Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacked (at least!)


  • This topic is locked This topic is locked
23 replies to this topic

#1 david240

david240

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 07 October 2010 - 05:31 PM

Current symptoms: Internet Explorer and Firefox search results relating to malware removal (other searches too? - not sure) are redirected to sites that offer presumably fake removal software. Machine is very sluggish in response to mouse/keyboard commands. I thought I had disabled the Virgin Media Security in favour of Avira AntiVir (internet normally through Virgin, but not at present), but apparently not... and now trying to open Virgin Security elicits the following message: "C:\Archivos de Programa\Virgin Media\RPS.exe No se pudo iniciar la aplicación porque su configuración es incorrecta. reinstalar la aplicacion puede solucionar el problema." As you can see, it's a Spanish-language installation of Windows.

In case it's of interest, here are examples of the Firefox hijacking redirects:
Example of the address that appeared when opening the Yahoo search (for "spyware remove") result, instead of the URL in Yahoo's results list:
hxxp://onionsword.com/default.pk?tsearch=spyware+remove&search_button.x=0&search_button.y=0

The page source of this address:
<html><head><script type="text/javascript">function f(){var url="http://a.checklactalon.com/vvw2O94x6S4yJuS198b6ada3e7b8ea414f2a4f6b4e2fffad06A";try{var x=document.getElementById("_a");x.href=url;x.click()}catch(e){try{var x=document.getElementById("_f");x.action=url;x.submit()}catch(e){}}}</script></head><body onload="f()"><a id="_a"></a><form id="_f" method="get"></form></body></html>
Example of an address that was opened spontaneously, shortly after the above, in a new tab:

hxxp://austin-apartment-net.com/?xurl=http://hytr8lzz02.com/yk616xrL5A6XH4O9670325cc73843681279561aafbb90e1606h&xref=http://austin-apartment-net.com/result.php?Keywords=spyware+remove&r=4518862d1fc28800455c1ddc5355f7853c88236861511a3fbee82e3eee6026e8f21035ac6d90c7f2018c051d14631a56&Submit=Go

Page source of that address:
<html><head><script type="text/javascript">function f(){var url="http://hytr8lzz02.com/yk616xrL5A6XH4O9670325cc73843681279561aafbb90e1606h";try{var x=document.getElementById("_a");x.href=url;x.click()}catch(e){try{var x=document.getElementById("_f");x.action=url;x.submit()}catch(e){}}}</script></head><body onload="f()"><a id="_a"></a><form id="_f" method="get"></form></body></html>

I have previously managed to get under control an infection on this machine that was preventing the task bar, start button and desktop icons from appearing at boot-up. This is its condition when I was asked to get involved. Only Internet Explorer would start, and task manager and command box would not run. ComboFix reported the presence of rootkit activity and after reboot the command box became available. Booting with Start button, Taskbar and access to task manager was restored following use of MalwareBytes, Spybot S&D, Super Antispyware and Reg Cleaner.

Now I don't know what to try and I hope you may be able to help me.


DDS (Ver_10-10-05.01) - FAT32x86
Run by claudia at 15:08:04,07 on 07/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.447.62 [GMT 1:00]

