Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Browser Hijacker - IE and Firefox


  • This topic is locked This topic is locked
14 replies to this topic

#1 austin_2010

austin_2010

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 08 June 2010 - 11:08 PM

Hello. I have an annoying browser hijacker that affects both Internet Explorer and Firefox. My homepage has not changed, but when I use a search engine, I get redirected links when I click on the search results. These sites are mostly different ad sites, etc. Many have a little loop icon where the icon is in the far left of the address bar. When browsing, I also get the occasional popup. Sometimes, I get a message that General Services Host for Windows has shut down, and the menu bar in IE turns black.

When I first noticed the browser hijacker, I ran Malwarebytes; it found avsoft/avsuite and deleted it, but that did not fix the browser problems I experience. Additional scans in Malwarebytes and AVG both show that I am clean even though I still have the browser hijacker.

I am attaching the logs as requested. Thanks in advance for your help with this.

Austin


DDS (Ver_10-03-17.01) - NTFSx86
Run by user at 11:35:00.29 on Mon 06/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1403 [GMT -5:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SMSERIAL] sm56hlpr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\m7zkp8jh.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-5-23 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-23 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-23 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-23 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-23 242896]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-5-23 916760]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-23 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-1 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-5-23 5888008]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-5-23 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-5-23 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-5-23 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-5-23 26120]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-5-23 30104]

=============== Created Last 30 ================

2010-06-07 16:27:42 202 ----a-w- c:\documents and settings\user\defogger_reenable
2010-06-07 15:50:13 3174748 ----a-w- C:\1.pdf
2010-06-07 15:48:54 664569 ----a-w- C:\The IBM Muppet Show.mht
2010-06-07 15:48:38 17535658 ----a-w- C:\Your Future.pdf
2010-06-07 15:19:54 13010270 ----a-w- C:\The End.pdf
2010-06-07 15:01:52 586763 ----a-w- C:\John Waters, Role Models - Gothamist.mht
2010-06-07 05:00:34 0 d-----w- C:\Capote Truman
2010-06-07 04:24:02 41505733 ----a-w- C:\International Legal English.Pdf
2010-06-06 22:45:19 0 d-----w- C:\Norman Mailer
2010-06-06 07:30:31 0 d--h--w- C:\$AVG
2010-06-06 00:04:12 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-06-06 00:03:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-06 00:03:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-06 00:03:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-06 00:03:55 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-05 23:56:54 1159943 ----a-w- C:\Searching for Jesus in the Gospels The New Yorker.mht
2010-06-05 23:12:05 0 d-----w- C:\Talk Now! - Learn Finnish
2010-06-05 21:39:35 99898 ----a-w- C:\John Waters Is Not a Poppers Pig.mht
2010-06-03 19:43:24 153992 ----a-w- C:\SANTA.docx
2010-06-03 18:37:06 54416 ----a-w- C:\original.jpg
2010-06-02 15:17:28 553139 ----a-w- C:\4 Things Credit Card Offers Don't Disclose on Shine.mht
2010-06-02 15:06:56 1557773 ----a-w- C:\Iron Man 2's Hidden Plot.mht
2010-06-01 19:39:09 0 d-----w- C:\Lemony Snicket
2010-06-01 04:46:26 17524061 ----a-w- C:\How to Survive.pdf
2010-06-01 04:35:46 47277166 ----a-w- C:\120.pdf
2010-06-01 04:34:59 25684096 ----a-w- C:\119.pdf
2010-06-01 04:34:37 25506012 ----a-w- C:\118.pdf
2010-06-01 04:28:00 31338358 ----a-w- C:\121.pdf
2010-06-01 04:27:23 0 d-----w- C:\Dr Seuss
2010-06-01 04:25:53 0 d-----w- C:\Accounting
2010-06-01 04:20:35 383896 ----a-w- C:\NPNP.pdf
2010-05-30 17:23:05 0 d-----w- C:\Easy Paycheck Formula
2010-05-28 19:38:39 1807726 ----a-w- C:\Adventurer leaves NY career to walk across US.mht
2010-05-28 18:53:45 58160 ----a-w- C:\REVOCABLE LIVING TRUST Amendment_Form.pdf
2010-05-28 08:10:48 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-27 20:20:43 27081 ----a-w- C:\LAST WILL AND TESTAMENT.docx
2010-05-27 15:43:44 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-27 15:43:44 215920 ----a-w- c:\windows\system32\muweb.dll
2010-05-27 15:43:44 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-05-27 13:23:22 0 d-----w- c:\docume~1\user\applic~1\AVG9
2010-05-26 03:55:26 0 d-----w- c:\windows\system32\appmgmt
2010-05-25 16:05:37 947412 ----a-w- C:\[FINAL NOTICE] Closing in a Few Hours_ Make a Full Time Income_ Simple, Fast & Fun_ Works Every Time - Page 4.mht
2010-05-25 16:05:18 1019406 ----a-w- C:\[FINAL NOTICE] Closing in a Few Hours_ Make a Full Time Income_ Simple, Fast & Fun_ Works Every Time - Page 3.mht
2010-05-25 16:04:53 987472 ----a-w- C:\[FINAL NOTICE] Closing in a Few Hours_ Make a Full Time Income_ Simple, Fast & Fun_ Works Every Time - Page 2.mht
2010-05-25 16:04:30 1141178 ----a-w- C:\[FINAL NOTICE] Closing in a Few Hours_ Make a Full Time Income_ Simple, Fast & Fun_ Works Every Time 01.mht
2010-05-25 15:10:08 0 d-----w- C:\Lua
2010-05-24 22:56:44 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-24 22:56:14 0 d-----w- c:\windows\SHELLNEW
2010-05-24 22:43:48 0 d-----w- c:\program files\PeerGuardian2
2010-05-24 21:20:29 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp
2010-05-24 21:20:29 3143 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2010-05-24 21:20:03 3663 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2010-05-24 21:20:03 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2010-05-24 21:19:17 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.bmp
2010-05-24 21:19:17 2863 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
2010-05-24 21:04:26 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.bmp
2010-05-24 21:04:26 2897 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
2010-05-24 21:04:03 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
2010-05-24 21:04:03 3018 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2010-05-24 21:03:12 0 d-----w- c:\docume~1\user\applic~1\AccurateRip
2010-05-24 21:03:11 421552 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-05-24 21:03:11 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2010-05-24 21:03:11 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-05-24 21:03:07 0 d-----w- c:\program files\Illustrate
2010-05-24 21:02:08 0 d-----w- c:\program files\Comical
2010-05-24 20:30:18 0 d-----w- c:\docume~1\user\applic~1\Call Graph
2010-05-24 20:30:13 0 d-----w- c:\program files\Call Graph
2010-05-24 19:38:34 0 d-----w- c:\program files\Alcohol Soft
2010-05-24 19:07:24 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-05-24 19:07:23 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-05-24 19:07:21 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-24 19:07:21 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-24 14:36:02 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-05-24 02:46:11 0 d-----w- c:\windows\system32\XPSViewer
2010-05-24 02:45:41 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-05-24 02:45:41 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-05-24 02:45:41 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-05-24 02:45:41 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-05-24 02:45:41 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-05-24 02:45:41 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-05-24 02:45:41 117760 ------w- c:\windows\system32\prntvpt.dll
2010-05-24 00:41:04 0 d-----w- c:\windows\Motorola
2010-05-24 00:37:30 0 d-----w- c:\program files\MSXML 4.0
2010-05-23 17:42:11 0 d-----w- C:\JD
2010-05-23 17:31:13 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-23 17:31:13 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-23 17:30:49 0 d-----w- c:\program files\iPod
2010-05-23 17:30:45 0 d-----w- c:\program files\iTunes
2010-05-23 17:30:45 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-23 17:29:57 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-05-23 17:29:57 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-05-23 17:29:34 0 d-----w- c:\program files\Bonjour
2010-05-23 17:21:56 0 d-----w- c:\program files\JDownloader
2010-05-23 17:21:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-23 17:21:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-05-23 16:08:14 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-05-23 16:08:14 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-23 16:06:39 0 d-----w- c:\program files\AVG
2010-05-23 16:06:08 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-05-23 16:03:15 0 d-----w- c:\windows\system32\PreInstall
2010-05-23 15:56:19 0 d-sh--w- c:\documents and settings\user\UserData
2010-05-23 15:55:46 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-05-23 15:10:46 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-23 14:52:29 0 d-----w- c:\program files\VideoLAN
2010-05-23 14:48:56 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-23 14:47:15 0 d-----r- c:\program files\Skype
2010-05-23 14:37:23 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-05-23 14:30:33 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-23 14:30:16 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-05-23 14:30:01 0 d-sh--w- c:\documents and settings\user\IECompatCache
2010-05-23 14:29:47 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-23 14:29:46 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-05-23 14:28:51 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-05-23 14:28:51 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-05-23 14:28:49 0 d-sh--w- c:\documents and settings\user\PrivacIE
2010-05-23 14:27:05 0 d-sh--w- c:\documents and settings\user\IETldCache
2010-05-23 14:25:24 0 d-----w- c:\windows\ie8updates
2010-05-23 14:23:59 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-05-23 14:23:54 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-05-23 14:23:47 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-05-23 14:23:13 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-05-23 14:23:07 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-05-23 14:21:50 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-23 14:21:50 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-23 14:21:50 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-23 14:21:49 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-23 14:21:48 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-23 14:21:04 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-23 14:20:10 0 d-----w- c:\docume~1\user\applic~1\Intel
2010-05-23 14:20:03 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-23 14:17:06 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-05-23 14:17:03 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-05-23 14:15:30 0 d-----w- c:\program files\SigmaTel
2010-05-23 14:10:34 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-23 14:10:34 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-05-23 14:10:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-23 14:10:31 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-23 14:10:25 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-23 14:10:20 0 d-----w- c:\windows\system32\drivers\Avg
2010-05-23 13:50:49 0 d-----w- c:\windows\ServicePackFiles
2010-05-23 13:49:44 19569 ----a-w- c:\windows\002856_.tmp
2010-05-23 12:42:22 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-05-23 12:41:04 333 ----a-w- c:\windows\system32\$ncsp$.inf
2010-05-23 12:39:51 2 --sh--r- C:\USER
2010-05-23 09:20:13 60 ----a-w- c:\windows\system32\SYSDRV.DAT
2010-05-23 09:19:51 13824 ----a-w- c:\windows\system32\wowfaxui.dll
2010-05-23 09:19:46 3200 ----a-w- c:\windows\system32\wowfax.dll
2010-05-23 09:19:44 23552 -c--a-w- c:\windows\system32\dllcache\wdmaud.drv
2010-05-23 09:19:44 23552 ----a-w- c:\windows\system32\wdmaud.drv
2010-05-23 09:19:37 49211 ----a-w- c:\windows\system32\usrvpa.dll
2010-05-23 09:19:32 45116 ----a-w- c:\windows\system32\usrvoica.dll
2010-05-23 09:19:27 49209 ----a-w- c:\windows\system32\usrv80a.dll
2010-05-23 09:19:22 102457 ----a-w- c:\windows\system32\usrv42a.dll
2010-05-23 09:19:17 41019 ----a-w- c:\windows\system32\usrsvpia.dll
2010-05-23 09:19:12 69700 ----a-w- c:\windows\system32\usrshuta.exe
2010-05-23 09:19:07 49211 ----a-w- c:\windows\system32\usrsdpia.dll
2010-05-23 09:19:02 77883 ----a-w- c:\windows\system32\usrrtosa.dll
2010-05-23 09:17:54 69632 ----a-w- c:\windows\system32\spnike.dll
2010-05-23 09:16:57 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys
2010-05-23 09:15:11 707 ----a-w- c:\windows\_default.pif
2010-05-23 09:14:59 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-23 09:13:59 5120 ----a-w- c:\windows\system32\shell.dll
2010-05-23 09:12:59 8192 ----a-w- c:\windows\system32\ntlsapi.dll
2010-05-23 09:11:59 61440 ----a-w- c:\windows\system32\mmcshext.dll
2010-05-23 09:10:26 9728 ----a-w- c:\windows\system32\label.exe
2010-05-23 09:09:58 9216 ----a-w- c:\windows\system32\finger.exe
2010-05-23 09:08:59 87040 ----a-w- c:\windows\system32\diantz.exe
2010-05-23 09:07:58 19456 ----a-w- c:\windows\system32\arp.exe

