Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups and can't access Windows Update


  • This topic is locked This topic is locked
17 replies to this topic

#1 Raxius

Raxius

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 17 June 2010 - 04:39 PM

For the past week or two, I've been getting random popups while IE is open, not many but like 3 to 5 a day. Also, everytime I try to access Windows Update, I get "Internet Explorer cannot display the webpage". The other computers in the house don't have this problem so I know its just mine. I haven't noticed any new/odd processes running in the background but one of the svchost.exe's likes to grow upwards to 200 megs and once I caught it downloading at my max speed doing god knows what. Both Malwarebytes and Housecall find nothing infected. Finally, I can't include a gmer.exe report because it hard locks my computer within a minute. (sigh, as I'm typing this svchost.exe is up to 106 megs and downloading over 300k a second using about 10 percent of my cpu). Thanks for any help.


DDS (Ver_10-03-17.01) - NTFSx86
Run by fletchy at 16:37:45.21 on Thu 06/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1657 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\wuauclt.exe
svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\fletchy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.17\AsRunHelp.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260073085359
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-6-16 28552]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys --> c:\windows\system32\drivers\c6501.sys [?]
S3 gupdate1c9ce0f40eea8c;Google Update Service (gupdate1c9ce0f40eea8c);c:\program files\google\update\GoogleUpdate.exe [2009-5-6 133104]
S3 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-12 24652]

=============== Created Last 30 ================

2010-06-17 20:35:41 20 ----a-w- c:\documents and settings\fletchy\defogger_reenable
2010-06-17 03:20:42 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-17 03:20:38 0 d-----w- c:\program files\Panda Security
2010-06-15 17:31:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-15 16:04:07 0 d-----w- c:\docume~1\fletchy\applic~1\DFO Control Panel
2010-06-05 20:41:59 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-06-05 20:40:59 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-06-05 20:39:59 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2010-06-05 20:38:59 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2010-06-05 20:37:59 66082 -c--a-w- c:\windows\system32\dllcache\c_1149.nls
2010-06-05 13:04:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Aspyr
2010-06-05 12:52:42 0 d-----w- c:\program files\Aspyr
2010-05-22 23:36:11 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-22 23:36:01 0 d-----w- c:\program files\SUPERAntiSpyware

==================== Find3M ====================

2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-03 23:23:18 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23:16 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23:16 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55:31 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55:31 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 22:55:31 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-03 22:55:31 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55:31 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55:31 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55:31 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55:31 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55:31 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-03 22:55:31 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-02 20:54:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-31 16:20:15 87608 ----a-w- c:\docume~1\fletchy\applic~1\inst.exe
2010-03-31 16:20:15 47360 ----a-w- c:\docume~1\fletchy\applic~1\pcouffin.sys
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-23 21:05:29 39110 ----a-w- c:\windows\DIIUnin.dat
2008-11-22 10:20:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112220081123\index.dat

============= FINISH: 16:38:45.67 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:53 PM

Posted 23 June 2010 - 01:29 PM

Hello and welcome to Bleeping Computer.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh set of DDS Logs. Both DDS and Attach.txt

As for GMER, try booting into Safe Mode (You can go in Safe Mode by restarting your computer, then continually tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.) and try running GMER from there and if you get a log, post that as well in your next post/reply.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#3 Raxius

Raxius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 24 June 2010 - 02:01 AM

Thank you km2357. smile.gif

I have all 3 fresh logs ready to post. Gmer.exe was a pain but I finally got it. I just need to wait untill I can use another computer in the house to post them. When I try to post them from my computer, I get the same thing that I get from Windows Update, "Internet Explorer cannot display the webpage". It shouldn't be more than 4 hours tops until I can access to another computer.

#4 Raxius

Raxius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 24 June 2010 - 05:05 AM

Ok, here we are:


DDS (Ver_10-03-17.01) - NTFSx86
Run by fletchy at 23:16:12.14 on Wed 06/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1687 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
svchost.exe
C:\Documents and Settings\fletchy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.17\AsRunHelp.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260073085359
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277195718031
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-6-16 28552]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys --> c:\windows\system32\drivers\c6501.sys [?]
S3 gupdate1c9ce0f40eea8c;Google Update Service (gupdate1c9ce0f40eea8c);c:\program files\google\update\GoogleUpdate.exe [2009-5-6 133104]
S3 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-12 24652]

=============== Created Last 30 ================

2010-06-17 20:35:41 20 ----a-w- c:\documents and settings\fletchy\defogger_reenable
2010-06-17 03:20:42 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-17 03:20:38 0 d-----w- c:\program files\Panda Security
2010-06-15 17:31:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-15 16:04:07 0 d-----w- c:\docume~1\fletchy\applic~1\DFO Control Panel
2010-06-05 20:41:59 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-06-05 20:40:59 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-06-05 20:39:59 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2010-06-05 20:38:59 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2010-06-05 20:37:59 66082 -c--a-w- c:\windows\system32\dllcache\c_1149.nls
2010-06-05 13:04:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Aspyr
2010-06-05 12:52:42 0 d-----w- c:\program files\Aspyr

==================== Find3M ====================

2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-03 23:23:18 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23:16 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23:16 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55:31 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55:31 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 22:55:31 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-03 22:55:31 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55:31 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55:31 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55:31 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55:31 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55:31 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-03 22:55:31 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-02 20:54:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-31 16:20:15 87608 ----a-w- c:\docume~1\fletchy\applic~1\inst.exe
2010-03-31 16:20:15 47360 ----a-w- c:\docume~1\fletchy\applic~1\pcouffin.sys
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe
2008-11-22 10:20:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112220081123\index.dat

============= FINISH: 23:17:14.51 ===============

Attached Files



#5 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:53 PM

Posted 24 June 2010 - 01:46 PM

QUOTE
When I try to post them from my computer, I get the same thing that I get from Windows Update, "Internet Explorer cannot display the webpage".


Does this happen to every webpage you visit or just Windows Update and Bleeping Computer?

Until we can get IE working again, go ahead and continue what you've been doing, using another computer to download/transfer tools and logs and post them back here. smile.gif


Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these vendors NOW:

1)Antivir PersonalEdition Classic
2)avast! Home Edition

Download and install only one!



IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

µTorrent

LimeWire 4.16.3


I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).



Step # 1: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please include C:\ComboFix.txt in your next reply.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#6 Raxius

Raxius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 24 June 2010 - 04:49 PM

QUOTE
Does this happen to every webpage you visit or just Windows Update and Bleeping Computer?


Just Windows Update and on Bleeping Computer only when I tried posting logs with attachments. Speaking of which, I can access WU now after running ComboFix and I am gonna test if I can post here with an attachment now using this new log. smile.gif

I ran ComboFix first but after I post this I will do the rest of your recommedations. Thanks again.