AV: Virgin Media Security Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Virgin Media Security Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\Archivos de programa\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
SVCHOST.EXE
C:\Archivos de programa\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Archivos de programa\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Archivos de programa\Virgin Media\Chat Extension\HsdClient.exe
C:\Archivos de programa\Virgin Media\Digital Home Support\ServicepointService.exe
C:\ARCHIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Archivos de programa\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Trusteer\Rapport\bin\RapportService.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Documents and Settings\claudia\Escritorio\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = 10.250.13.250:3128
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\datos de programa\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\archivos de programa\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\archivos de programa\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\archivos de programa\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\archivos de programa\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\archivos de programa\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\archivos de programa\google\google toolbar\GoogleToolbar_32.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: &Discusión: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [swg] "c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpywareTerminatorUpdate] "c:\archivos de programa\spyware terminator\SpywareTerminatorUpdate.exe"
mRun: [D-Link D-Link Wireless N DWA-140] c:\archivos de programa\d-link\d-link wireless n dwa-140\AirNCFG.exe
mRun: [iTunesHelper] "c:\archivos de programa\itunes\iTunesHelper.exe"
mRun: [ContentTransferWMDetector.exe] c:\archivos de programa\sony\content transfer\ContentTransferWMDetector.exe
mRun: [NSWosCheck] "c:\archivos de programa\norton systemworks basic edition\osCheck.exe"
mRun: [NswUiTray] c:\archivos de programa\norton systemworks basic edition\NswUiTray.exe
mRun: [DigitalHomeSupport.exe] "c:\archivos de programa\virgin media\digital home support\DigitalHomeSupport.exe" /AUTORUN
mRun: [HsdClient.exe] "c:\archivos de programa\virgin media\chat extension\HsdClient.exe" /AUTORUN
mRun: [QuickTime Task] "c:\archivos de programa\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\archivos de programa\avira\antivir desktop\avgnt.exe" /min
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\archivos de programa\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
Trusted Zone: bankofscotland-online.co.uk\www
Trusted Zone: rbsdigital.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229982684453
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229982658109
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\archivos de programa\belarc\advisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\archiv~1\archiv~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\claudia\datosd~1\mozilla\firefox\profiles\rz9emvhw.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\datos de programa\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\archivos de programa\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\virgin media\digital home support\nprpspa.dll
FF - plugin: c:\documents and settings\all users\datos de programa\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-29 64288]
R1 avgio;avgio;c:\archivos de programa\avira\antivir desktop\avgio.sys [2010-9-23 11608]
R1 RapportKELL;RapportKELL;c:\archivos de programa\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]
R1 RapportPG;RapportPG;c:\archivos de programa\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-9-23 142592]
R2 AntiVirSchedulerService;Avira AntiVir Programador;c:\archivos de programa\avira\antivir desktop\sched.exe [2010-9-23 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\archivos de programa\avira\antivir desktop\avguard.exe [2010-9-23 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-23 60936]
R2 RapportMgmtService;Rapport Management Service;c:\archivos de programa\trusteer\rapport\bin\RapportMgmtService.exe [2010-7-1 840936]
R2 ServicepointService;ServicepointService;c:\archivos de programa\virgin media\digital home support\ServicepointService.exe [2010-9-10 689392]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [2004-6-17 193280]
S2 Radialpoint Security Services;Virgin Media Security;c:\archivos de programa\virgin media\security\RpsSecurityAwareR.exe [2010-1-4 165408]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2008-1-26 13568]
S3 cpuz132;cpuz132;\??\c:\docume~1\claudia\config~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\claudia\config~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\archivos de programa\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\archivos de programa\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\claudia\config~1\temp\000005f1.nmc\nse\bin\ndiskio.sys --> c:\docume~1\claudia\config~1\temp\000005f1.nmc\nse\bin\ndiskio.sys [?]
S3 nsak;nsak;\??\c:\docume~1\claudia\config~1\temp\000005f1.nmc\nse\bin\nsak.sys --> c:\docume~1\claudia\config~1\temp\000005f1.nmc\nse\bin\nsak.sys [?]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2010-10-4 27192]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2008-9-12 476416]
S3 SHUNUR;SHUNUR;c:\docume~1\claudia\config~1\temp\shunur.exe --> c:\docume~1\claudia\config~1\temp\SHUNUR.exe [?]
S3 Update Server;BitDefender Update Server v2;c:\archivos de programa\archivos comunes\bitdefender\bitdefender arrakis server\bin\arrakis3.exe --> c:\archivos de programa\archivos comunes\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [?]
S4 AHWHWFRZTLHX;AHWHWFRZTLHX;c:\docume~1\claudia\config~1\temp\ahwhwfrztlhx.exe --> c:\docume~1\claudia\config~1\temp\AHWHWFRZTLHX.exe [?]
S4 gupdate;Google Update Service (gupdate);c:\archivos de programa\google\update\GoogleUpdate.exe [2009-7-24 133104]
S4 HsdService;HsdService;c:\archivos de programa\virgin media\chat extension\HsdService.exe [2010-9-10 1410288]