==================== Find3M ====================

2010-04-08 18:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

============= FINISH: 11:36:33.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:19 AM

Posted 12 June 2010 - 09:33 PM

Hello austin_2010,

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

**********************

Please update Malwarebytes' Anti-Malware, run it again and post its log.
Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 austin_2010

austin_2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 13 June 2010 - 12:27 AM

Thanks SifuMike. Here are the items you requested:

Security Check

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 9.0
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 9.3.2
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


Malwarebytes Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4192

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/13/2010 12:22:47 AM
mbam-log-2010-06-13 (00-22-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 186612
Time elapsed: 50 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:19 AM

Posted 13 June 2010 - 09:41 AM

Hi austin_2010,

I see a nasty rootkit, so we will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your AVG Antivirus before running ComboFix, as it will prevent it from running.

To disable AVG antivirus:  
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop. <==IMPORTANT

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log. The log will be save as C:\ComboFix.txt


If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 austin_2010

austin_2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 13 June 2010 - 05:39 PM

Thanks SifuMike. Here's the log.

ComboFix 10-06-13.01 - user 06/13/2010 17:13:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1552 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-05-13 to 2010-06-13 )))))))))))))))))))))))))))))))
.

2010-06-06 07:30 . 2010-06-06 07:30 -------- d-----w- C:\$AVG
2010-06-06 04:57 . 2010-06-06 04:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-06 00:04 . 2010-06-06 00:04 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2010-06-06 00:03 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-06 00:03 . 2010-06-06 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-06 00:03 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-06 00:03 . 2010-06-06 00:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-05 23:12 . 2010-06-05 23:15 -------- d-----w- C:\Talk Now! - Learn Finnish
2010-06-05 22:56 . 2010-06-05 22:56 -------- d-----w- c:\windows\Sun
2010-06-01 15:29 . 2010-06-01 15:29 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-01 15:29 . 2010-06-01 15:29 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-05-30 17:23 . 2010-05-30 17:42 -------- d-----w- C:\Easy Paycheck Formula
2010-05-30 17:03 . 2010-05-30 17:03 0 ----a-w- c:\windows\nsreg.dat
2010-05-30 17:03 . 2010-05-30 17:03 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2010-05-28 08:10 . 2010-05-28 08:10 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-27 15:43 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-27 15:43 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-05-27 13:23 . 2010-05-27 13:23 -------- d-----w- c:\documents and settings\user\Application Data\AVG9
2010-05-26 04:07 . 2010-05-27 13:38 -------- d-----w- c:\documents and settings\user\Application Data\dvdcss
2010-05-26 04:02 . 2010-05-26 04:02 -------- d-----w- c:\documents and settings\user\Application Data\ImgBurn
2010-05-26 03:50 . 2010-05-26 03:57 -------- d-----w- c:\program files\ImgBurn
2010-05-25 15:10 . 2010-06-13 19:02 -------- d-----w- C:\Lua
2010-05-24 23:00 . 2010-05-28 08:05 -------- d-----w- c:\program files\Microsoft Works
2010-05-24 22:58 . 2010-05-24 22:58 -------- d-----w- c:\program files\Microsoft.NET
2010-05-24 22:56 . 2010-05-24 22:56 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-24 22:56 . 2010-05-24 22:59 -------- d-----w- c:\windows\SHELLNEW
2010-05-24 22:55 . 2010-05-24 22:55 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Microsoft Help
2010-05-24 22:55 . 2010-05-29 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-24 22:55 . 2010-05-24 22:55 -------- d-----r- C:\MSOCache
2010-05-24 22:43 . 2010-05-31 02:58 -------- d-----w- c:\program files\PeerGuardian2
2010-05-24 21:20 . 2010-05-24 21:20 3143 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2010-05-24 21:20 . 2010-05-24 21:20 3663 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2010-05-24 21:19 . 2010-05-24 21:19 2863 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
2010-05-24 21:04 . 2010-05-24 21:04 2897 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
2010-05-24 21:04 . 2010-05-24 21:04 3018 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2010-05-24 21:03 . 2010-05-24 21:03 -------- d-----w- c:\documents and settings\user\Application Data\AccurateRip
2010-05-24 21:03 . 2010-05-24 21:03 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-05-24 21:03 . 2010-05-22 18:11 421552 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-05-24 21:03 . 2010-05-24 21:03 -------- d-----w- c:\program files\Illustrate
2010-05-24 21:02 . 2010-05-24 21:02 -------- d-----w- c:\program files\Comical
2010-05-24 20:30 . 2010-05-24 20:30 -------- d-----w- c:\documents and settings\user\Application Data\Call Graph
2010-05-24 20:30 . 2009-07-18 13:51 3883424 ----a-w- c:\documents and settings\user\Application Data\Call Graph\CallGraphBrowser\plugins\NPSWF32.dll
2010-05-24 20:30 . 2010-05-24 20:30 -------- d-----w- c:\program files\Call Graph
2010-05-24 19:38 . 2010-05-24 19:38 -------- d-----w- c:\program files\Alcohol Soft
2010-05-24 19:07 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-05-24 19:07 . 2008-04-14 10:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-05-24 19:07 . 2008-04-14 05:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-24 19:07 . 2008-04-14 05:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-24 02:46 . 2010-05-24 02:46 -------- d-----w- c:\windows\system32\XPSViewer
2010-05-24 02:46 . 2010-05-24 23:00 -------- d-----w- c:\program files\MSBuild
2010-05-24 02:46 . 2010-05-24 02:46 -------- d-----w- c:\program files\Reference Assemblies
2010-05-24 02:45 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-05-24 02:45 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-05-24 02:45 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-05-24 02:45 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-05-24 02:45 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-05-24 02:45 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-05-24 02:45 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-05-24 02:45 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-05-24 02:45 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-05-24 00:41 . 2010-05-24 00:41 -------- d-----w- c:\windows\Motorola
2010-05-24 00:37 . 2010-05-24 00:37 -------- d-----w- c:\program files\MSXML 4.0
2010-05-24 00:21 . 2010-05-24 00:21 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Adobe
2010-05-23 17:42 . 2010-06-13 19:28 -------- d-----w- C:\JD
2010-05-23 17:31 . 2010-05-31 14:58 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2010-05-23 17:31 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-23 17:31 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-23 17:30 . 2010-05-23 17:30 -------- d-----w- c:\program files\iPod
2010-05-23 17:30 . 2010-05-23 17:31 -------- d-----w- c:\program files\iTunes
2010-05-23 17:30 . 2010-05-23 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-23 17:30 . 2010-05-23 17:30 -------- d-----w- c:\program files\QuickTime
2010-05-23 17:30 . 2010-05-23 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-23 17:30 . 2010-05-23 17:30 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple
2010-05-23 17:30 . 2010-05-23 17:30 -------- d-----w- c:\program files\Apple Software Update
2010-05-23 17:29 . 2010-04-16 13:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-05-23 17:29 . 2010-04-16 13:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-05-23 17:29 . 2010-05-23 17:29 -------- d-----w- c:\program files\Bonjour
2010-05-23 17:29 . 2010-05-24 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-23 17:29 . 2010-05-23 17:30 -------- d-----w- c:\program files\Common Files\Apple
2010-05-23 17:28 . 2010-05-23 17:31 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer
2010-05-23 17:22 . 2010-05-23 17:22 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3b8316d9-n\msvcp71.dll
2010-05-23 17:22 . 2010-05-23 17:22 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3b8316d9-n\jmc.dll
2010-05-23 17:22 . 2010-05-23 17:22 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3b8316d9-n\msvcr71.dll
2010-05-23 17:21 . 2010-05-28 14:52 -------- d-----w- c:\program files\JDownloader
2010-05-23 17:21 . 2010-05-23 17:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-05-23 17:21 . 2010-05-23 17:21 -------- d-----w- c:\program files\Java
2010-05-23 17:21 . 2010-05-23 17:21 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-05-23 17:20 . 2010-05-23 17:20 79488 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-05-23 16:56 . 2010-05-23 16:56 1956808 ----a-w- c:\documents and settings\user\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-05-23 16:08 . 2010-05-23 16:08 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-05-23 16:08 . 2010-05-23 16:08 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-23 16:06 . 2010-05-23 16:06 -------- d-----w- c:\program files\AVG
2010-05-23 16:06 . 2010-05-23 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-23 15:56 . 2010-05-23 15:56 -------- d-sh--w- c:\documents and settings\user\UserData
2010-05-23 15:10 . 2010-05-23 15:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-23 15:09 . 2010-05-23 15:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-23 14:53 . 2010-06-05 23:57 -------- d-----w- c:\documents and settings\user\Application Data\vlc
2010-05-23 14:52 . 2010-05-23 14:52 -------- d-----w- c:\program files\VideoLAN
2010-05-23 14:48 . 2010-05-23 14:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-23 14:48 . 2010-06-13 21:55 -------- d-----w- c:\documents and settings\user\Application Data\skypePM
2010-05-23 14:47 . 2010-06-13 22:01 -------- d-----w- c:\documents and settings\user\Application Data\Skype
2010-05-23 14:47 . 2010-05-23 14:47 -------- d-----w- c:\program files\Common Files\Skype
2010-05-23 14:47 . 2010-05-23 14:47 -------- d-----r- c:\program files\Skype
2010-05-23 14:47 . 2010-05-23 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-23 14:37 . 2005-11-28 18:51 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-05-23 14:30 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-23 14:30 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-05-23 14:30 . 2010-05-23 14:30 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2010-05-23 14:29 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-23 14:29 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-05-23 14:28 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-05-23 14:28 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-05-23 14:28 . 2010-05-23 14:28 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2010-05-23 14:27 . 2010-05-23 14:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-23 14:27 . 2010-05-23 14:27 -------- d-sh--w- c:\documents and settings\user\IETldCache
2010-05-23 14:25 . 2010-05-24 15:11 -------- d-----w- c:\windows\ie8updates
2010-05-23 14:23 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-05-23 14:23 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-05-23 14:23 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-05-23 14:23 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-05-23 14:21 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-23 14:21 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-23 14:21 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-23 14:21 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-23 14:21 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 01:07 . 2006-06-19 04:25 70008 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-23 14:15 . 2010-05-23 14:15 -------- d-----w- c:\program files\SigmaTel
2010-05-23 14:15 . 2010-05-23 14:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 14:15 . 2010-05-23 14:15 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-23 13:53 . 2006-06-17 09:39 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-28 20:45 . 2010-04-28 20:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-01 2065248]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SMSERIAL"="sm56hlpr.exe" [2006-01-11 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-23 14:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Call Graph\\xulrunner\\xulrunner.exe"=
"c:\\Program Files\\Call Graph\\CallGraph.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5/23/2010 9:10 AM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/23/2010 9:10 AM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2010 9:10 AM 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2010 9:10 AM 242896]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [5/23/2010 9:08 AM 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/23/2010 11:08 AM 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [6/1/2010 10:29 AM 2331544]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/23/2010 11:08 AM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/23/2010 11:08 AM 30104]
S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [5/23/2010 11:08 AM 5888008]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5/23/2010 11:08 AM 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5/23/2010 11:08 AM 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5/23/2010 11:08 AM 26120]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/23/2010 10:10 AM 691696]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\m7zkp8jh.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-13 17:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A2B8EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba98cf28
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\atapi -> atapi.sys @ 0xba624852
\Driver\iaStor -> IASTOR.SYS @ 0xba63ef80
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel® PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xba4ebbb0
PacketIndicateHandler -> NDIS.sys @ 0xba4daa0d
SendHandler -> NDIS.sys @ 0xba4eeb40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1028)
c:\windows\system32\WININET.dll
.
Completion time: 2010-06-13 17:27:04
ComboFix-quarantined-files.txt 2010-06-13 22:26

Pre-Run: 214,878,527,488 bytes free
Post-Run: 215,591,464,960 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - BBC7DBB22D560040ACEC1E773A182636


#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:19 AM

Posted 13 June 2010 - 10:36 PM

Hi austin_2010,
  1. Go to this page and Download TDSSKiller.zip to your Desktop.
  2. Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  3. Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  4. If TDSSKiller alerts you that the system needs to reboot, please consent.
  5. When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
*************


Please run GMER and post its log.

