 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2007-08-14 00:54 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
- 2007-08-14 00:54 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-14 00:39 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-14 00:39 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-14 00:39 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-14 00:39 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 17:22 . 2010-02-09 17:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-06-15 04:09 . 2010-06-15 04:09 219648 c:\windows\Installer\d9a8f.msi
+ 2010-02-25 05:14 . 2010-02-25 05:14 543232 c:\windows\Installer\11812fa.msp
+ 2009-05-30 23:51 . 2010-06-15 09:09 217928 c:\windows\Installer\{90120000-001C-0409-0000-0000000FF1CE}\misc.exe
- 2009-05-30 23:51 . 2010-05-11 22:44 217928 c:\windows\Installer\{90120000-001C-0409-0000-0000000FF1CE}\misc.exe
+ 2010-06-15 09:08 . 2010-02-25 06:24 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-15 09:08 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-15 09:08 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-15 09:08 . 2010-02-25 06:24 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-15 09:08 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-15 09:08 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-15 09:08 . 2010-02-25 06:24 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-15 09:08 . 2010-02-25 06:24 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-15 09:08 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-15 09:08 . 2010-02-25 06:24 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-15 09:08 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-06-15 09:13 . 2010-06-15 09:13 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-06-15 09:11 . 2010-06-15 09:11 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7c702f75d47bf841b9587e582c2d0b2\WindowsFormsIntegration.ni.dll
+ 2010-06-15 09:11 . 2010-06-15 09:11 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\3a78043c85333d5af49a0d958912ae4a\UIAutomationClient.ni.dll
+ 2010-06-15 09:16 . 2010-06-15 09:16 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-06-15 09:15 . 2010-06-15 09:15 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-15 09:16 . 2010-06-15 09:16 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-06-15 09:16 . 2010-06-15 09:16 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-06-15 09:16 . 2010-06-15 09:16 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-06-15 09:16 . 2010-06-15 09:16 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-06-15 09:15 . 2010-06-15 09:15 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll
+ 2010-06-15 09:15 . 2010-06-15 09:15 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-06-15 09:15 . 2010-06-15 09:15 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-06-15 09:15 . 2010-06-15 09:15 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-06-15 09:12 . 2010-06-15 09:12 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-15 09:10 . 2010-06-15 09:10 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-15 09:15 . 2010-06-15 09:15 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-15 09:15 . 2010-06-15 09:15 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-06-15 09:15 . 2010-06-15 09:15 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-06-15 09:15 . 2010-06-15 09:15 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-15 09:13 . 2010-06-15 09:13 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-15 09:09 . 2010-06-15 09:09 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll
+ 2010-06-15 09:08 . 2010-06-15 09:08 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad524016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll
+ 2010-06-15 09:08 . 2010-06-15 09:08 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll
+ 2010-06-15 09:08 . 2010-06-15 09:08 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 600064 c:\windows\assembly\NativeImages_v2.0.50727_32\PerstNET\c71b3bd803b8177f4969db55aae8809d\PerstNET.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-06-15 09:13 . 2010-06-15 09:13 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Utils\844fb850ca03c9313ec4eb6ea1e861eb\MediaManager.Utils.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 261120 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Splash#\ca0f4d191b5bf36b66e82d5588574aee\MediaManager.SplashScreen.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 950272 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.GUI\57a6a16cbffa2ff4e8bf97dd5872f0f1\MediaManager.GUI.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 856576 c:\windows\assembly\NativeImages_v2.0.50727_32\Lucene.Net\bb38db7f09fbacf20016adb0238319c0\Lucene.Net.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 657920 c:\windows\assembly\NativeImages_v2.0.50727_32\log4net\7241f0e4d02bc2c9f1466775aeea965f\log4net.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 210432 c:\windows\assembly\NativeImages_v2.0.50727_32\GCPlayer\b96b902c4c31364cbc3fce84270c47ea\GCPlayer.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-06-15 09:14 . 2010-06-15 09:14 151552 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.WMPLib\d42f957a57099b19a4b7670cc740e5c8\AxInterop.WMPLib.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.SHDocVw\5805f8771cd673cc26d7789e114698d2\AxInterop.SHDocVw.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-15 09:05 . 2010-06-15 09:05 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-15 09:05 . 2010-06-15 09:05 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-15 09:05 . 2010-06-15 09:05 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-08-15 09:06 . 2009-08-15 09:06 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2002-09-03 17:14 . 2010-04-06 09:52 2462720 c:\windows\system32\WMVCore.dll
+ 2002-09-03 17:08 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
- 2002-09-03 17:08 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
+ 2002-09-03 16:53 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
- 2002-09-03 16:53 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2002-09-03 16:44 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