=============== Created Last 30 ================

2010-10-07 14:05:41 0 ----a-w- c:\documents and settings\claudia\defogger_reenable
2010-10-05 23:11:07 -------- d-----w- c:\docume~1\claudia\config~1\datosd~1\RegistryBackups
2010-10-05 08:53:34 -------- d-sh--w- C:\FOUND.009
2010-10-04 17:26:26 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-04 09:07:03 32824 ----a-w- c:\windows\system32\rrMon.sys
2010-10-04 09:01:23 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2010-10-02 23:26:25 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-10-02 23:26:25 -------- d-----w- c:\archivos de programa\Belarc
2010-09-29 08:42:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-29 08:38:47 -------- d--h--w- c:\docume~1\alluse~1\datosd~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-29 08:37:13 -------- d-----w- c:\archivos de programa\Lavasoft
2010-09-28 23:28:34 244024 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2010-09-28 23:28:34 203976 ----a-w- c:\windows\system32\richtx32.ocx
2010-09-28 23:28:34 140096 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-09-28 23:28:34 132880 ----a-w- c:\windows\system32\MSINET.OCX
2010-09-28 23:28:32 -------- d-----w- c:\archivos de programa\Browser Hijack Retaliator 4.5
2010-09-28 22:22:59 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-24 15:14:44 -------- d-----w- c:\archivos de programa\Browser Hijack Blaster
2010-09-24 11:02:30 36 ----a-w- c:\docume~1\claudia\config~1\datosd~1\housecall.guid.cache
2010-09-23 16:05:41 -------- d-----w- c:\docume~1\claudia\datosd~1\Avira
2010-09-23 15:56:48 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-23 15:55:48 -------- d-----w- c:\docume~1\alluse~1\datosd~1\Avira
2010-09-23 15:50:40 -------- d-sh--w- C:\Recycled
2010-09-23 12:42:09 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-09-23 12:42:06 -------- d-----w- c:\docume~1\claudia\datosd~1\Spyware Terminator
2010-09-23 12:42:06 -------- d-----w- c:\docume~1\alluse~1\datosd~1\Spyware Terminator
2010-09-23 12:41:55 -------- d-----w- c:\archivos de programa\Spyware Terminator
2010-09-23 12:28:56 -------- d-----w- c:\docume~1\claudia\config~1\datosd~1\NPE
2010-09-23 12:02:20 -------- d-----w- c:\archivos de programa\Safer Networking_RunAlyzer
2010-09-23 11:57:42 418632 ----a-r- c:\windows\system32\drivers\etc\hosts.bak
2010-09-23 11:32:06 -------- d-----w- c:\archivos de programa\MozBackup
2010-09-23 10:18:40 327368 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys.upd
2010-09-23 10:02:54 -------- d-----w- c:\docume~1\alluse~1\datosd~1\bdch
2010-09-22 18:10:48 0 ----a-w- c:\documents and settings\claudia\?????
2010-09-22 17:46:25 -------- d-----w- c:\docume~1\alluse~1\datosd~1\cb1e0000-c29a-4d27-920c-2d7e9ca525be
2010-09-22 17:01:35 -------- d-----w- c:\docume~1\alluse~1\datosd~1\aad00000-2cf2-479e-7cf1-42cbc710dfb0
2010-09-22 12:56:59 -------- d-----w- c:\docume~1\claudia\datosd~1\QuickScan