Edited by SifuMike, 13 June 2010 - 11:07 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 austin_2010

austin_2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 14 June 2010 - 09:03 AM

Thanks SifuMike. Here are the logs.

TDSSKiller

23:42:04:593 4232 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
23:42:04:593 4232 ================================================================================
23:42:04:593 4232 SystemInfo:

23:42:04:593 4232 OS Version: 5.1.2600 ServicePack: 3.0
23:42:04:593 4232 Product type: Workstation
23:42:04:593 4232 ComputerName: YOUR-4E52C462A8
23:42:04:593 4232 UserName: user
23:42:04:593 4232 Windows directory: C:\WINDOWS
23:42:04:593 4232 Processor architecture: Intel x86
23:42:04:593 4232 Number of processors: 2
23:42:04:593 4232 Page size: 0x1000
23:42:04:593 4232 Boot type: Normal boot
23:42:04:593 4232 ================================================================================
23:42:04:921 4232 Initialize success
23:42:04:921 4232
23:42:04:921 4232 Scanning Services ...
23:42:05:078 4232 Raw services enum returned 345 services
23:42:05:093 4232
23:42:05:093 4232 Scanning Drivers ...
23:42:05:609 4232 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:42:05:671 4232 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:42:05:718 4232 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:42:05:750 4232 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:42:05:828 4232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:42:05:890 4232 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
23:42:06:015 4232 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
23:42:06:078 4232 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:42:06:093 4232 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:42:06:156 4232 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:42:06:171 4232 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:42:06:203 4232 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:42:06:218 4232 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:42:06:234 4232 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:42:06:265 4232 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:42:06:281 4232 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
23:42:06:328 4232 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:42:06:359 4232 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
23:42:06:375 4232 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:42:06:390 4232 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:42:06:421 4232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:42:06:453 4232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:42:06:484 4232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:42:06:515 4232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:42:06:562 4232 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
23:42:06:562 4232 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
23:42:06:625 4232 AVGIDSDriverxpx (56206c641454aba963151329f9363003) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys
23:42:06:734 4232 AVGIDSErHrxpx (5f76534d86f5d87902bd8cca3d651e8e) C:\WINDOWS\system32\Drivers\AVGIDSxx.sys
23:42:06:765 4232 AVGIDSFilterxpx (8ee3a628ea3c6d5569cc3b3a94ec86b8) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys
23:42:06:781 4232 AVGIDSShimxpx (d5b81f9ee6361ebc8df702569da01370) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys
23:42:06:812 4232 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\WINDOWS\system32\Drivers\avgldx86.sys
23:42:06:875 4232 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
23:42:06:906 4232 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
23:42:06:984 4232 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) C:\WINDOWS\system32\Drivers\avgtdix.sys
23:42:07:046 4232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:42:07:234 4232 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:42:07:250 4232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:42:07:265 4232 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:42:07:296 4232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:42:07:375 4232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:42:07:390 4232 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:42:07:437 4232 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:42:07:484 4232 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:42:07:515 4232 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:42:07:546 4232 Cpqarray (b40e6d0f134440cf285226a25e330832) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:42:07:546 4232 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cpqarray.sys. Real md5: b40e6d0f134440cf285226a25e330832, Fake md5: e37e6907101bcb2161b060f9e57ac7a5
23:42:07:546 4232 File "C:\WINDOWS\system32\DRIVERS\cpqarray.sys" infected by TDSS rootkit ... 23:42:09:359 4232 Backup copy found, using it..
23:42:09:359 4232 will be cured on next reboot
23:42:09:515 4232 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:42:09:578 4232 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:42:09:640 4232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:42:09:703 4232 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:42:09:750 4232 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:42:09:765 4232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:42:09:812 4232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:42:09:843 4232 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:42:09:875 4232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:42:09:953 4232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:42:09:984 4232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:42:10:015 4232 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:42:10:031 4232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:42:10:093 4232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:42:10:125 4232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:42:10:171 4232 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:42:10:234 4232 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:42:10:296 4232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:42:10:359 4232 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:42:10:390 4232 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:42:10:453 4232 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
23:42:10:515 4232 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:42:10:578 4232 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
23:42:10:593 4232 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:42:10:656 4232 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:42:10:750 4232 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:42:10:890 4232 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
23:42:10:921 4232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:42:10:968 4232 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:42:10:984 4232 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:42:11:015 4232 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:42:11:046 4232 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:42:11:078 4232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:42:11:109 4232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:42:11:156 4232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:42:11:187 4232 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:42:11:218 4232 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:42:11:265 4232 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:42:11:296 4232 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:42:11:312 4232 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:42:11:359 4232 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
23:42:11:468 4232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:42:11:546 4232 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:42:11:625 4232 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:42:11:671 4232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:42:11:703 4232 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:42:11:734 4232 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:42:11:781 4232 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:42:11:812 4232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:42:11:828 4232 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:42:11:859 4232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:42:11:921 4232 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:42:12:468 4232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:42:12:500 4232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:42:12:531 4232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:42:12:562 4232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:42:12:625 4232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:42:12:671 4232 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
23:42:12:703 4232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:42:12:734 4232 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:42:12:750 4232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:42:12:781 4232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:42:12:828 4232 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
23:42:12:859 4232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:42:12:890 4232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:42:12:906 4232 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:42:12:937 4232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:42:12:984 4232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:42:13:062 4232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:42:13:109 4232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:42:13:125 4232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:42:13:156 4232 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:42:13:203 4232 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:42:13:218 4232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:42:13:265 4232 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:42:13:281 4232 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:42:13:312 4232 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:42:13:328 4232 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:42:13:375 4232 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
23:42:13:406 4232 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:42:13:437 4232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:42:13:453 4232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:42:13:468 4232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:42:13:515 4232 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:42:13:546 4232 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:42:13:562 4232 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:42:13:578 4232 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:42:13:593 4232 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:42:13:609 4232 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:42:13:656 4232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:42:13:703 4232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:42:13:734 4232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:42:13:750 4232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:42:13:781 4232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:42:13:812 4232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:42:13:843 4232 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:42:13:890 4232 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
23:42:13:937 4232 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:42:14:000 4232 s24trans (2e4e912ce95f5ef4d4a5079f6ce367fc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
23:42:14:078 4232 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:42:14:109 4232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:42:14:140 4232 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:42:14:171 4232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:42:14:203 4232 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:42:14:296 4232 smserial (99cbb618a4b8676086de9fd2ad4f9820) C:\WINDOWS\system32\DRIVERS\smserial.sys
23:42:14:375 4232 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:42:14:437 4232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:42:14:562 4232 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
23:42:14:640 4232 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:42:14:734 4232 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
23:42:14:859 4232 STHDA (43f6a0513268c56a1f0adb491f27417b) C:\WINDOWS\system32\drivers\sthda.sys
23:42:14:921 4232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:42:14:984 4232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:42:15:062 4232 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
23:42:15:078 4232 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:42:15:093 4232 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:42:15:109 4232 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:42:15:156 4232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:42:15:218 4232 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:42:15:281 4232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:42:15:312 4232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:42:15:343 4232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:42:15:406 4232 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
23:42:15:468 4232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:42:15:500 4232 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
23:42:15:546 4232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:42:15:640 4232 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:42:15:734 4232 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:42:15:796 4232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:42:15:812 4232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:42:15:859 4232 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:42:15:906 4232 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:42:15:953 4232 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:42:16:015 4232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:42:16:046 4232 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:42:16:062 4232 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:42:16:078 4232 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:42:16:187 4232 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
23:42:16:375 4232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:42:16:453 4232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:42:16:468 4232 Reboot required for cure complete..
23:42:16:515 4232 Cure on reboot scheduled successfully
23:42:16:515 4232
23:42:16:515 4232 Completed
23:42:16:515 4232
23:42:16:515 4232 Results:
23:42:16:515 4232 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
23:42:16:515 4232 File objects infected / cured / cured on reboot: 1 / 0 / 1
23:42:16:515 4232
23:42:16:531 4232 KLMD(ARK) unloaded successfully

GEMR

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-14 01:41:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\kwlyrfog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x71 0x3A 0x1A 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x40 0x54 0x7C 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6B 0xE5 0xC7 0x09 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x71 0x3A 0x1A 0x68 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x40 0x54 0x7C 0x7D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6B 0xE5 0xC7 0x09 ...