- 2007-08-14 00:34 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2007-08-14 00:34 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2008-12-29 03:14 . 2010-04-06 09:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-12-29 03:29 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
- 2007-08-14 00:54 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2007-08-14 00:54 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:12 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2007-08-14 00:54 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
- 2008-12-29 05:10 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-29 05:10 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-04-12 03:17 . 2010-04-12 03:17 2607104 c:\windows\Installer\1181306.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 4210688 c:\windows\Installer\1181305.msp
+ 2010-04-24 22:10 . 2010-04-24 22:10 8486400 c:\windows\Installer\11812ef.msp
+ 2009-05-30 23:51 . 2010-06-15 09:09 1165648 c:\windows\Installer\{90120000-001C-0409-0000-0000000FF1CE}\accrticons.exe
- 2009-05-30 23:51 . 2010-05-11 22:44 1165648 c:\windows\Installer\{90120000-001C-0409-0000-0000000FF1CE}\accrticons.exe
+ 2009-05-30 23:51 . 2010-06-15 09:09 1165648 c:\windows\Installer\{90120000-001C-0409-0000-0000000FF1CE}\accicons.exe
- 2009-05-30 23:51 . 2010-05-11 22:44 1165648 c:\windows\Installer\{90120000-001C-0409-0000-0000000FF1CE}\accicons.exe
+ 2010-06-15 09:08 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-15 09:08 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-15 09:08 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-06-15 09:05 . 2010-06-15 09:05 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll
+ 2010-06-15 09:11 . 2010-06-15 09:11 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\48b66876f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll
+ 2010-06-15 09:05 . 2010-06-15 09:05 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-15 09:11 . 2010-06-15 09:11 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-15 09:16 . 2010-06-15 09:16 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-15 09:16 . 2010-06-15 09:16 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-15 09:16 . 2010-06-15 09:16 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-15 09:16 . 2010-06-15 09:16 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-15 09:16 . 2010-06-15 09:16 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-15 09:16 . 2010-06-15 09:16 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-15 09:10 . 2010-06-15 09:10 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-15 09:15 . 2010-06-15 09:15 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-15 09:12 . 2010-06-15 09:12 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-15 09:10 . 2010-06-15 09:10 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\161b423dc4e86e569af019e838d39de5\System.Printing.ni.dll
+ 2010-06-15 09:12 . 2010-06-15 09:12 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-15 09:10 . 2010-06-15 09:10 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-15 09:10 . 2010-06-15 09:10 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-15 09:15 . 2010-06-15 09:15 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f249a2dbc8dcb91860d0997c163c73ff\System.Data.OracleClient.ni.dll
+ 2010-06-15 09:10 . 2010-06-15 09:10 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-15 09:15 . 2010-06-15 09:15 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-15 09:09 . 2010-06-15 09:09 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 1005568 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\b463ff7781cf1c6af3a8cd9bd2382ef8\Sony.MediaSoftware.clrshared.ni.dll
+ 2010-06-15 09:09 . 2010-06-15 09:09 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\fc373f0a8dbd173c63b6b95551b1c673\ReachFramework.ni.dll
+ 2010-06-15 09:09 . 2010-06-15 09:09 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ead93b6a4f0101cb99d09f3e3fc6491c\PresentationUI.ni.dll
+ 2010-06-15 09:05 . 2010-06-15 09:05 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-15 09:15 . 2010-06-15 09:15 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 1794048 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager\2ce61b1344f9606c5848847d66ed40b4\MediaManager.ni.exe
+ 2010-06-15 09:13 . 2010-06-15 09:13 7510016 c:\windows\assembly\NativeImages_v2.0.50727_32\AppCommon\831ca469d4b73a8a9a46057969202c2d\AppCommon.ni.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-15 09:05 . 2010-06-15 09:05 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-15 09:04 . 2010-06-15 09:04 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-10-15 09:08 . 2009-10-15 09:08 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-12-29 05:08 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe
+ 2007-08-14 00:54 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2008-12-29 05:10 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-24 22:09 . 2010-04-24 22:09 11750912 c:\windows\Installer\1181323.msp
+ 2010-06-15 09:08 . 2010-06-15 09:08 20242432 c:\windows\Installer\118131c.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 14599680 c:\windows\Installer\1181314.msp
+ 2010-06-15 09:08 . 2010-02-25 16:54 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-06-15 09:10 . 2010-06-15 09:10 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-15 09:14 . 2010-06-15 09:14 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-15 09:13 . 2010-06-15 09:13 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-15 09:10 . 2010-06-15 09:10 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-15 09:08 . 2010-06-15 09:08 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ca898d942e4d85af4c3d5f14a77c359a\PresentationFramework.ni.dll
+ 2010-06-15 09:06 . 2010-06-15 09:06 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89d7afa8885c2a326379f03\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"CTHelper"="CTHELPER.EXE" [2008-06-27 19456]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-04-28 7573504]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-29 01:39 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\System32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/28/2009 6:31 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 8:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/14/2010 11:10 PM 135336]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1029456]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 23:31]