2010-09-22 12:46:01 997089 ----a-w- c:\docume~1\alluse~1\datosd~1\bdinstall.bin
2010-09-22 10:59:15 -------- d-----w- c:\windows\system32\XPSViewer
2010-09-22 10:57:20 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-09-22 10:57:20 117760 ------w- c:\windows\system32\prntvpt.dll
2010-09-22 10:57:19 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-09-22 10:57:19 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-09-22 10:57:19 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-09-22 10:57:18 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-09-22 10:57:18 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-09-22 08:27:24 -------- d-sha-r- C:\cmdcons
2010-09-22 08:00:12 27 ----a-w- c:\windows\system32\drivers\etc\hosts.20100922-090012.backup
2010-09-22 00:37:46 -------- d-----w- c:\docume~1\claudia\config~1\datosd~1\Mozilla
2010-09-21 18:31:16 -------- d-----w- c:\docume~1\claudia\datosd~1\Malwarebytes
2010-09-21 17:26:40 -------- d-----w- c:\windows\system32\CatRoot2
2010-09-21 17:14:48 98816 ----a-w- c:\windows\sed.exe
2010-09-21 17:14:48 77312 ----a-w- c:\windows\MBR.exe
2010-09-21 17:14:48 256512 ----a-w- c:\windows\PEV.exe
2010-09-21 17:14:48 161792 ----a-w- c:\windows\SWREG.exe
2010-09-21 16:44:12 403456 ----a-w- c:\windows\system32\Copia de cmd.exe
2010-09-21 14:35:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-21 14:35:27 -------- d-----w- c:\docume~1\alluse~1\datosd~1\Malwarebytes
2010-09-21 14:35:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-21 14:35:24 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-09-21 12:10:58 -------- d-----w- c:\archivos de programa\Avira
2010-09-21 11:39:11 -------- d-----w- c:\docume~1\claudia\datosd~1\Auslogics
2010-09-21 11:31:14 -------- d-----w- c:\archivos de programa\Auslogics
2010-09-21 08:44:58 -------- d-----w- C:\FOUND.008
2010-09-17 21:35:04 211 ----a-w- C:\boot.ini.orig
2010-09-17 17:49:12 -------- d-----w- C:\Kaspersky Rescue Disk 10.0
2010-09-17 10:47:05 12416 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-09-14 06:24:14 -------- d-----w- C:\FOUND.007
2010-09-12 16:22:16 -------- d-----w- C:\FOUND.006
2010-09-12 09:02:48 -------- d-----w- C:\FOUND.005
2010-09-10 19:20:18 -------- d-----w- C:\FOUND.004
2010-09-10 12:37:16 -------- d-----w- C:\FOUND.003
2010-09-10 12:28:29 -------- d-----w- c:\docume~1\alluse~1\datosd~1\UAB
2010-09-10 12:28:22 -------- d-----w- c:\docume~1\claudia\config~1\datosd~1\PC_Drivers_Headquarters
2010-09-10 12:28:05 -------- d-----w- c:\docume~1\alluse~1\datosd~1\PC Drivers HeadQuarters
2010-09-10 12:25:29 -------- d-----w- c:\archivos de programa\PC Drivers HeadQuarters
2010-09-10 11:52:54 -------- d-----w- C:\FOUND.002
2010-09-10 10:32:20 -------- d-----w- c:\windows\LMI15.tmp
2010-09-10 09:57:36 -------- d-----w- C:\FOUND.001
2010-09-09 18:06:30 -------- d-----w- C:\FOUND.000