---- EOF - GMER 1.0.15 ----


#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:19 AM

Posted 14 June 2010 - 09:27 AM

Hi austin_2010,

Looks good. thumbup2.gif

Please run disable your AVG antivirus and run ComboFix. Post the ComboFix log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 austin_2010

austin_2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 14 June 2010 - 10:23 AM

Once again, SifuMike, thank you.

Here's the log.

ComboFix 10-06-13.04 - user 06/14/2010 10:13:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1408 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))
.

2010-06-14 14:31 . 2010-06-14 14:31 2332000 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2010-06-14 14:06 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-13 22:33 . 2010-06-13 22:33 -------- d-----w- C:\cabs
2010-06-06 07:30 . 2010-06-06 07:30 -------- d-----w- C:\$AVG
2010-06-06 04:57 . 2010-06-06 04:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-06 00:04 . 2010-06-06 00:04 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2010-06-06 00:03 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-06 00:03 . 2010-06-06 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-06 00:03 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-06 00:03 . 2010-06-06 00:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-05 23:12 . 2010-06-05 23:15 -------- d-----w- C:\Talk Now! - Learn Finnish
2010-06-05 22:56 . 2010-06-05 22:56 -------- d-----w- c:\windows\Sun
2010-06-01 15:29 . 2010-06-01 15:29 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-01 15:29 . 2010-06-01 15:29 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-05-30 17:23 . 2010-05-30 17:42 -------- d-----w- C:\Easy Paycheck Formula
2010-05-30 17:03 . 2010-05-30 17:03 0 ----a-w- c:\windows\nsreg.dat
2010-05-30 17:03 . 2010-05-30 17:03 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2010-05-28 08:10 . 2010-05-28 08:10 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-27 15:43 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-27 15:43 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-05-27 13:23 . 2010-05-27 13:23 -------- d-----w- c:\documents and settings\user\Application Data\AVG9
2010-05-26 04:07 . 2010-05-27 13:38 -------- d-----w- c:\documents and settings\user\Application Data\dvdcss
2010-05-26 04:02 . 2010-05-26 04:02 -------- d-----w- c:\documents and settings\user\Application Data\ImgBurn
2010-05-26 03:50 . 2010-05-26 03:57 -------- d-----w- c:\program files\ImgBurn
2010-05-25 15:10 . 2010-06-13 19:02 -------- d-----w- C:\Lua
2010-05-24 23:00 . 2010-05-28 08:05 -------- d-----w- c:\program files\Microsoft Works
2010-05-24 22:58 . 2010-05-24 22:58 -------- d-----w- c:\program files\Microsoft.NET
2010-05-24 22:56 . 2010-05-24 22:56 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-24 22:56 . 2010-05-24 22:59 -------- d-----w- c:\windows\SHELLNEW
2010-05-24 22:55 . 2010-05-24 22:55 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Microsoft Help
2010-05-24 22:55 . 2010-06-14 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-24 22:55 . 2010-05-24 22:55 -------- d-----r- C:\MSOCache
2010-05-24 22:43 . 2010-05-31 02:58 -------- d-----w- c:\program files\PeerGuardian2
2010-05-24 21:20 . 2010-05-24 21:20 3143 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2010-05-24 21:20 . 2010-05-24 21:20 3663 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2010-05-24 21:19 . 2010-05-24 21:19 2863 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
2010-05-24 21:04 . 2010-05-24 21:04 2897 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
2010-05-24 21:04 . 2010-05-24 21:04 3018 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2010-05-24 21:03 . 2010-05-24 21:03 -------- d-----w- c:\documents and settings\user\Application Data\AccurateRip
2010-05-24 21:03 . 2010-05-24 21:03 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-05-24 21:03 . 2010-05-22 18:11 421552 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-05-24 21:03 . 2010-05-24 21:03 -------- d-----w- c:\program files\Illustrate
2010-05-24 21:02 . 2010-05-24 21:02 -------- d-----w- c:\program files\Comical
2010-05-24 20:30 . 2010-05-24 20:30 -------- d-----w- c:\documents and settings\user\Application Data\Call Graph
2010-05-24 20:30 . 2009-07-18 13:51 3883424 ----a-w- c:\documents and settings\user\Application Data\Call Graph\CallGraphBrowser\plugins\NPSWF32.dll
2010-05-24 20:30 . 2010-05-24 20:30 -------- d-----w- c:\program files\Call Graph
2010-05-24 19:38 . 2010-05-24 19:38 -------- d-----w- c:\program files\Alcohol Soft
2010-05-24 19:07 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-05-24 19:07 . 2008-04-14 10:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-05-24 19:07 . 2008-04-14 05:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-24 19:07 . 2008-04-14 05:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-24 02:46 . 2010-05-24 02:46 -------- d-----w- c:\windows\system32\XPSViewer
2010-05-24 02:46 . 2010-05-24 23:00 -------- d-----w- c:\program files\MSBuild
2010-05-24 02:46 . 2010-05-24 02:46 -------- d-----w- c:\program files\Reference Assemblies
2010-05-24 02:45 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-05-24 02:45 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-05-24 02:45 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-05-24 02:45 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-05-24 02:45 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-05-24 02:45 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-05-24 02:45 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-05-24 02:45 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-05-24 02:45 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-05-24 00:41 . 2010-05-24 00:41 -------- d-----w- c:\windows\Motorola
2010-05-24 00:37 . 2010-05-24 00:37 -------- d-----w- c:\program files\MSXML 4.0
2010-05-24 00:21 . 2010-05-24 00:21 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Adobe
2010-05-23 17:42 . 2010-06-13 19:28 -------- d-----w- C:\JD
2010-05-23 17:31 . 2010-05-31 14:58 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2010-05-23 17:31 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-23 17:31 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-23 17:30 . 2010-05-23 17:30 -------- d-----w- c:\program files\iPod
2010-05-23 17:30 . 2010-05-23 17:31 -------- d-----w- c:\program files\iTunes
2010-05-23 17:30 . 2010-05-23 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-23 17:30 . 2010-05-23 17:30 -------- d-----w- c:\program files\QuickTime
2010-05-23 17:30 . 2010-05-23 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-23 17:30 . 2010-05-23 17:30 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple
2010-05-23 17:30 . 2010-05-23 17:30 -------- d-----w- c:\program files\Apple Software Update
2010-05-23 17:29 . 2010-04-16 13:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-05-23 17:29 . 2010-04-16 13:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-05-23 17:29 . 2010-05-23 17:29 -------- d-----w- c:\program files\Bonjour
2010-05-23 17:29 . 2010-05-24 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-23 17:29 . 2010-05-23 17:30 -------- d-----w- c:\program files\Common Files\Apple
2010-05-23 17:28 . 2010-05-23 17:31 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer
2010-05-23 17:22 . 2010-05-23 17:22 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3b8316d9-n\msvcp71.dll
2010-05-23 17:22 . 2010-05-23 17:22 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3b8316d9-n\jmc.dll
2010-05-23 17:22 . 2010-05-23 17:22 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3b8316d9-n\msvcr71.dll
2010-05-23 17:21 . 2010-05-28 14:52 -------- d-----w- c:\program files\JDownloader
2010-05-23 17:21 . 2010-05-23 17:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-05-23 17:21 . 2010-05-23 17:21 -------- d-----w- c:\program files\Java
2010-05-23 17:21 . 2010-05-23 17:21 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-05-23 17:20 . 2010-05-23 17:20 79488 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-05-23 16:56 . 2010-05-23 16:56 1956808 ----a-w- c:\documents and settings\user\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-05-23 16:08 . 2010-05-23 16:08 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-05-23 16:08 . 2010-05-23 16:08 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-23 16:06 . 2010-05-23 16:06 -------- d-----w- c:\program files\AVG
2010-05-23 16:06 . 2010-05-23 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-23 15:56 . 2010-05-23 15:56 -------- d-sh--w- c:\documents and settings\user\UserData