2010-06-16 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2009-04-19 19:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.digsby.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Lyon\Application Data\Mozilla\Firefox\Profiles\dsjncg8b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=13&tid={BC6AE509-7EE9-BEC9-0966-11CF947257DD}&q=
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\documents and settings\Lyon\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-15 22:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Sagekey Software\ *{6935-45000}]
"D-Code"="2963150373"
"U-Code"="Demo"
"E-Code"=""
"S-Code"="7993250349"
"C-Code"="3259393601449017"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(3868)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\BCMSMMSG.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-15 22:13:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-16 03:13
ComboFix2.txt 2010-06-15 04:02

Pre-Run: 274,890,338,304 bytes free
Post-Run: 274,960,035,840 bytes free

- - End Of File - - B9B7F73ECFBAC23F7C791AFE711541FB

akayshabloom
Tina

Don't Forget to Breathe...
It is the beginning of life.

#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:37 PM

Posted 17 June 2010 - 11:17 PM

Hello

Let's do a comprehensive scan to check for remaining malware on the machine. Please be aware that this scan will take some time to run.

Please go to the Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply .

~Blade


In your next reply, please include the following:
Kaspersky Online Scan

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#11 akayshabloom

akayshabloom
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, Oklahoma
  • Local time:04:37 PM

Posted 19 June 2010 - 02:16 PM

Sorry it took so long. Had to work a bit extra this weekend.


Here is the Kaspersky Online Scan you asked for.


I saved the kaspersky to my desktop as a .txt file. Each time I try to open the file by double clicking, it automatically starts the World of Warcraft Blizzard Launcher and starts loading the game. This has actually happened several times before when I try to open simple .txt files. Now if i do a right mouse and use open with notepad, it will work correctly.


As I have said in previous posts. We no longer play WOW, but would like to salvage the game if possible.

Thanks again for your help.