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 04:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-22 15:46:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19:06 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-08 09:37:14 101544 ----a-w- c:\archivos de programa\archivos comunes\LinkInstaller.exe

============= FINISH: 15:10:29,26 ===============


Regards,

David

Edited by Orange Blossom, 14 October 2010 - 06:48 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 15 October 2010 - 11:32 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 david240

david240
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 18 October 2010 - 05:38 AM

Hi Gringo, I am glad to hear from you.

I had no trouble with the steps you asked for (though I would like to offer a clarification, which follows) and I have pasted the log contents below, including the output of defogger for info. The problem machine remains disconnected from the internet; I am using a USB flash drive to transfer from/to another PC.

I got the warning you mentioned from RKUnhookerLE.exe, but your advice"just ignore" seems a bit confusing, since one has to choose either to Accept "remove parasite" or ¨Cancel", and another disconcerting alert follows after clicking Cancel. It would very be helpful to actually say something specific like "just click on Cancel, then Accept".

Anyway, here are the logs...


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:52 on 18/10/2010 (claudia)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-



DDS (Ver_10-10-10.03) - FAT32x86
Run by claudia at 10:57:11,70 on 18/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.447.196 [GMT 1:00]

AV: Virgin Media Security Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Virgin Media Security Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\Archivos de programa\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
SVCHOST.EXE
C:\Archivos de programa\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Virgin Media\Digital Home Support\ServicepointService.exe
C:\ARCHIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Archivos de programa\ASUS\NB Probe\SPM\spmgr.exe
C:\Archivos de programa\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Archivos de programa\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Archivos de programa\Trusteer\Rapport\bin\RapportService.exe
C:\Archivos de programa\Virgin Media\Chat Extension\HsdClient.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Documents and Settings\claudia\Escritorio\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = 10.250.13.250:3128
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\datos de programa\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\archivos de programa\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\archivos de programa\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\archivos de programa\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\archivos de programa\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\archivos de programa\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\archivos de programa\google\google toolbar\GoogleToolbar_32.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: &Discusión: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [swg] "c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpywareTerminatorUpdate] "c:\archivos de programa\spyware terminator\SpywareTerminatorUpdate.exe"
mRun: [D-Link D-Link Wireless N DWA-140] c:\archivos de programa\d-link\d-link wireless n dwa-140\AirNCFG.exe
mRun: [iTunesHelper] "c:\archivos de programa\itunes\iTunesHelper.exe"
mRun: [ContentTransferWMDetector.exe] c:\archivos de programa\sony\content transfer\ContentTransferWMDetector.exe
mRun: [NSWosCheck] "c:\archivos de programa\norton systemworks basic edition\osCheck.exe"
mRun: [NswUiTray] c:\archivos de programa\norton systemworks basic edition\NswUiTray.exe
mRun: [DigitalHomeSupport.exe] "c:\archivos de programa\virgin media\digital home support\DigitalHomeSupport.exe" /AUTORUN
mRun: [HsdClient.exe] "c:\archivos de programa\virgin media\chat extension\HsdClient.exe" /AUTORUN
mRun: [QuickTime Task] "c:\archivos de programa\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\archivos de programa\avira\antivir desktop\avgnt.exe" /min
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\archivos de programa\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
Trusted Zone: bankofscotland-online.co.uk\www
Trusted Zone: rbsdigital.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229982684453
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229982658109
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\archivos de programa\belarc\advisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\archiv~1\archiv~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\claudia\datosd~1\mozilla\firefox\profiles\rz9emvhw.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\datos de programa\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\archivos de programa\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\virgin media\digital home support\nprpspa.dll
FF - plugin: c:\documents and settings\all users\datos de programa\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\archivos de programa\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-29 64288]
R1 avgio;avgio;c:\archivos de programa\avira\antivir desktop\avgio.sys [2010-9-23 11608]
R1 RapportKELL;RapportKELL;c:\archivos de programa\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]
R1 RapportPG;RapportPG;c:\archivos de programa\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-9-23 142592]
R2 AntiVirSchedulerService;Avira AntiVir Programador;c:\archivos de programa\avira\antivir desktop\sched.exe [2010-9-23 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\archivos de programa\avira\antivir desktop\avguard.exe [2010-9-23 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-23 60936]
R2 RapportMgmtService;Rapport Management Service;c:\archivos de programa\trusteer\rapport\bin\RapportMgmtService.exe [2010-7-1 840936]
R2 ServicepointService;ServicepointService;c:\archivos de programa\virgin media\digital home support\ServicepointService.exe [2010-9-10 689392]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [2004-6-17 193280]
S2 Radialpoint Security Services;Virgin Media Security;c:\archivos de programa\virgin media\security\RpsSecurityAwareR.exe [2010-1-4 165408]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2008-1-26 13568]
S3 cpuz132;cpuz132;\??\c:\docume~1\claudia\config~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\claudia\config~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\archivos de programa\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\archivos de programa\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\claudia\config~1\temp\000005f1.nmc\nse\bin\ndiskio.sys --> c:\docume~1\claudia\config~1\temp\000005f1.nmc\nse\bin\ndiskio.sys [?]
S3 nsak;nsak;\??\c:\docume~1\claudia\config~1\temp\000005f1.nmc\nse\bin\nsak.sys --> c:\docume~1\claudia\config~1\temp\000005f1.nmc\nse\bin\nsak.sys [?]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2010-10-4 27192]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2008-9-12 476416]
S3 SHUNUR;SHUNUR;c:\docume~1\claudia\config~1\temp\shunur.exe --> c:\docume~1\claudia\config~1\temp\SHUNUR.exe [?]
S3 Update Server;BitDefender Update Server v2;c:\archivos de programa\archivos comunes\bitdefender\bitdefender arrakis server\bin\arrakis3.exe --> c:\archivos de programa\archivos comunes\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [?]
S4 AHWHWFRZTLHX;AHWHWFRZTLHX;c:\docume~1\claudia\config~1\temp\ahwhwfrztlhx.exe --> c:\docume~1\claudia\config~1\temp\AHWHWFRZTLHX.exe [?]
S4 gupdate;Google Update Service (gupdate);c:\archivos de programa\google\update\GoogleUpdate.exe [2009-7-24 133104]
S4 HsdService;HsdService;c:\archivos de programa\virgin media\chat extension\HsdService.exe [2010-9-10 1410288]