2010-05-23 15:10 . 2010-05-23 15:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-23 15:09 . 2010-05-23 15:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-23 14:53 . 2010-06-05 23:57 -------- d-----w- c:\documents and settings\user\Application Data\vlc
2010-05-23 14:52 . 2010-05-23 14:52 -------- d-----w- c:\program files\VideoLAN
2010-05-23 14:48 . 2010-05-23 14:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-23 14:48 . 2010-06-14 13:58 -------- d-----w- c:\documents and settings\user\Application Data\skypePM
2010-05-23 14:47 . 2010-06-14 15:08 -------- d-----w- c:\documents and settings\user\Application Data\Skype
2010-05-23 14:47 . 2010-05-23 14:47 -------- d-----w- c:\program files\Common Files\Skype
2010-05-23 14:47 . 2010-05-23 14:47 -------- d-----r- c:\program files\Skype
2010-05-23 14:47 . 2010-05-23 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-23 14:37 . 2005-11-28 18:51 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-05-23 14:30 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-23 14:30 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-05-23 14:30 . 2010-05-23 14:30 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2010-05-23 14:29 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-23 14:29 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-05-23 14:28 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-05-23 14:28 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-05-23 14:28 . 2010-05-23 14:28 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2010-05-23 14:27 . 2010-05-23 14:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-23 14:27 . 2010-05-23 14:27 -------- d-sh--w- c:\documents and settings\user\IETldCache
2010-05-23 14:25 . 2010-05-24 15:11 -------- d-----w- c:\windows\ie8updates
2010-05-23 14:23 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-05-23 14:23 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-05-23 14:23 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-05-23 14:23 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-05-23 14:21 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-23 14:21 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 04:43 . 2010-05-23 09:08 14976 ----a-w- c:\windows\system32\drivers\cpqarray.sys
2010-05-29 01:07 . 2006-06-19 04:25 70008 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-23 14:15 . 2010-05-23 14:15 -------- d-----w- c:\program files\SigmaTel
2010-05-23 14:15 . 2010-05-23 14:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 14:15 . 2010-05-23 14:15 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-23 13:53 . 2006-06-17 09:39 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-06 10:41 . 2006-06-17 09:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-06-17 09:23 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 20:45 . 2010-04-28 20:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-20 05:30 . 2010-05-23 09:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-06-13_22.23.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-14 14:24 . 2010-06-14 14:24 16384 c:\windows\Temp\Perflib_Perfdata_7d4.dat
- 2006-06-17 09:23 . 2010-05-25 04:10 71462 c:\windows\system32\perfc009.dat
+ 2006-06-17 09:23 . 2010-06-14 14:15 71462 c:\windows\system32\perfc009.dat
+ 2009-11-06 03:17 . 2009-11-06 03:17 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2009-03-08 09:31 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 09:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
- 2006-06-17 09:23 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2006-06-17 09:23 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
+ 2010-05-23 14:20 . 2010-06-13 22:35 21275 c:\windows\system32\drivers\AegisP.sys
- 2010-05-23 14:20 . 2010-05-23 14:20 21275 c:\windows\system32\drivers\AegisP.sys
- 2010-05-23 14:21 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-05-23 14:21 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-03-08 09:33 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 09:33 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2010-05-23 09:08 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-04-01 16:42 . 2010-04-01 16:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 09:19 . 2003-02-21 09:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2006-06-17 09:36 . 2010-02-09 23:22 81920 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Security.dll
- 2010-05-24 23:03 . 2010-05-29 08:06 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-05-24 23:03 . 2010-06-14 14:21 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-05-24 23:03 . 2010-06-14 14:21 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-05-24 23:03 . 2010-05-29 08:06 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-05-24 23:03 . 2010-06-14 14:21 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-05-24 23:03 . 2010-05-29 08:06 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-06-14 14:19 . 2010-02-25 06:24 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-14 14:19 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-14 14:19 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-06-14 14:22 . 2010-06-14 14:22 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_087df7c9\System.Drawing.Design.dll
+ 2010-06-14 14:22 . 2010-06-14 14:22 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_d5527af0\CustomMarshalers.dll
+ 2010-06-14 14:16 . 2010-06-14 14:16 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe
+ 2010-06-14 14:16 . 2010-06-14 14:16 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-05-24 02:46 . 2010-05-24 02:46 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-14 14:22 . 2010-06-14 14:22 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-14 14:22 . 2010-06-14 14:22 81920 c:\windows\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-05-24 15:13 . 2010-05-24 15:13 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-06-17 09:23 . 2010-06-14 14:15 441692 c:\windows\system32\perfh009.dat
- 2006-06-17 09:23 . 2010-05-25 04:10 441692 c:\windows\system32\perfh009.dat
- 2010-05-23 09:13 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
+ 2010-05-23 09:13 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
- 2006-06-17 09:23 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2006-06-17 09:23 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 09:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2010-06-14 04:45 . 2010-06-14 04:45 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
+ 2010-06-14 04:45 . 2010-06-14 04:45 311760 c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.dll
- 2006-06-17 09:23 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2006-06-17 09:23 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
- 2010-05-23 09:10 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
+ 2010-05-23 09:10 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
- 2010-05-23 09:10 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2010-05-23 09:10 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2006-06-17 02:30 . 2010-05-28 08:27 269392 c:\windows\system32\FNTCACHE.DAT
+ 2006-06-17 02:30 . 2010-06-14 14:24 269392 c:\windows\system32\FNTCACHE.DAT
+ 2009-03-08 09:34 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-03-08 09:34 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 09:34 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 09:34 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 09:32 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 09:32 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
- 2010-05-23 14:21 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-05-23 14:21 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-03-08 09:31 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 09:31 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 19:09 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 19:09 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 09:32 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 09:32 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-02-09 17:22 . 2010-02-09 17:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 19:49 . 2010-03-31 19:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2010-05-23 14:19 . 2006-09-13 06:16 625152 c:\windows\Installer\iProData\mWMI.msi
+ 2010-06-13 22:34 . 2006-09-13 06:16 625152 c:\windows\Installer\iProData\mWMI.msi
+ 2010-06-13 22:34 . 2006-09-13 06:16 348256 c:\windows\Installer\iProData\mWlsSafe.msi