ComboFix 10-06-23.05 - fletchy 06/24/2010 17:16:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1746 [GMT -4:00]
Running from: c:\documents and settings\fletchy\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\fletchy\Application Data\inst.exe
c:\program files\Internet Explorer\setup.exe
c:\windows\Downloaded Program Files\popcaploader.inf

Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWNETPKER


((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.

2010-06-17 03:20 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-17 03:20 . 2010-06-17 03:20 -------- d-----w- c:\program files\Panda Security
2010-06-15 17:31 . 2010-06-24 12:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-15 16:04 . 2010-06-15 17:13 -------- d-----w- c:\documents and settings\fletchy\Application Data\DFO Control Panel
2010-06-15 14:01 . 2010-06-15 14:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-05 20:41 . 2001-08-17 18:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2010-06-05 20:40 . 2008-04-13 23:12 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-06-05 20:39 . 2004-08-04 02:41 420992 -c--a-w- c:\windows\system32\dllcache\ltmdmntt.sys
2010-06-05 20:38 . 2001-08-17 17:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2010-06-05 20:37 . 2001-08-17 17:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-06-05 13:04 . 2010-06-05 13:04 -------- d-----w- c:\documents and settings\fletchy\Local Settings\Application Data\Aspyr
2010-06-05 13:04 . 2010-06-05 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Aspyr
2010-06-05 12:52 . 2010-06-05 12:52 -------- d-----w- c:\program files\Aspyr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 21:23 . 2009-01-09 19:51 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000001-00000000-00000007-00001102-00000002-80611102}.dat
2010-06-24 21:23 . 2009-01-09 19:51 24 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-00000007-00001102-00000002-80611102}.dat
2010-06-24 14:27 . 2009-06-27 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\BOINC
2010-06-24 07:35 . 2009-10-31 01:44 -------- d-----w- c:\program files\DFO
2010-06-23 15:40 . 2010-03-13 21:51 88 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\libfftw3f-3-1-1a_upx.dll
2010-06-23 15:40 . 2010-03-13 21:51 100 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\setiathome_6.03_windows_intelx86.exe
2010-06-23 15:33 . 2010-06-01 20:34 88 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\1\libfftw3f-3-1-1a_upx.dll
2010-06-23 15:33 . 2010-06-01 20:34 100 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\1\setiathome_6.03_windows_intelx86.exe
2010-06-23 07:28 . 2009-02-02 18:32 -------- d-----w- c:\program files\PeerGuardian2
2010-06-22 05:38 . 2009-10-31 02:15 -------- d-----w- c:\documents and settings\fletchy\Application Data\NeopleLauncherDFO
2010-06-15 13:10 . 2008-01-22 13:24 -------- d-----w- c:\documents and settings\fletchy\Application Data\uTorrent
2010-06-14 09:59 . 2008-01-08 00:18 -------- d-----w- c:\program files\Diablo II
2010-06-06 08:01 . 2007-12-31 08:25 -------- d-----w- c:\program files\Norton Utilities
2010-06-06 07:38 . 2010-05-09 09:22 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-06 07:38 . 2010-06-06 07:38 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-06 07:38 . 2010-06-06 07:38 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-06 07:38 . 2010-05-09 15:09 -------- d-----w- c:\program files\DivX
2010-06-06 07:38 . 2010-05-09 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-06 07:38 . 2010-06-06 07:38 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-06 07:38 . 2010-06-06 07:38 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-06 07:37 . 2010-06-06 07:37 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-06 07:37 . 2010-06-06 07:37 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-06 07:37 . 2010-06-06 07:37 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-06 07:37 . 2010-06-06 07:37 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-06 07:36 . 2010-05-09 15:09 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-06 07:36 . 2010-05-09 09:22 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-05 12:58 . 2010-06-05 12:58 766 ----a-r- c:\documents and settings\fletchy\Application Data\Microsoft\Installer\{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}\NewShortcut8_4D5B5CDD77BD48FB8E2C42A41ADC7CEC.exe
2010-06-05 12:58 . 2010-06-05 12:58 766 ----a-r- c:\documents and settings\fletchy\Application Data\Microsoft\Installer\{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}\NewShortcut6_4D5B5CDD77BD48FB8E2C42A41ADC7CEC.exe
2010-06-05 12:58 . 2010-06-05 12:58 766 ----a-r- c:\documents and settings\fletchy\Application Data\Microsoft\Installer\{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}\NewShortcut20_4D5B5CDD77BD48FB8E2C42A41ADC7CEC.exe
2010-06-05 12:58 . 2010-06-05 12:58 766 ----a-r- c:\documents and settings\fletchy\Application Data\Microsoft\Installer\{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}\NewShortcut16_4D5B5CDD77BD48FB8E2C42A41ADC7CEC.exe
2010-06-05 12:58 . 2010-06-05 12:58 766 ----a-r- c:\documents and settings\fletchy\Application Data\Microsoft\Installer\{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}\NewShortcut12_4D5B5CDD77BD48FB8E2C42A41ADC7CEC.exe
2010-06-05 12:58 . 2010-06-05 12:58 10134 ----a-r- c:\documents and settings\fletchy\Application Data\Microsoft\Installer\{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}\ARPPRODUCTICON.exe
2010-05-24 23:33 . 2010-05-07 05:47 -------- d-----w- c:\documents and settings\fletchy\Application Data\Bioshock2
2010-05-23 03:43 . 2009-07-09 23:26 22 ----a-w- c:\windows\popcinfot.dat
2010-05-23 03:43 . 2009-07-09 23:23 -------- d-----w- c:\program files\Peggle Nights Deluxe
2010-05-23 00:06 . 2007-12-29 22:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-23 00:06 . 2010-05-22 23:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-22 23:36 . 2010-05-22 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-20 03:19 . 2007-12-27 18:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-20 03:19 . 2009-02-20 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2010-05-20 03:19 . 2008-03-15 22:30 -------- d-----w- c:\program files\Bethesda Softworks
2010-05-19 22:54 . 2008-02-19 12:51 -------- d-----w- c:\program files\Steam
2010-05-09 15:11 . 2010-05-09 15:11 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-09 15:09 . 2010-05-09 15:09 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-07 09:48 . 2008-09-27 18:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-07 07:39 . 2008-09-27 18:46 -------- d-----w- c:\program files\Fraps
2010-05-07 06:09 . 2009-01-09 20:57 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-07 05:37 . 2010-05-07 05:37 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2010-05-07 05:26 . 2010-04-23 19:48 -------- d-----w- c:\program files\2K Games
2010-05-07 02:16 . 2010-04-23 19:58 -------- d-----w- c:\documents and settings\fletchy\Application Data\Bioshock
2010-05-04 06:59 . 2009-03-22 11:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-03 18:38 . 2008-01-10 10:32 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-03 18:25 . 2009-07-29 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-05-01 10:27 . 2010-05-01 10:24 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-29 19:39 . 2009-03-22 11:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-03-22 11:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-03 23:23 . 2010-04-03 23:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23 . 2010-04-03 23:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23 . 2010-04-03 23:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23 . 2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23 . 2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22 . 2010-04-03 23:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-02 20:54 . 2009-01-09 20:37 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-31 16:20 . 2010-03-31 15:41 47360 ----a-w- c:\documents and settings\fletchy\Application Data\pcouffin.sys
2010-03-31 16:20 . 2010-03-31 15:41 47360 ----a-w- c:\documents and settings\fletchy\Application Data\pcouffin.sys
2010-03-31 15:41 . 2010-03-31 15:41 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-31 01:58 . 2007-12-30 12:44 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2007-12-30 12:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-31 01:58 . 2007-12-30 10:29 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2007-12-30 10:29 133616 ------w- c:\windows\system32\pxafs.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 363008]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-06-10 4182784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-04-01 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
2009-06-10 15:05 58112 ----a-w- c:\program files\BOINC\boinctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
2002-07-02 22:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DFO\\DFO.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/16/2010 11:20 PM 28552]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys --> c:\windows\system32\drivers\c6501.sys [?]
S3 gupdate1c9ce0f40eea8c;Google Update Service (gupdate1c9ce0f40eea8c);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2009 1:53 AM 133104]
S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/12/2009 12:40 AM 24652]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/7/2008 1:36 PM 715248]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 17:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-1390067357-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:76,a7,c7,9c,74,a2,1a,ae,84,e1,13,9a,62,76,44,58,56,24,5f,23,d7,9d,e2,
2f,b3,24,02,71,1f,f6,f1,34,85,0c,62,06,d9,52,44,c5,b4,63,59,1b,19,23,10,0e,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-343818398-1390067357-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:4e,f1,aa,f2,a3,d9,a3,f0,61,6c,20,92,29,75,fc,4b,d6,03,af,55,cb,
cf,86,5b,cf,4b,61,c9,dc,ae,47,a4,69,fb,ad,80,3a,03,68,b2,74,e6,27,9a,41,9b,\
"rkeysecu"=hex:7b,7c,59,16,0f,05,33,65,c8,26,2d,a7,b6,82,e8,46