=============== Created Last 30 ================

2010-10-05 23:11:07 -------- d-----w- c:\docume~1\claudia\config~1\datosd~1\RegistryBackups
2010-10-05 08:53:34 -------- d-sh--w- C:\FOUND.009
2010-10-04 17:26:26 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-04 09:07:03 32824 ----a-w- c:\windows\system32\rrMon.sys
2010-10-04 09:01:23 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2010-10-02 23:26:25 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-10-02 23:26:25 -------- d-----w- c:\archivos de programa\Belarc
2010-09-29 08:42:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-29 08:38:47 -------- d--h--w- c:\docume~1\alluse~1\datosd~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-29 08:37:13 -------- d-----w- c:\archivos de programa\Lavasoft
2010-09-28 23:28:34 570128 ----a-w- c:\archivos de programa\archivos comunes\microsoft shared\dao\DAO350.DLL
2010-09-28 23:28:34 3584 ----a-w- c:\archivos de programa\archivos comunes\microsoft shared\dao\comcat.dll
2010-09-28 23:28:34 244024 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2010-09-28 23:28:34 203976 ----a-w- c:\windows\system32\richtx32.ocx
2010-09-28 23:28:34 140096 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-09-28 23:28:34 1338880 ----a-w- c:\archivos de programa\archivos comunes\microsoft shared\dao\shdocvw.dll
2010-09-28 23:28:34 132880 ----a-w- c:\windows\system32\MSINET.OCX
2010-09-28 23:28:32 -------- d-----w- c:\archivos de programa\Browser Hijack Retaliator 4.5
2010-09-28 22:22:59 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-24 15:14:44 -------- d-----w- c:\archivos de programa\Browser Hijack Blaster
2010-09-23 16:05:41 -------- d-----w- c:\docume~1\claudia\datosd~1\Avira
2010-09-23 15:56:48 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-23 15:55:48 -------- d-----w- c:\docume~1\alluse~1\datosd~1\Avira
2010-09-23 15:50:40 -------- d-sh--w- C:\Recycled
2010-09-23 12:42:09 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-09-23 12:42:06 -------- d-----w- c:\docume~1\claudia\datosd~1\Spyware Terminator
2010-09-23 12:42:06 -------- d-----w- c:\docume~1\alluse~1\datosd~1\Spyware Terminator
2010-09-23 12:41:55 -------- d-----w- c:\archivos de programa\Spyware Terminator
2010-09-23 12:28:56 -------- d-----w- c:\docume~1\claudia\config~1\datosd~1\NPE
2010-09-23 12:02:20 -------- d-----w- c:\archivos de programa\Safer Networking_RunAlyzer
2010-09-23 11:32:06 -------- d-----w- c:\archivos de programa\MozBackup
2010-09-23 10:02:54 -------- d-----w- c:\docume~1\alluse~1\datosd~1\bdch
2010-09-22 17:46:25 -------- d-----w- c:\docume~1\alluse~1\datosd~1\cb1e0000-c29a-4d27-920c-2d7e9ca525be
2010-09-22 17:01:35 -------- d-----w- c:\docume~1\alluse~1\datosd~1\aad00000-2cf2-479e-7cf1-42cbc710dfb0
2010-09-22 12:56:59 -------- d-----w- c:\docume~1\claudia\datosd~1\QuickScan
2010-09-22 12:46:01 997089 ----a-w- c:\docume~1\alluse~1\datosd~1\bdinstall.bin
2010-09-22 10:59:15 -------- d-----w- c:\windows\system32\XPSViewer
2010-09-22 10:57:59 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-09-22 10:57:20 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-09-22 10:57:20 117760 ------w- c:\windows\system32\prntvpt.dll
2010-09-22 10:57:19 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-09-22 10:57:19 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-09-22 10:57:19 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-09-22 10:57:19 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-09-22 10:57:18 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-09-22 10:57:18 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-09-22 08:27:24 -------- d-sha-r- C:\cmdcons
2010-09-21 18:31:16 -------- d-----w- c:\docume~1\claudia\datosd~1\Malwarebytes
2010-09-21 17:26:40 -------- d-----w- c:\windows\system32\CatRoot2
2010-09-21 17:14:48 98816 ----a-w- c:\windows\sed.exe
2010-09-21 17:14:48 77312 ----a-w- c:\windows\MBR.exe
2010-09-21 17:14:48 256512 ----a-w- c:\windows\PEV.exe
2010-09-21 17:14:48 161792 ----a-w- c:\windows\SWREG.exe
2010-09-21 16:44:12 403456 ----a-w- c:\windows\system32\Copia de cmd.exe
2010-09-21 14:35:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-21 14:35:27 -------- d-----w- c:\docume~1\alluse~1\datosd~1\Malwarebytes
2010-09-21 14:35:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-21 14:35:24 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-09-21 12:10:58 -------- d-----w- c:\archivos de programa\Avira
2010-09-21 11:39:11 -------- d-----w- c:\docume~1\claudia\datosd~1\Auslogics
2010-09-21 11:31:14 -------- d-----w- c:\archivos de programa\Auslogics
2010-09-21 08:44:58 -------- d-----w- C:\FOUND.008