Tina

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, June 19, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, June 19, 2010 12:23:34
Records in database: 4296164
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 64050
Threats found: 8
Infected objects found: 26
Suspicious objects found: 0
Scan duration: 01:22:23


File name / Threat / Threats count
C:\Documents and Settings\Lyon\Application Data\Sun\Java\Deployment\cache\6.0\38\9246a6-50aa35c2 Infected: Trojan-Downloader.Java.Agent.en 3
C:\Documents and Settings\Lyon\Application Data\Sun\Java\Deployment\cache\6.0\39\43e38267-6278265a Infected: Trojan-Downloader.Java.Agent.en 3
C:\Documents and Settings\Lyon\Application Data\Sun\Java\Deployment\cache\6.0\51\767caab3-3cf82235 Infected: Trojan-Downloader.Java.Agent.en 3
C:\Documents and Settings\Lyon\Application Data\Sun\Java\Deployment\cache\6.0\61\26cf52bd-7fff53a5 Infected: Exploit.Java.Agent.n 1
C:\Documents and Settings\Lyon\Application Data\Sun\Java\Deployment\cache\6.0\62\939cb3e-21140d3e Infected: Exploit.Java.Agent.n 1
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-1395705-Jesus Culture- Everything.wma Infected: Trojan-Downloader.WMA.Wimad.v 1
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-3461700-brad pasley then.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-3926616-nina lil wayne.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-3955427-brad paisley i thought i loved you then.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-4310631-KONAMI - 99 Red Balloons - M-CREW project.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-4398564-over underneath.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-4472879-Rocket Marching Band - Big Noise from Winnetka.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-5240102-lay them down.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-5269350-another you david cursh.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-5878164-cali dro lilwayne.au Infected: Trojan-Downloader.WMA.GetCodec.af 1
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-5966561-armagedan soundtrack (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-5966561-then brad pasley (new album).mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1
C:\Documents and Settings\Lyon\My Documents\LimeWire\Saved\Glen Phillips - Everything....mp3 Infected: Trojan-Downloader.WMA.GetCodec.z 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{82AAE07B-766D-4798-94B0-47B960A1EF6B}\RP584\A0065414.sys Infected: Rootkit.Win32.TDSS.ap 1

Selected area has been scanned.

akayshabloom
Tina

Don't Forget to Breathe...
It is the beginning of life.

#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:37 PM

Posted 20 June 2010 - 12:49 AM

Hello.

Download TFC by OldTimer to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job.
Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

NOTE:
It's normal after running TFC that the PC will be slower to boot the first time.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.


***************************************************

There are several infected files that were downloaded using Limewire. We'll attack those now. First though, a warning.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case LimeWire). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

I would recommend going to Add/Remove Programs and uninstalling LimeWire now. If you wish to keep these programs, it is imperative that you do not use them until I have declared you clean.

***************************************************

1. Open notepad and copy/paste the text in the codebox below into it. Please ensure that Word Wrap is not enabled in notepad. (Under the Format menu, Word Wrap should be unchecked):

CODE
http://www.bleepingcomputer.com/forums/t/322839/firefox-ie-search-redirects-to-ad-or-bogus-sites/

Collect::
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-1395705-Jesus Culture- Everything.wma
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-3461700-brad pasley then.wma
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-3926616-nina lil wayne.mp3
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-3955427-brad paisley i thought i loved you then.mp3
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-4310631-KONAMI - 99 Red Balloons - M-CREW project.wma
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-4398564-over underneath.wma
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-4472879-Rocket Marching Band - Big Noise from Winnetka.wma
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-5240102-lay them down.mp3
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-5269350-another you david cursh.mp3
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-5878164-cali dro lilwayne.au
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-5966561-armagedan soundtrack (new album).mp3
C:\Documents and Settings\Lyon\My Documents\LimeWire\Incomplete\T-5966561-then brad pasley (new album).mp3
C:\Documents and Settings\Lyon\My Documents\LimeWire\Saved\Glen Phillips - Everything....mp3


Save this as CFScript.txt, in the same location as renamed.exe

2. Close any open browsers.

3. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.