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1996)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-24 17:28:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-24 21:28

Pre-Run: 50,046,820,352 bytes free
Post-Run: 50,938,654,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

- - End Of File - - 3E7852962BD159118043D6932FF743CA

Attached Files


Edited by km2357, 24 June 2010 - 06:56 PM.
Edited in OP's ComboFix Log


#7 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:53 PM

Posted 24 June 2010 - 07:07 PM

I went ahead and edited in your ComboFix Log to your post. From now on, only post logs I ask for normally. Only attach them if asked to do so.

Thanks. smile.gif


QUOTE
Speaking of which, I can access WU now after running ComboFix and I am gonna test if I can post here with an attachment now using this new log.

I ran ComboFix first but after I post this I will do the rest of your recommedations. Thanks again.


Good to hear your can access WU now. smile.gif Let me know when you've done my other recommendations (removing P2P and installing an Anti-Virus) and we'll continue.

Edited by km2357, 24 June 2010 - 07:08 PM.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#8 Raxius

Raxius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 24 June 2010 - 07:13 PM

P2P gone, Avast installed.

And sorry about the attach, I wanted to test to see if I could. Plus this line threw me off:

QUOTE
Please include C:\ComboFix.txt in your next reply.


I thought you wanted the file itself, not just the pasted data. My bad.

Edited by Raxius, 24 June 2010 - 09:14 PM.


#9 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:53 PM

Posted 25 June 2010 - 01:28 PM

Step # 1: Run CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    CODE
    KILLALL::

    Folder::

    C:\documents and settings\fletchy\Application Data\uTorrent

    DDS::

    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File



  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.







    Note: This CFScript is for use on raxius's computer only! Do not use it on your computer.


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 2 has been completed.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#10 Raxius

Raxius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 25 June 2010 - 11:20 PM

QUOTE
2. A fresh DDS Log taken after Step 2 has been completed.

I just woke up but I'm not seeing a Step 2. huh.gif

ComboFix 10-06-23.05 - fletchy 06/25/2010 23:56:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1612 [GMT -4:00]
Running from: c:\documents and settings\fletchy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\fletchy\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-05-26 to 2010-06-26 )))))))))))))))))))))))))))))))
.