- 2010-05-23 14:19 . 2006-09-13 06:16 348256 c:\windows\Installer\iProData\mWlsSafe.msi
+ 2010-06-13 22:34 . 2006-09-13 06:16 507392 c:\windows\Installer\iProData\mTrace.msi
- 2010-05-23 14:19 . 2006-09-13 06:16 507392 c:\windows\Installer\iProData\mTrace.msi
- 2010-05-23 14:19 . 2006-09-13 06:16 669696 c:\windows\Installer\iProData\mSDK.msi
+ 2010-06-13 22:34 . 2006-09-13 06:16 669696 c:\windows\Installer\iProData\mSDK.msi
- 2010-05-23 14:19 . 2006-09-13 06:16 347220 c:\windows\Installer\iProData\mProSafe.msi
+ 2010-06-13 22:34 . 2006-09-13 06:16 347220 c:\windows\Installer\iProData\mProSafe.msi
+ 2010-06-13 22:34 . 2006-09-13 06:15 908800 c:\windows\Installer\iProData\mLogView.msi
- 2010-05-23 14:19 . 2006-09-13 06:15 908800 c:\windows\Installer\iProData\mLogView.msi
+ 2010-06-13 22:34 . 2006-09-13 06:15 849920 c:\windows\Installer\iProData\mGina.msi
- 2010-05-23 14:19 . 2006-09-13 06:15 849920 c:\windows\Installer\iProData\mGina.msi
- 2010-05-23 14:19 . 2006-09-13 06:15 950784 c:\windows\Installer\iProData\mDrWiFi.msi
+ 2010-06-13 22:34 . 2006-09-13 06:15 950784 c:\windows\Installer\iProData\mDrWiFi.msi
+ 2010-06-13 22:34 . 2006-09-13 06:15 319488 c:\windows\Installer\iProData\iconvrtr.exe
- 2010-05-23 14:19 . 2006-09-13 06:15 319488 c:\windows\Installer\iProData\iconvrtr.exe
+ 2010-02-25 05:14 . 2010-02-25 05:14 543232 c:\windows\Installer\bbde9.msp
+ 2010-05-24 23:03 . 2010-06-14 14:21 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-05-24 23:03 . 2010-05-29 08:06 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-05-24 23:03 . 2010-05-29 08:06 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-05-24 23:03 . 2010-06-14 14:21 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-05-24 23:03 . 2010-06-14 14:21 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2010-05-24 23:03 . 2010-05-29 08:06 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2010-05-24 23:03 . 2010-05-29 08:06 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-05-24 23:03 . 2010-06-14 14:21 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2010-05-24 23:03 . 2010-05-29 08:06 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2010-05-24 23:03 . 2010-06-14 14:21 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-05-24 23:03 . 2010-05-29 08:06 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-05-24 23:03 . 2010-06-14 14:21 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-03-06 09:26 . 2009-03-06 09:26 770464 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\REGFORM.EXE
+ 2008-10-25 14:27 . 2008-10-25 14:27 177040 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\IPOLK.DLL
+ 2010-06-14 14:19 . 2010-02-25 06:24 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-14 14:19 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-14 14:19 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-14 14:19 . 2010-02-25 06:24 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-14 14:19 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-14 14:19 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-14 14:19 . 2010-02-25 06:24 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-14 14:19 . 2010-02-25 06:24 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-14 14:19 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-14 14:19 . 2010-02-25 06:24 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-14 14:19 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-06-14 14:22 . 2010-06-14 14:22 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_45c3a170\System.Drawing.dll
+ 2010-06-14 14:22 . 2010-06-14 14:22 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b4b6c0f2\System.Drawing.Design.dll
+ 2010-06-14 14:22 . 2010-06-14 14:22 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_61953560\CustomMarshalers.dll
+ 2010-06-14 15:17 . 2010-06-14 15:17 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-06-14 14:18 . 2010-06-14 14:18 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7c702f75d47bf841b9587e582c2d0b2\WindowsFormsIntegration.ni.dll
+ 2010-06-14 14:18 . 2010-06-14 14:18 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\3a78043c85333d5af49a0d958912ae4a\UIAutomationClient.ni.dll
+ 2010-06-14 15:18 . 2010-06-14 15:18 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-06-14 15:17 . 2010-06-14 15:17 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-14 15:18 . 2010-06-14 15:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-14 14:18 . 2010-06-14 14:18 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-14 15:18 . 2010-06-14 15:18 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-06-14 15:17 . 2010-06-14 15:17 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-14 15:17 . 2010-06-14 15:17 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-14 15:17 . 2010-06-14 15:17 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-14 14:17 . 2010-06-14 14:17 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll
+ 2010-06-14 14:17 . 2010-06-14 14:17 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad524016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll
+ 2010-06-14 14:17 . 2010-06-14 14:17 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll
+ 2010-06-14 14:17 . 2010-06-14 14:17 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll
+ 2010-06-14 15:18 . 2010-06-14 15:18 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-06-14 15:17 . 2010-06-14 15:17 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-14 15:18 . 2010-06-14 15:18 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-06-14 15:18 . 2010-06-14 15:18 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-06-14 15:17 . 2010-06-14 15:17 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-06-14 15:18 . 2010-06-14 15:18 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2010-05-24 02:46 . 2010-05-24 02:46 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2006-06-17 09:24 . 2010-04-03 09:27 2334720 c:\windows\system32\WMVCore.dll
- 2006-06-17 09:23 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
+ 2006-06-17 09:23 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
- 2006-06-17 09:23 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2006-06-17 09:23 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
+ 2006-06-17 09:23 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2009-03-08 09:32 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
- 2009-03-08 09:32 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2008-06-11 07:58 . 2010-04-03 09:27 2334720 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-08-14 13:21 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
- 2009-03-08 09:34 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-08 09:34 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2009-11-27 17:11 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-11-27 17:11 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-03-08 09:41 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2010-05-23 14:21 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2010-05-23 14:21 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-06-13 22:34 . 2006-09-13 06:16 1170432 c:\windows\Installer\iProData\mZConfig.msi
- 2010-05-23 14:19 . 2006-09-13 06:16 1170432 c:\windows\Installer\iProData\mZConfig.msi
- 2010-05-23 14:19 . 2006-09-13 06:16 7607808 c:\windows\Installer\iProData\mXML.msi
+ 2010-06-13 22:34 . 2006-09-13 06:16 7607808 c:\windows\Installer\iProData\mXML.msi
- 2010-05-23 14:19 . 2006-09-13 06:16 1616896 c:\windows\Installer\iProData\mToolkit.msi
+ 2010-06-13 22:34 . 2006-09-13 06:16 1616896 c:\windows\Installer\iProData\mToolkit.msi
- 2010-05-23 14:19 . 2006-09-13 06:16 1129472 c:\windows\Installer\iProData\mSSO.msi
+ 2010-06-13 22:34 . 2006-09-13 06:16 1129472 c:\windows\Installer\iProData\mSSO.msi
- 2010-05-23 14:19 . 2006-09-13 06:16 1951744 c:\windows\Installer\iProData\mPfWiz.msi
+ 2010-06-13 22:34 . 2006-09-13 06:16 1951744 c:\windows\Installer\iProData\mPfWiz.msi
- 2010-05-23 14:19 . 2006-09-13 06:16 1498624 c:\windows\Installer\iProData\mPfMgr.msi
+ 2010-06-13 22:34 . 2006-09-13 06:16 1498624 c:\windows\Installer\iProData\mPfMgr.msi
+ 2010-06-13 22:34 . 2006-09-13 06:16 1486848 c:\windows\Installer\iProData\mMHouse.msi
- 2010-05-23 14:19 . 2006-09-13 06:16 1486848 c:\windows\Installer\iProData\mMHouse.msi
- 2010-05-23 14:19 . 2006-09-13 06:15 3324928 c:\windows\Installer\iProData\mIWA.msi
+ 2010-06-13 22:34 . 2006-09-13 06:15 3324928 c:\windows\Installer\iProData\mIWA.msi
- 2010-05-23 14:19 . 2006-09-13 06:16 8502268 c:\windows\Installer\iProData\mHelp.msi