Refering to the picture above, drag CFScript into renamed.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

~Blade


In your next reply, please include the following:
ComboFix Log
How is the computer running now?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#13 akayshabloom

akayshabloom
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, Oklahoma
  • Local time:04:37 PM

Posted 20 June 2010 - 12:08 PM

It seems my modem has quit at home (the computer we are working on). I will not be back online til after 7:00pm edt on Monday after Cox comes out and replaces my modem.

I should be able to get to your instructions at that time.

Thank you for your patience.

akayshabloom
Tina

Don't Forget to Breathe...
It is the beginning of life.

#14 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:37 PM

Posted 20 June 2010 - 12:53 PM

Okay. . . will look for your response.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#15 akayshabloom

akayshabloom
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa, Oklahoma
  • Local time:04:37 PM

Posted 21 June 2010 - 06:53 PM

Ok my modem is back up and running correctly.

I copied the script to Combofix and ran Combofix.

I removed Limewire, BUT I forgot to do it before I ran the Combofix.


The computer seems to be working much much better. Actually I am not finding any weird characteristics on the surface.

Thanks for all you are doing. Just let me know what is next.


Tina


ComboFix 10-06-21.01 - Lyon 06/21/2010 16:55:05.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.701 [GMT -5:00]
Running from: c:\documents and settings\Lyon\Desktop\renamed.exe
Command switches used :: c:\documents and settings\Lyon\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

file zipped: c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-1395705-Jesus Culture- Everything.wma
file zipped: c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-3461700-brad pasley then.wma
file zipped: c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-3926616-nina lil wayne.mp3
file zipped: c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-3955427-brad paisley i thought i loved you then.mp3
file zipped: c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-4310631-KONAMI - 99 Red Balloons - M-CREW project.wma
file zipped: c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-4398564-over underneath.wma
file zipped: c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-4472879-Rocket Marching Band - Big Noise from Winnetka.wma
file zipped: c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-5240102-lay them down.mp3
file zipped: c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-5269350-another you david cursh.mp3
file zipped: c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-5878164-cali dro lilwayne.au
file zipped: c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-5966561-armagedan soundtrack (new album).mp3
file zipped: c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-5966561-then brad pasley (new album).mp3
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-1395705-Jesus Culture- Everything.wma
c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-3461700-brad pasley then.wma
c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-3926616-nina lil wayne.mp3
c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-3955427-brad paisley i thought i loved you then.mp3
c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-4310631-KONAMI - 99 Red Balloons - M-CREW project.wma
c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-4398564-over underneath.wma
c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-4472879-Rocket Marching Band - Big Noise from Winnetka.wma
c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-5240102-lay them down.mp3
c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-5269350-another you david cursh.mp3
c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-5878164-cali dro lilwayne.au
c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-5966561-armagedan soundtrack (new album).mp3
c:\documents and settings\Lyon\My Documents\LimeWire\Incomplete\T-5966561-then brad pasley (new album).mp3

.
((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 )))))))))))))))))))))))))))))))
.