2010-06-24 22:05 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 21:56 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-24 21:56 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-24 21:56 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-24 21:56 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-24 21:56 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-24 21:56 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-24 21:56 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 21:56 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-24 21:56 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-24 21:56 . 2010-06-24 21:56 -------- d-----w- c:\program files\Alwil Software
2010-06-24 21:56 . 2010-06-24 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-17 03:20 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-17 03:20 . 2010-06-17 03:20 -------- d-----w- c:\program files\Panda Security
2010-06-15 17:31 . 2010-06-24 12:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-15 16:04 . 2010-06-15 17:13 -------- d-----w- c:\documents and settings\fletchy\Application Data\DFO Control Panel
2010-06-15 14:01 . 2010-06-15 14:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-05 20:41 . 2001-08-17 18:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2010-06-05 20:40 . 2008-04-13 23:12 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-06-05 20:39 . 2004-08-04 02:41 420992 -c--a-w- c:\windows\system32\dllcache\ltmdmntt.sys
2010-06-05 20:38 . 2001-08-17 17:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2010-06-05 20:37 . 2001-08-17 17:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-06-05 13:04 . 2010-06-05 13:04 -------- d-----w- c:\documents and settings\fletchy\Local Settings\Application Data\Aspyr
2010-06-05 13:04 . 2010-06-05 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Aspyr
2010-06-05 12:52 . 2010-06-05 12:52 -------- d-----w- c:\program files\Aspyr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 04:02 . 2009-01-09 19:51 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000001-00000000-00000007-00001102-00000002-80611102}.dat
2010-06-26 04:02 . 2009-01-09 19:51 24 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-00000007-00001102-00000002-80611102}.dat
2010-06-26 03:51 . 2009-06-27 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\BOINC
2010-06-25 12:15 . 2009-10-31 01:44 -------- d-----w- c:\program files\DFO
2010-06-25 12:15 . 2009-10-31 02:15 -------- d-----w- c:\documents and settings\fletchy\Application Data\NeopleLauncherDFO
2010-06-23 07:28 . 2009-02-02 18:32 -------- d-----w- c:\program files\PeerGuardian2
2010-06-14 09:59 . 2008-01-08 00:18 -------- d-----w- c:\program files\Diablo II
2010-06-06 08:01 . 2007-12-31 08:25 -------- d-----w- c:\program files\Norton Utilities
2010-06-06 07:38 . 2010-05-09 09:22 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-06 07:38 . 2010-06-06 07:38 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-06 07:38 . 2010-06-06 07:38 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-06 07:38 . 2010-05-09 15:09 -------- d-----w- c:\program files\DivX
2010-06-06 07:38 . 2010-05-09 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-06 07:38 . 2010-06-06 07:38 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-06 07:38 . 2010-06-06 07:38 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-06 07:37 . 2010-06-06 07:37 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-06 07:37 . 2010-06-06 07:37 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-06 07:37 . 2010-06-06 07:37 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-06 07:37 . 2010-06-06 07:37 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-06 07:36 . 2010-05-09 15:09 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-06 07:36 . 2010-05-09 09:22 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-05 12:58 . 2010-06-05 12:58 766 ----a-r- c:\documents and settings\fletchy\Application Data\Microsoft\Installer\{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}\NewShortcut8_4D5B5CDD77BD48FB8E2C42A41ADC7CEC.exe
2010-06-05 12:58 . 2010-06-05 12:58 766 ----a-r- c:\documents and settings\fletchy\Application Data\Microsoft\Installer\{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}\NewShortcut6_4D5B5CDD77BD48FB8E2C42A41ADC7CEC.exe
2010-06-05 12:58 . 2010-06-05 12:58 766 ----a-r- c:\documents and settings\fletchy\Application Data\Microsoft\Installer\{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}\NewShortcut20_4D5B5CDD77BD48FB8E2C42A41ADC7CEC.exe
2010-06-05 12:58 . 2010-06-05 12:58 766 ----a-r- c:\documents and settings\fletchy\Application Data\Microsoft\Installer\{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}\NewShortcut16_4D5B5CDD77BD48FB8E2C42A41ADC7CEC.exe
2010-06-05 12:58 . 2010-06-05 12:58 766 ----a-r- c:\documents and settings\fletchy\Application Data\Microsoft\Installer\{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}\NewShortcut12_4D5B5CDD77BD48FB8E2C42A41ADC7CEC.exe
2010-06-05 12:58 . 2010-06-05 12:58 10134 ----a-r- c:\documents and settings\fletchy\Application Data\Microsoft\Installer\{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}\ARPPRODUCTICON.exe
2010-05-24 23:33 . 2010-05-07 05:47 -------- d-----w- c:\documents and settings\fletchy\Application Data\Bioshock2
2010-05-23 03:43 . 2009-07-09 23:26 22 ----a-w- c:\windows\popcinfot.dat
2010-05-23 03:43 . 2009-07-09 23:23 -------- d-----w- c:\program files\Peggle Nights Deluxe
2010-05-23 00:06 . 2007-12-29 22:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-23 00:06 . 2010-05-22 23:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-22 23:36 . 2010-05-22 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-20 03:19 . 2007-12-27 18:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-20 03:19 . 2009-02-20 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2010-05-20 03:19 . 2008-03-15 22:30 -------- d-----w- c:\program files\Bethesda Softworks
2010-05-19 22:54 . 2008-02-19 12:51 -------- d-----w- c:\program files\Steam
2010-05-09 15:11 . 2010-05-09 15:11 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-09 15:09 . 2010-05-09 15:09 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-09 15:09 . 2010-05-09 15:09 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-07 09:48 . 2008-09-27 18:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-07 07:39 . 2008-09-27 18:46 -------- d-----w- c:\program files\Fraps
2010-05-07 06:09 . 2009-01-09 20:57 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-07 05:37 . 2010-05-07 05:37 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2010-05-07 05:26 . 2010-04-23 19:48 -------- d-----w- c:\program files\2K Games
2010-05-07 02:16 . 2010-04-23 19:58 -------- d-----w- c:\documents and settings\fletchy\Application Data\Bioshock
2010-05-06 10:41 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 06:59 . 2009-03-22 11:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-03 18:38 . 2008-01-10 10:32 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-03 18:25 . 2009-07-29 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-05-02 05:22 . 2001-08-23 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 10:27 . 2010-05-01 10:24 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-29 19:39 . 2009-03-22 11:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-03-22 11:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2001-08-23 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-03 23:23 . 2010-04-03 23:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23 . 2010-04-03 23:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23 . 2010-04-03 23:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23 . 2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23 . 2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22 . 2010-04-03 23:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-02 20:54 . 2009-01-09 20:37 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-31 16:20 . 2010-03-31 15:41 47360 ----a-w- c:\documents and settings\fletchy\Application Data\pcouffin.sys
2010-03-31 16:20 . 2010-03-31 15:41 47360 ----a-w- c:\documents and settings\fletchy\Application Data\pcouffin.sys