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 04:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-22 15:46:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19:06 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-08 09:37:14 101544 ----a-w- c:\archivos de programa\archivos comunes\LinkInstaller.exe

============= FINISH: 10:59:32,67 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 26/01/2006 2:47:19
System Uptime: 18/10/2010 10:43:21 (0 hours ago)

Motherboard: ASUSTeK Computer Inc. | | A6U
Processor: Mobile AMD Sempron™ Processor 3000+ | CPU 1 | 1799/200mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 21 GiB total, 2,914 GiB free.
D: is FIXED (FAT32) - 14 GiB total, 13,957 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Adaptador de red ASUS 802.11g
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_120F1043&REV_02\3&267A616A&0&48
Manufacturer: ASUS
Name: Adaptador de red ASUS 802.11g
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_120F1043&REV_02\3&267A616A&0&48
Service: BCM43XX

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Adaptador de red 1394
Device ID: V1394\NIC1394\34374CDE01800
Manufacturer: Microsoft
Name: Adaptador de red 1394
PNP Device ID: V1394\NIC1394\34374CDE01800
Service: NIC1394

==== System Restore Points ===================

RP679: 22/09/2010 15:11:44 - Software Distribution Service 3.0
RP680: 23/09/2010 10:49:07 - Software Distribution Service 3.0
RP681: 23/09/2010 14:07:08 - Spyware Terminator - restore point
RP682: 23/09/2010 16:37:37 - Norton_Power_Eraser_20100923163717078
RP683: 23/09/2010 16:50:21 - Software Distribution Service 3.0
RP684: 23/09/2010 16:55:47 - Avira AntiVir Personal - 23/09/2010 16:53
RP685: 23/09/2010 19:09:40 - Software Distribution Service 3.0
RP686: 24/09/2010 8:32:14 - Software Distribution Service 3.0
RP687: 27/09/2010 13:35:58 - Software Distribution Service 3.0
RP688: 27/09/2010 17:44:28 - Software Distribution Service 3.0
RP689: 29/09/2010 0:32:56 - Software Distribution Service 3.0
RP690: 03/10/2010 0:23:56 - Software Distribution Service 3.0
RP691: 03/10/2010 0:42:02 - Software Distribution Service 3.0
RP692: 04/10/2010 9:37:49 - Software Distribution Service 3.0
RP693: 04/10/2010 10:12:03 - Software Distribution Service 3.0
RP694: 05/10/2010 9:06:21 - Software Distribution Service 3.0
RP695: 06/10/2010 0:40:50 - Software Distribution Service 3.0
RP696: 07/10/2010 16:13:04 - Punto de control del sistema