+ 2010-06-13 22:34 . 2006-09-13 06:16 8502268 c:\windows\Installer\iProData\mHelp.msi
+ 2010-06-13 22:34 . 2006-09-13 06:15 1620480 c:\windows\Installer\iProData\mEOU.msi
- 2010-05-23 14:19 . 2006-09-13 06:15 1620480 c:\windows\Installer\iProData\mEOU.msi
+ 2010-06-13 22:34 . 2006-09-13 06:15 4404224 c:\windows\Installer\iProData\mDriver.msi
- 2010-05-23 14:19 . 2006-09-13 06:15 4404224 c:\windows\Installer\iProData\mDriver.msi
- 2010-05-23 14:19 . 2006-09-13 06:15 4779008 c:\windows\Installer\iProData\mCore.msi
+ 2010-06-13 22:34 . 2006-09-13 06:15 4779008 c:\windows\Installer\iProData\mCore.msi
+ 2010-04-24 22:08 . 2010-04-24 22:08 9129984 c:\windows\Installer\bbe83.msp
+ 2010-03-24 23:54 . 2010-03-24 23:54 3126272 c:\windows\Installer\bbe6e.msp
+ 2010-03-24 23:54 . 2010-03-24 23:54 2516992 c:\windows\Installer\bbe6d.msp
+ 2010-04-24 22:07 . 2010-04-24 22:07 4667392 c:\windows\Installer\bbe54.msp
+ 2010-04-24 22:05 . 2010-04-24 22:05 4199424 c:\windows\Installer\bbe40.msp
+ 2010-05-19 04:35 . 2010-05-19 04:35 5023744 c:\windows\Installer\bbe2c.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 2607104 c:\windows\Installer\bbe0a.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 4210688 c:\windows\Installer\bbe09.msp
+ 2010-04-24 22:10 . 2010-04-24 22:10 8486400 c:\windows\Installer\bbdde.msp
+ 2010-05-24 23:03 . 2010-06-14 14:21 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-05-24 23:03 . 2010-05-29 08:06 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-05-24 23:03 . 2010-05-29 08:06 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-05-24 23:03 . 2010-06-14 14:21 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-06 09:26 . 2009-03-06 09:26 5466488 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\IPDESIGN.DLL
+ 2008-11-04 05:40 . 2008-11-04 05:40 1442160 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\INFOPATH.EXE
+ 2010-06-14 14:19 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-14 14:19 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-14 14:19 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-06-14 14:22 . 2010-06-14 14:22 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b818fed3\System.dll
+ 2010-06-14 14:22 . 2010-06-14 14:22 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_5d591d00\System.dll
+ 2010-06-14 14:22 . 2010-06-14 14:22 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a342108d\System.Xml.dll
+ 2010-06-14 14:23 . 2010-06-14 14:23 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_6f0eee2e\System.Xml.dll
+ 2010-06-14 14:22 . 2010-06-14 14:22 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b4381681\System.Windows.Forms.dll
+ 2010-06-14 14:22 . 2010-06-14 14:22 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_37f033db\System.Windows.Forms.dll
+ 2010-06-14 14:24 . 2010-06-14 14:24 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_54095f8d\System.Drawing.dll
+ 2010-06-14 14:22 . 2010-06-14 14:22 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f8f979ee\System.Design.dll
+ 2010-06-14 14:24 . 2010-06-14 14:24 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c2b15663\System.Design.dll
+ 2010-06-14 14:25 . 2010-06-14 14:25 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f66f43fb\mscorlib.dll
+ 2010-06-14 14:22 . 2010-06-14 14:22 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_edd0c918\mscorlib.dll
+ 2010-06-14 14:16 . 2010-06-14 14:16 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll
+ 2010-06-14 14:18 . 2010-06-14 14:18 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\48b66876f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-14 14:18 . 2010-06-14 14:18 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-14 14:18 . 2010-06-14 14:18 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-14 15:17 . 2010-06-14 15:17 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-14 14:18 . 2010-06-14 14:18 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\161b423dc4e86e569af019e838d39de5\System.Printing.ni.dll
+ 2010-06-14 15:17 . 2010-06-14 15:17 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-14 14:18 . 2010-06-14 14:18 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-14 14:17 . 2010-06-14 14:17 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-14 15:18 . 2010-06-14 15:18 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-14 14:17 . 2010-06-14 14:17 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-14 14:17 . 2010-06-14 14:17 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-14 14:17 . 2010-06-14 14:17 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\fc373f0a8dbd173c63b6b95551b1c673\ReachFramework.ni.dll
+ 2010-06-14 14:17 . 2010-06-14 14:17 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ead93b6a4f0101cb99d09f3e3fc6491c\PresentationUI.ni.dll
+ 2010-06-14 14:16 . 2010-06-14 14:16 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-14 15:17 . 2010-06-14 15:17 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-14 15:18 . 2010-06-14 15:18 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-06-14 15:18 . 2010-06-14 15:18 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-14 14:15 . 2010-06-14 14:15 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-05-24 15:13 . 2010-05-24 15:13 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-14 14:22 . 2010-06-14 14:22 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-05-24 00:39 . 2010-05-24 00:39 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-06-14 14:22 . 2010-06-14 14:22 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-05-24 00:39 . 2010-05-24 00:39 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-05-23 14:22 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe
+ 2009-03-08 09:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2010-02-25 16:54 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-03 00:29 . 2010-04-03 00:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-04-02 17:30 . 2010-04-02 17:30 17456640 c:\windows\Installer\bbeb4.msp
+ 2010-04-24 22:09 . 2010-04-24 22:09 11750912 c:\windows\Installer\bbe97.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 14599680 c:\windows\Installer\bbe18.msp
+ 2010-04-24 22:07 . 2010-04-24 22:07 10118144 c:\windows\Installer\bbdfe.msp
+ 2010-06-14 14:19 . 2010-02-25 16:54 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-06-14 14:18 . 2010-06-14 14:18 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-14 15:17 . 2010-06-14 15:17 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-14 14:18 . 2010-06-14 14:18 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-14 14:17 . 2010-06-14 14:17 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ca898d942e4d85af4c3d5f14a77c359a\PresentationFramework.ni.dll
+ 2010-06-14 14:16 . 2010-06-14 14:16 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89d7afa8885c2a326379f03\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-01 2065248]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SMSERIAL"="sm56hlpr.exe" [2006-01-11 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-23 14:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Call Graph\\xulrunner\\xulrunner.exe"=
"c:\\Program Files\\Call Graph\\CallGraph.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5/23/2010 9:10 AM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/23/2010 9:10 AM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2010 9:10 AM 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2010 9:10 AM 242896]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [5/23/2010 9:08 AM 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/23/2010 11:08 AM 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [6/1/2010 10:29 AM 2331544]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/23/2010 11:08 AM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/23/2010 11:08 AM 30104]
S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [5/23/2010 11:08 AM 5888008]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5/23/2010 11:08 AM 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5/23/2010 11:08 AM 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5/23/2010 11:08 AM 26120]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/23/2010 10:10 AM 691696]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\m7zkp8jh.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-14 10:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3452)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-06-14 10:20:03
ComboFix-quarantined-files.txt 2010-06-14 15:20
ComboFix2.txt 2010-06-13 22:27