2010-03-31 15:41 . 2010-03-31 15:41 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-31 04:16 . 2010-03-31 04:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10 . 2010-03-31 04:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-31 01:58 . 2007-12-30 12:44 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2007-12-30 12:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-31 01:58 . 2007-12-30 10:29 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2007-12-30 10:29 133616 ------w- c:\windows\system32\pxafs.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-24_21.24.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-06-26 04:04 . 2010-06-26 04:04 16384 c:\windows\temp\Perflib_Perfdata_684.dat
+ 2001-08-23 12:00 . 2010-06-24 22:18 71060 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2010-05-23 00:05 71060 c:\windows\system32\perfc009.dat
+ 2009-11-07 05:07 . 2009-11-07 05:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2007-08-13 23:54 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:54 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
- 2001-08-23 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-17 10:02 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-17 10:02 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-12-27 21:12 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-12-27 21:12 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2001-08-23 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2001-08-23 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2001-08-23 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-04-01 15:42 . 2010-04-01 15:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 19:32 . 2010-03-31 19:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 00:19 . 2003-02-21 00:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-03-31 19:32 . 2010-03-31 19:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-06-24 22:16 . 2010-02-25 06:24 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-24 22:16 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-24 22:16 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_122ae339\System.Drawing.Design.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_0658ed84\CustomMarshalers.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1337669f2b57d77d323e2ff61a6273c6\UIAutomationProvider.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\b64786f7dc4abdcbadddcf0b3ba683d8\System.Windows.Presentation.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2a56416fb30c29508f3f3010111d52e4\System.Web.DynamicData.Design.ni.dll
+ 2010-06-24 23:10 . 2010-06-24 23:10 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\d74717e0d6aa93f04aa9391e32b5d213\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\75ad1789a371d07b2557fb017f4da130\PresentationFontCache.ni.exe
+ 2010-06-24 22:19 . 2010-06-24 22:19 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\a73eb71d24bc00b0d9eeb8d8c7867d25\PresentationCFFRasterizer.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\221585db7437ec2282d9e5b0588b6b72\Microsoft.Vsa.ni.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-02-04 14:43 . 2009-02-04 14:43 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-03-17 02:13 . 2010-03-17 02:13 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-03-17 02:13 . 2010-03-17 02:13 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2001-08-23 12:00 . 2010-05-23 00:05 441124 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2010-06-24 22:18 441124 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
- 2001-08-23 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2007-08-13 23:54 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 297808 c:\windows\system32\mscoree.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
- 2001-08-23 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
- 2001-08-23 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
- 2001-08-23 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2001-08-23 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2007-12-27 09:11 . 2010-01-13 13:05 100640 c:\windows\system32\FNTCACHE.DAT
+ 2007-12-27 09:11 . 2010-06-24 22:21 100640 c:\windows\system32\FNTCACHE.DAT
+ 2001-08-23 12:00 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
- 2001-08-23 12:00 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
- 2001-08-23 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
- 2001-08-23 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-12-27 21:12 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-17 10:02 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-17 10:02 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
- 2001-08-23 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
- 2001-08-23 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2001-08-23 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2001-08-23 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2001-08-23 12:00 . 2008-04-14 00:09 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2001-08-23 12:00 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2010-03-31 04:16 . 2010-03-31 04:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
- 2009-10-27 04:45 . 2009-10-27 04:45 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 16:22 . 2010-02-09 16:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 18:49 . 2010-03-31 18:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-03-31 19:32 . 2010-03-31 19:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-02-25 04:14 . 2010-02-25 04:14 543232 c:\windows\Installer\2b4127.msp
+ 2010-06-24 22:16 . 2010-02-25 06:24 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-24 22:16 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-24 22:16 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-24 22:16 . 2010-02-25 06:24 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-24 22:16 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-24 22:16 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-24 22:16 . 2010-02-25 06:24 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-24 22:16 . 2010-02-25 06:24 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-24 22:16 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-24 22:16 . 2010-02-25 06:24 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-24 22:16 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-06-24 22:19 . 2010-06-24 22:19 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_35b07b57\System.Drawing.dll
+ 2010-06-24 22:20 . 2010-06-24 22:20 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c0945a1b\System.Drawing.Design.dll
+ 2010-06-24 22:20 . 2010-06-24 22:20 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7d70c9c9\CustomMarshalers.dll
+ 2010-06-24 23:09 . 2010-06-24 23:09 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\8d3cb526be35eb9942b463e11f9f574a\WsatConfig.ni.exe
+ 2010-06-24 22:19 . 2010-06-24 22:19 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a26c0d1dea14541359ecbb5a828f02b7\WindowsFormsIntegration.ni.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\b719e67a81e2520c8bfded9333385df2\UIAutomationClient.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\016f640698a7fc94116153e951199a26\System.Xml.Linq.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0d990ba7010f6fe8e78c4022b198b904\System.Web.Routing.ni.dll
+ 2010-06-24 22:15 . 2010-06-24 22:15 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\703e8f3203fba6ba9e733db3ca264f13\System.Web.RegularExpressions.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ca86949b8567661e69d22b31e074cc68\System.Web.Extensions.Design.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\05f21efb9b5fd86d143551a27d9cb807\System.Web.Entity.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\767170b631e4bb086f055dfe4957222d\System.Web.Entity.Design.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c7427667fb9aa85611646e6c06e06721\System.Web.DynamicData.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\ea866c5d69c5750a100ca9f321cf96c3\System.Web.Abstractions.ni.dll