2010-06-21 02:50 . 2010-06-21 02:50 -------- d-----w- c:\documents and settings\Lyon\Application Data\Leadertech
2010-06-16 05:54 . 2010-06-16 05:54 -------- d-----w- c:\windows\system32\NtmsData
2010-06-15 07:20 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-15 04:14 . 2010-06-15 04:14 -------- d-----w- c:\documents and settings\Lyon\Application Data\Avira
2010-06-15 04:10 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-15 04:10 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-15 04:10 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-06-15 04:10 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-06-15 04:10 . 2010-06-15 04:10 -------- d-----w- c:\program files\Avira
2010-06-15 04:10 . 2010-06-15 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-06-06 23:30 . 2010-06-06 23:30 -------- d-----w- c:\documents and settings\Lyon\Application Data\WinPatrol
2010-06-06 23:30 . 2008-12-28 23:01 0 ----a-w- c:\documents and settings\Lyon\Application Data\WinPatrol\Config.sys
2010-06-06 23:30 . 2008-12-28 23:01 0 ----a-w- c:\documents and settings\Lyon\Application Data\WinPatrol\Autoexec.bat
2010-06-03 01:36 . 2010-06-03 01:36 -------- d-----w- c:\documents and settings\Lyon\Local Settings\Application Data\efhlygrmn
2010-06-03 00:21 . 2010-06-03 00:21 -------- d-----w- c:\documents and settings\Lyon\Local Settings\Application Data\rfqsxhxgd
2010-06-02 01:13 . 2010-06-02 01:13 -------- d-----w- c:\documents and settings\Lyon\Local Settings\Application Data\acvlbxomk
2010-06-01 19:55 . 2010-06-01 19:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-01 19:42 . 2010-06-01 19:42 -------- d-----w- c:\documents and settings\Lyon\Local Settings\Application Data\ltobjlfsk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 02:51 . 2008-12-29 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-06-21 02:51 . 2008-12-29 20:07 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-06-19 19:11 . 2009-05-29 22:27 -------- d-----w- c:\program files\World of Warcraft
2010-06-15 09:25 . 2010-01-16 16:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-15 09:09 . 2009-05-30 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-15 03:44 . 2009-03-25 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-14 23:18 . 2008-12-29 17:22 -------- d-----w- c:\documents and settings\Lyon\Application Data\LimeWire
2010-06-07 01:20 . 2009-01-01 19:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-06 23:46 . 2010-02-01 02:36 117760 ----a-w- c:\documents and settings\Lyon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-06 23:42 . 2009-03-01 02:50 -------- d-----w- c:\program files\SpywareBlaster
2010-05-20 01:04 . 2009-05-03 03:20 -------- d-----w- c:\program files\RealArcade
2010-05-18 21:40 . 2010-01-09 14:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 10:41 . 2002-09-03 17:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-09-03 17:11 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 20:39 . 2010-01-09 14:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-01-09 14:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2002-09-03 16:27 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-02 09:10 . 2010-01-16 02:02 47274610 ----a-w- c:\program files\Spybot - Search & Destroy.zip
2010-01-16 02:04 . 2010-01-16 02:04 1616400 ----a-w- c:\program files\Malwarebytes' Anti-Malware.zip
2007-06-22 00:38 . 2007-06-22 00:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-22 00:38 . 2007-06-22 00:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-22 00:38 . 2007-06-22 00:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-22 00:38 . 2007-06-22 00:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-22 00:39 . 2007-06-22 00:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-22 00:39 . 2007-06-22 00:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-22 00:39 . 2007-06-22 00:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-22 00:39 . 2007-06-22 00:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-22 00:40 . 2007-06-22 00:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-06-16_03.08.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-21 21:29 . 2010-06-21 21:29 16384 c:\windows\Temp\Perflib_Perfdata_264.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"CTHelper"="CTHELPER.EXE" [2008-06-27 19456]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-04-28 7573504]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-29 01:39 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\System32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/28/2009 6:31 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 8:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/14/2010 11:10 PM 135336]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 8:21 PM 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 8:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 8:21 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 8:21 PM 566296]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1029456]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-06-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 23:31]

2010-06-21 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2009-04-19 19:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.digsby.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Lyon\Application Data\Mozilla\Firefox\Profiles\dsjncg8b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=13&tid={BC6AE509-7EE9-BEC9-0966-11CF947257DD}&q=
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\documents and settings\Lyon\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 16:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Sagekey Software\ *{6935-45000}]
"D-Code"="2963150373"
"U-Code"="Demo"
"E-Code"=""
"S-Code"="7993250349"
"C-Code"="3259393601449017"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2010-06-21 17:01:02
ComboFix-quarantined-files.txt 2010-06-21 22:00
ComboFix2.txt 2010-06-16 03:13
ComboFix3.txt 2010-06-15 04:02

Pre-Run: 275,976,146,944 bytes free
Post-Run: 275,962,081,280 bytes free

- - End Of File - - 0610A60A8513CBE4BED1ECFFC34E8CF6
Upload was successful

akayshabloom
Tina

Don't Forget to Breathe...
It is the beginning of life.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users