Pre-Run: 214,367,412,224 bytes free
Post-Run: 214,413,701,120 bytes free

- - End Of File - - 6126EA06CECEEB67D1AE747178C42BF8


#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:19 AM

Posted 14 June 2010 - 12:47 PM


Hi austin_2010,


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
    Please download Java Version 6 Update 20
  • Click the "Free Java Download" button.
  • Click "Free Java Download" again
  • Save the file jxpiinstall.exe to your desktop
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 6 Update 17

  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jxpiinstall.exe to install the newest version.

Please make sure you turn on the Java Automatic Update Feature
http://java.com/en/download/help/java_update.xml#howto

Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.



Comobfix log looks clean. smile.gif

Please tell me how your computer is running.

If it is running good, then we will do the program clean up.


If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 austin_2010

austin_2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 14 June 2010 - 02:53 PM

Hi SifuMike.

OK, I've updated Java now. Everything looks good. I'm no longer getting pop-ups or redirects. Thanks for all of your help.

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:19 AM

Posted 14 June 2010 - 03:14 PM

Hi austin_2010,

OK, time for the program clean up. smile.gif

Delete SecurityCheck from your desktop.


Remove Combofix now that we're done with it.
  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    <Notice the space between the "x" and "/".>

  • The following will implement some very important cleanup procedures as well as reset System Restore points.



Please read and follow
How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes

If you want to improve speed/system performance after malware removal, take a look here.


Now your good to go! thumbup.gif

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 austin_2010

austin_2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 14 June 2010 - 05:42 PM

Thanks SifuMike. Everything looks good on my end. I appreciate all your help. clapping.gif



#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:19 AM

Posted 14 June 2010 - 05:45 PM



Your very welcome. smile.gif
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:19 AM

Posted 03 July 2010 - 04:51 PM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users