+ 2010-06-24 22:15 . 2010-06-24 22:15 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9da8b3a1bfe1948604b2d3fa6705cc70\System.Transactions.ni.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\34449ab6ace474494e782a831f7d6050\System.ServiceProcess.ni.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\f33125b9c1f6b60de63a49b835e973bf\System.Security.ni.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\143ef038716bc32af28d1834d38dd71e\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-24 22:15 . 2010-06-24 22:15 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4150d4c6be9f85ecf981935fc2c05d18\System.Runtime.Remoting.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a3bd40d59b056e1ee7639397fc1100b5\System.Net.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\90de3d019591ba49e80f8d5833c5d700\System.Messaging.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\34f9f8024e493117ec3ce116dd068ff0\System.Management.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\a5e73cf0370fd1a8cf5dadc320078d70\System.Management.Instrumentation.ni.dll
+ 2010-06-24 22:17 . 2010-06-24 22:17 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7e5ec0c1479a8a20d06216b99a2a71a6\System.IO.Log.ni.dll
+ 2010-06-24 23:09 . 2010-06-24 23:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\94a9bcd067bb78406996814c9e0d7297\System.IdentityModel.Selectors.ni.dll
+ 2010-06-24 22:15 . 2010-06-24 22:15 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c01c7686e392bd6ed929c9f6075723b8\System.EnterpriseServices.Wrapper.dll
+ 2010-06-24 22:15 . 2010-06-24 22:15 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c01c7686e392bd6ed929c9f6075723b8\System.EnterpriseServices.ni.dll
+ 2010-06-24 22:15 . 2010-06-24 22:15 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\8cca23200ec490f04e32b9667ca1d652\System.Drawing.Design.ni.dll
+ 2010-06-24 22:15 . 2010-06-24 22:15 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\5d85feaa1894b3613efc6b67595fa751\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-24 23:10 . 2010-06-24 23:10 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\41f2740170c2a3062442644716bd6ce9\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-24 23:10 . 2010-06-24 23:10 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\f5c68148dfe881986e8b8e8c2681a0a6\System.Data.Services.Client.ni.dll
+ 2010-06-24 23:10 . 2010-06-24 23:10 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\19ae6c28bac33e0055af84ba1e26a23b\System.Data.Services.Design.ni.dll
+ 2010-06-24 23:10 . 2010-06-24 23:10 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\79c27d4d57af621b1802a4a72ee42241\System.Data.Entity.Design.ni.dll
+ 2010-06-24 23:10 . 2010-06-24 23:10 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\54cc8770c673f6822837e57e8dd5ad8a\System.Data.DataSetExtensions.ni.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8334ba1b9bd3d989b48c5849d776c948\System.Configuration.ni.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f0401e48e7cc962cd42ce56247e76b79\System.Configuration.Install.ni.dll
+ 2010-06-24 23:10 . 2010-06-24 23:10 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\4a8140dcb3bd769262009f79b288be34\System.AddIn.ni.dll
+ 2010-06-24 23:09 . 2010-06-24 23:09 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\16e9fffbf6e4a89d81be534993e27b50\SMSvcHost.ni.exe
+ 2010-06-24 23:09 . 2010-06-24 23:09 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\d8fcfd209e294b4e948228be18263047\SMDiagnostics.ni.dll
+ 2010-06-24 23:09 . 2010-06-24 23:09 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\fd2cd9fadf9be8ef491c5052bbd0e0e6\ServiceModelReg.ni.exe
+ 2010-06-24 22:19 . 2010-06-24 22:19 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7e4be5ee74f5a810a24434d4eca9cf9e\PresentationFramework.Aero.ni.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5efa89c322974561c088ce8ffb2987cd\PresentationFramework.Luna.ni.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\55908c713bdcf809e4fce2d56405bda6\PresentationFramework.Classic.ni.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\19eef9275832bb27221b30a0f6e64880\PresentationFramework.Royale.ni.dll
+ 2010-06-24 23:09 . 2010-06-24 23:09 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\4ec7e705c528bb6191a009f44ef808f1\MSBuild.ni.exe
+ 2010-06-24 22:17 . 2010-06-24 22:17 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ea13cf1406a016895e32ff03cf63dd0a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-24 23:09 . 2010-06-24 23:09 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\dbc27a7e5ac34bfd7cdee8ac99b01d23\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-06-24 23:09 . 2010-06-24 23:09 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bab00728f3a1430c097060c4d4938813\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-06-24 23:09 . 2010-06-24 23:09 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0f388b81268a66dbe12a93316a6bbb58\Microsoft.PowerShell.Security.ni.dll
+ 2010-06-24 23:09 . 2010-06-24 23:09 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\04b8a94f92dccac22635ae97b87cf960\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b23f68f5cc643dad49bf354cecbe3c1a\Microsoft.Build.Utilities.ni.dll
+ 2010-06-24 23:09 . 2010-06-24 23:09 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\b1cc5f84261d3ff5f07abce9b83dd7af\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-06-24 23:09 . 2010-06-24 23:09 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\67afc7fbd08f02cae4deebb3098d1745\Microsoft.Build.Engine.ni.dll
+ 2010-06-24 23:09 . 2010-06-24 23:09 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\75d9a8b4d44cff99217d02b8817e4e39\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-06-24 22:17 . 2010-06-24 22:17 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\611bd59cdb846b5478e535782828461b\ComSvcConfig.ni.exe
+ 2010-06-24 23:09 . 2010-06-24 23:09 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\8f3332a7a48ec3e2fd0c54e534769217\AspNetMMCExt.ni.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-02-04 14:43 . 2009-02-04 14:43 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2001-08-23 12:00 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
- 2001-08-23 12:00 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
- 2001-08-23 12:00 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2001-08-23 12:00 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
- 2007-08-13 23:34 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2007-08-13 23:34 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2001-08-23 12:00 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2001-08-23 12:00 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
- 2001-08-23 12:00 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2001-08-23 12:00 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2001-08-23 12:00 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2001-08-23 12:00 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
- 2007-12-27 21:12 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2007-12-27 21:12 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-11-07 05:06 . 2009-11-07 05:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 18:50 . 2010-03-31 18:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 18:50 . 2010-03-31 18:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-11-09 04:25 . 2009-11-09 04:25 1935360 c:\windows\Installer\2b415b.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 2607104 c:\windows\Installer\2b4133.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 4210688 c:\windows\Installer\2b4132.msp
+ 2010-06-24 22:16 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-24 22:16 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-24 22:16 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_80c2f66a\System.dll
+ 2010-06-24 22:20 . 2010-06-24 22:20 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_7bf959e5\System.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b7f55c34\System.Xml.dll
+ 2010-06-24 22:22 . 2010-06-24 22:22 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4e5d1f34\System.Xml.dll
+ 2010-06-24 22:20 . 2010-06-24 22:20 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_aeb305bd\System.Windows.Forms.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_353640f6\System.Windows.Forms.dll
+ 2010-06-24 22:22 . 2010-06-24 22:22 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_93cd0747\System.Drawing.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_d59aeeb3\System.Design.dll
+ 2010-06-24 22:22 . 2010-06-24 22:22 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_440838ca\System.Design.dll
+ 2010-06-24 22:20 . 2010-06-24 22:20 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f521d1c5\mscorlib.dll
+ 2010-06-24 22:22 . 2010-06-24 22:22 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6cdf3c42\mscorlib.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f314902b1692d765d441008b16b998ba\WindowsBase.ni.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0e12f6af4388a51102d00524434b2cee\UIAutomationClientsideProviders.ni.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\0115819dcd2638560c9fe8f4523a6776\System.ni.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e86477a3569303b7984658ab8537028c\System.Xml.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\f07cd2c930c01c35cf661ff6074e70cc\System.WorkflowServices.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\7986efc3bd7048e08668da97cd6ed44a\System.Workflow.Runtime.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6c78bcfce46c2a8f189f22d602f3110b\System.Workflow.ComponentModel.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\1d7d2651d4118e7e0c142f74e255f6b8\System.Workflow.Activities.ni.dll
+ 2010-06-24 22:15 . 2010-06-24 22:15 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\62b1b8ef3086e88f39a5df124bd166f8\System.Web.Services.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c6760961ac35c45eb8391fb5f4a6c757\System.Web.Mobile.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\3c1cb565c867845c237faa72ec217ba4\System.Web.Extensions.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\a831cba79f0c7ddb8c90089a2bc4d175\System.Speech.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\cdd60396ac863eb24403a773513d3b57\System.ServiceModel.Web.ni.dll
+ 2010-06-24 22:17 . 2010-06-24 22:17 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8a211d688e05fca508a2a1bcdbda6c53\System.Runtime.Serialization.ni.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\7598ecd54b51151fab0f14f084c2fab1\System.Printing.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\1a3aea767114391ff60d001499285eec\System.Management.Automation.ni.dll
+ 2010-06-24 22:17 . 2010-06-24 22:17 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\bc8ec4fcebe30cb5ed0765774d93be60\System.IdentityModel.ni.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f5b9911719688481f12d17be1b58290\System.Drawing.ni.dll
+ 2010-06-24 22:15 . 2010-06-24 22:15 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b80a35d7af9e48a1bba71641caa06565\System.DirectoryServices.ni.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b64964b1ed30e97b48760ba91bc10bbb\System.Deployment.ni.dll
+ 2010-06-24 22:15 . 2010-06-24 22:15 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\7de48107be4c6981d9d7acee3f8e92d6\System.Data.ni.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\a8b347c55f40080b764650eb3a6c35d6\System.Data.SqlXml.ni.dll
+ 2010-06-24 23:10 . 2010-06-24 23:10 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\68ae4fa2000ae8adc99c7347ed1b12d7\System.Data.Services.ni.dll
+ 2010-06-24 22:15 . 2010-06-24 22:15 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\24b7891e2940e54e06d90d8c6e0ed8e9\System.Data.OracleClient.ni.dll
+ 2010-06-24 22:15 . 2010-06-24 22:15 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\78e9ffb3d2643d41b2463678ce9b1650\System.Data.Linq.ni.dll
+ 2010-06-24 23:10 . 2010-06-24 23:10 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\2a0a49f59b8416013ba5c4184dcfa67d\System.Data.Entity.ni.dll
+ 2010-06-24 22:15 . 2010-06-24 22:15 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\2b625f6ae71d64e958fd473b41983180\System.Core.ni.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c3b2895631f3ee0ec7b7eb7e2502020e\ReachFramework.ni.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\8e5c135f87dcdfeb2ba306dba412cb6f\PresentationUI.ni.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\3409292f545743f7238c2c82fa4d3c73\PresentationBuildTasks.ni.dll
+ 2010-06-24 23:10 . 2010-06-24 23:10 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ebf10070e02c6b44af17c983089d8c12\Microsoft.VisualBasic.ni.dll
+ 2010-06-24 22:17 . 2010-06-24 22:17 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42cf0e4405e4da8bf9ff20da35b26cab\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-24 23:11 . 2010-06-24 23:11 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\95727b360f6ed9ab82cfc31b9f7b43bb\Microsoft.JScript.ni.dll
+ 2010-06-24 23:09 . 2010-06-24 23:09 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\ec8bab5fd07f240d51875b0b0d69b5e8\Microsoft.Build.Tasks.ni.dll
+ 2010-06-24 23:09 . 2010-06-24 23:09 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\49c9da8ec61d106f288c1d2f74594666\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-24 23:09 . 2010-06-24 23:09 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\63505259f8a14d79aeaafe2eedebff7c\Microsoft.Build.Engine.ni.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-02-04 14:43 . 2009-02-04 14:43 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-24 22:18 . 2010-06-24 22:18 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-03-17 02:13 . 2010-03-17 02:13 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-23 05:25 . 2009-10-23 05:25 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-23 05:25 . 2009-10-23 05:25 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2007-12-27 21:06 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe
+ 2007-08-13 23:54 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2007-12-27 21:12 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-02 23:29 . 2010-04-02 23:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-04-02 16:30 . 2010-04-02 16:30 17456640 c:\windows\Installer\2b4183.msp
+ 2010-03-31 05:23 . 2010-03-31 05:23 15638528 c:\windows\Installer\2b4167.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 14599680 c:\windows\Installer\2b4141.msp
+ 2010-06-24 22:16 . 2010-02-25 15:54 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-06-24 22:14 . 2010-06-24 22:14 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\34485c49017673f54d877b83fbb6e49d\System.Windows.Forms.ni.dll
+ 2010-06-24 22:15 . 2010-06-24 22:15 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\301a4e52702910915a99e9d01d351b60\System.Web.ni.dll
+ 2010-06-24 22:17 . 2010-06-24 22:17 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0bed17ff7bd5a1ac0a8ab4c281747b9b\System.ServiceModel.ni.dll
+ 2010-06-24 22:15 . 2010-06-24 22:15 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a8c407b9c2d4d6cc966523a4a7d053c7\System.Design.ni.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ec3330a271a37b2ddbcc77bca8983d69\PresentationFramework.ni.dll
+ 2010-06-24 22:19 . 2010-06-24 22:19 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\192aa1f99ea3ec1a4f7933bcb04b6a51\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 363008]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-06-10 4182784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-04-01 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
2009-06-10 15:05 58112 ----a-w- c:\program files\BOINC\boinctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
2002-07-02 22:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DFO\\DFO.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/16/2010 11:20 PM 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/24/2010 5:56 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/24/2010 5:56 PM 19024]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys --> c:\windows\system32\drivers\c6501.sys [?]
S3 gupdate1c9ce0f40eea8c;Google Update Service (gupdate1c9ce0f40eea8c);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2009 1:53 AM 133104]
S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/12/2009 12:40 AM 24652]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/7/2008 1:36 PM 715248]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 00:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-1390067357-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:76,a7,c7,9c,74,a2,1a,ae,84,e1,13,9a,62,76,44,58,56,24,5f,23,d7,9d,e2,
2f,b3,24,02,71,1f,f6,f1,34,85,0c,62,06,d9,52,44,c5,b4,63,59,1b,19,23,10,0e,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-343818398-1390067357-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:4e,f1,aa,f2,a3,d9,a3,f0,61,6c,20,92,29,75,fc,4b,d6,03,af,55,cb,
cf,86,5b,cf,4b,61,c9,dc,ae,47,a4,69,fb,ad,80,3a,03,68,b2,74,e6,27,9a,41,9b,\
"rkeysecu"=hex:7b,7c,59,16,0f,05,33,65,c8,26,2d,a7,b6,82,e8,46

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1364)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
.
**************************************************************************
.
Completion time: 2010-06-26 00:08:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-26 04:08
ComboFix2.txt 2010-06-24 21:28

Pre-Run: 49,812,004,864 bytes free
Post-Run: 49,978,490,880 bytes free

- - End Of File - - DEA55F58DC41D394377E86A9D3E8FD83


#11 Raxius

Raxius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 26 June 2010 - 12:36 AM

Ok, now that I'm more conscious and awake, I'm gonna assume you wanted a fresh dds.txt after doing the lastest combofix script. If so, this will speed up a step or 2 without you having to ask for it again, if not, I'm sorry, feel free to edit this post.

Thank again km2357, I really appreciate it.


DDS (Ver_10-03-17.01) - NTFSx86
Run by fletchy at 1:31:05.35 on Sat 06/26/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1616 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\fletchy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.17\AsRunHelp.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260073085359
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277195718031
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-6-16 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-24 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-24 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-24 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-24 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-24 40384]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys --> c:\windows\system32\drivers\c6501.sys [?]
S3 gupdate1c9ce0f40eea8c;Google Update Service (gupdate1c9ce0f40eea8c);c:\program files\google\update\GoogleUpdate.exe [2009-5-6 133104]
S3 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-12 24652]

=============== Created Last 30 ================

2010-06-26 03:55:47 0 d-----w- C:\ComboFix
2010-06-24 22:05:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 21:56:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-24 21:12:27 0 d-sha-r- C:\cmdcons
2010-06-24 21:08:41 98816 ----a-w- c:\windows\sed.exe
2010-06-24 21:08:41 77312 ----a-w- c:\windows\MBR.exe
2010-06-24 21:08:41 256512 ----a-w- c:\windows\PEV.exe
2010-06-24 21:08:41 161792 ----a-w- c:\windows\SWREG.exe
2010-06-17 20:35:41 20 ----a-w- c:\documents and settings\fletchy\defogger_reenable
2010-06-17 03:20:42 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-17 03:20:38 0 d-----w- c:\program files\Panda Security
2010-06-15 17:31:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-15 16:04:07 0 d-----w- c:\docume~1\fletchy\applic~1\DFO Control Panel
2010-06-05 20:41:59 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-06-05 20:40:59 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-06-05 20:39:59 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2010-06-05 20:38:59 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2010-06-05 20:37:59 66082 -c--a-w- c:\windows\system32\dllcache\c_1149.nls
2010-06-05 13:04:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Aspyr
2010-06-05 12:52:42 0 d-----w- c:\program files\Aspyr

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-03 23:23:18 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23:16 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23:16 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55:31 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55:31 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 22:55:31 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-03 22:55:31 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55:31 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55:31 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55:31 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55:31 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55:31 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-03 22:55:31 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-02 20:54:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-31 16:20:15 47360 ----a-w- c:\docume~1\fletchy\applic~1\pcouffin.sys
2010-03-31 04:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe
2008-11-22 10:20:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112220081123\index.dat

============= FINISH: 1:31:31.92 ===============


#12 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:53 PM

Posted 26 June 2010 - 12:44 PM

QUOTE
I just woke up but I'm not seeing a Step 2.



QUOTE
Ok, now that I'm more conscious and awake, I'm gonna assume you wanted a fresh dds.txt after doing the lastest combofix script. If so, this will speed up a step or 2 without you having to ask for it again, if not, I'm sorry, feel free to edit this post.

Thank again km2357, I really appreciate it.


You did the right thing posting a fresh DDS Log. thumbup2.gif

That was a typo on my part, it should have read:

"A fresh DDS Log taken after Step 1 has been completed."



Step # 1 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u20.
  • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Remove the following old versions of Java:

  • Java™ 6 Update 3

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • From your desktop double-click on the download to install the newest version.



Step # 2: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleanerİ by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Step # 3 Run Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware.
  • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
  • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.


Post the MalwareBytes' Log in your next post/reply.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#13 Raxius

Raxius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 26 June 2010 - 01:57 PM

Java is now updated. I already have and use ATF-cleaner on a monthy basis, but did download it again from your link and ran it. And here is my MBAM log, which looks identical to the previous 20ish scans. tongue.gif

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4244

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/26/2010 2:40:02 PM
mbam-log-2010-06-26 (14-40-02).txt

Scan type: Quick scan
Objects scanned: 120879
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#14 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:53 PM

Posted 26 June 2010 - 09:01 PM

Step # 1 Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available. (See Note below)
  • First, go to Add/Remove Programs and uninstall Adobe Reader 8.2.2.
  • Please go to this link Adobe Acrobat Reader Download Link
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

Note: Adobe 9.3.2 is a large program and if you prefer a smaller program you can get Foxit 3.3.0 instead from http://www.foxitsoftware.com/downloads/index.php

If you decide to install Foxit 3.3.0 instead of Adobe, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes:

I accept the License Terms and want to install Foxit Toolbar

Make Ask.com my default search

Create desktop, quick launch and start menu icon to eBay



Step # 2: Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.


In your next post/reply, I need to see the following:

1. Kaspersky Log
2. A fresh DDS Log
3. How is your computer doing, any problems?

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#15 Raxius

Raxius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 27 June 2010 - 05:44 PM

Adobe Acrobat Reader updated.

QUOTE
1. Kaspersky Log


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, June 27, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, June 27, 2010 13:56:14
Records in database: 4282245
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 148226
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 03:05:18


File name / Threat / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\afd.sys.vir Infected: Rootkit.Win32.TDSS.ap 1

Selected area has been scanned.


QUOTE
2. A fresh DDS Log


DDS (Ver_10-03-17.01) - NTFSx86
Run by fletchy at 18:31:31.40 on Sun 06/27/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1551 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\fletchy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.17\AsRunHelp.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
dRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260073085359
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277195718031
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-6-16 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-24 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-24 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-24 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-24 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-24 40384]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys --> c:\windows\system32\drivers\c6501.sys [?]
S3 gupdate1c9ce0f40eea8c;Google Update Service (gupdate1c9ce0f40eea8c);c:\program files\google\update\GoogleUpdate.exe [2009-5-6 133104]
S3 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-12 24652]

=============== Created Last 30 ================

2010-06-26 18:30:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-26 18:30:01 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-26 03:55:47 0 d-----w- C:\ComboFix
2010-06-24 22:05:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 21:56:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-24 21:12:27 0 d-sha-r- C:\cmdcons
2010-06-24 21:08:41 98816 ----a-w- c:\windows\sed.exe
2010-06-24 21:08:41 77312 ----a-w- c:\windows\MBR.exe
2010-06-24 21:08:41 256512 ----a-w- c:\windows\PEV.exe
2010-06-24 21:08:41 161792 ----a-w- c:\windows\SWREG.exe
2010-06-17 20:35:41 20 ----a-w- c:\documents and settings\fletchy\defogger_reenable
2010-06-17 03:20:42 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-17 03:20:38 0 d-----w- c:\program files\Panda Security
2010-06-15 17:31:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-15 16:04:07 0 d-----w- c:\docume~1\fletchy\applic~1\DFO Control Panel
2010-06-05 20:41:59 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-06-05 20:40:59 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-06-05 20:39:59 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2010-06-05 20:38:59 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2010-06-05 20:37:59 66082 -c--a-w- c:\windows\system32\dllcache\c_1149.nls
2010-06-05 13:04:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Aspyr
2010-06-05 12:52:42 0 d-----w- c:\program files\Aspyr

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-03 23:23:18 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23:16 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23:16 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55:31 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55:31 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 22:55:31 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-03 22:55:31 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55:31 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55:31 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55:31 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55:31 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55:31 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-03 22:55:31 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-02 20:54:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-31 16:20:15 47360 ----a-w- c:\docume~1\fletchy\applic~1\pcouffin.sys
2010-03-31 04:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe
2008-11-22 10:20:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112220081123\index.dat

============= FINISH: 18:31:54.12 ===============


QUOTE
3. How is your computer doing, any problems?


Computer has been fine since we ran ComboFix the first time. No more popups and no more dreaded "Internet Explorer cannot display the webpage". thumbup.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users