==== Installed Programs ======================


Actualización crítica para el Reproductor de Windows Media 11 (KB959772)
Actualización de seguridad para el Reproductor de Windows Media (KB952069)
Actualización de seguridad para el Reproductor de Windows Media (KB954155)
Actualización de seguridad para el Reproductor de Windows Media (KB968816)
Actualización de seguridad para el Reproductor de Windows Media (KB973540)
Actualización de seguridad para el Reproductor de Windows Media (KB975558)
Actualización de seguridad para el Reproductor de Windows Media (KB978695)
Actualización de seguridad para el Reproductor de Windows Media 11 (KB936782)
Actualización de seguridad para el Reproductor de Windows Media 11 (KB954154)
Actualización de seguridad para el Reproductor de Windows Media 9 (KB911565)
Actualización de seguridad para el Reproductor de Windows Media 9 (KB917734)
Actualización de seguridad para Step by Step Interactive Training (KB898458)
Actualización de seguridad para Step by Step Interactive Training (KB923723)
Actualización de seguridad para Windows Internet Explorer 8 (KB2183461)
Actualización de seguridad para Windows Internet Explorer 8 (KB971961)
Actualización de seguridad para Windows Internet Explorer 8 (KB981332)
Actualización de seguridad para Windows Internet Explorer 8 (KB982381)
Actualización de seguridad para Windows XP (KB2079403)
Actualización de seguridad para Windows XP (KB2115168)
Actualización de seguridad para Windows XP (KB2121546)
Actualización de seguridad para Windows XP (KB2160329)
Actualización de seguridad para Windows XP (KB2229593)
Actualización de seguridad para Windows XP (KB2259922)
Actualización de seguridad para Windows XP (KB2286198)
Actualización de seguridad para Windows XP (KB2347290)
Actualización de seguridad para Windows XP (KB923561)
Actualización de seguridad para Windows XP (KB938464-v2)
Actualización de seguridad para Windows XP (KB938464)
Actualización de seguridad para Windows XP (KB941569)
Actualización de seguridad para Windows XP (KB946648)
Actualización de seguridad para Windows XP (KB950759)
Actualización de seguridad para Windows XP (KB950760)
Actualización de seguridad para Windows XP (KB950762)
Actualización de seguridad para Windows XP (KB950974)
Actualización de seguridad para Windows XP (KB951066)
Actualización de seguridad para Windows XP (KB951376-v2)
Actualización de seguridad para Windows XP (KB951376)
Actualización de seguridad para Windows XP (KB951698)
Actualización de seguridad para Windows XP (KB951748)
Actualización de seguridad para Windows XP (KB952004)
Actualización de seguridad para Windows XP (KB952954)
Actualización de seguridad para Windows XP (KB953838)
Actualización de seguridad para Windows XP (KB953839)
Actualización de seguridad para Windows XP (KB954211)
Actualización de seguridad para Windows XP (KB954459)
Actualización de seguridad para Windows XP (KB954600)
Actualización de seguridad para Windows XP (KB955069)
Actualización de seguridad para Windows XP (KB956391)
Actualización de seguridad para Windows XP (KB956572)
Actualización de seguridad para Windows XP (KB956744)
Actualización de seguridad para Windows XP (KB956802)
Actualización de seguridad para Windows XP (KB956803)
Actualización de seguridad para Windows XP (KB956841)
Actualización de seguridad para Windows XP (KB956844)
Actualización de seguridad para Windows XP (KB957095)
Actualización de seguridad para Windows XP (KB957097)
Actualización de seguridad para Windows XP (KB958215)
Actualización de seguridad para Windows XP (KB958644)
Actualización de seguridad para Windows XP (KB958687)
Actualización de seguridad para Windows XP (KB958690)
Actualización de seguridad para Windows XP (KB958869)
Actualización de seguridad para Windows XP (KB959426)
Actualización de seguridad para Windows XP (KB960225)
Actualización de seguridad para Windows XP (KB960714)
Actualización de seguridad para Windows XP (KB960715)
Actualización de seguridad para Windows XP (KB960803)
Actualización de seguridad para Windows XP (KB960859)
Actualización de seguridad para Windows XP (KB961371)
Actualización de seguridad para Windows XP (KB961373)
Actualización de seguridad para Windows XP (KB961501)
Actualización de seguridad para Windows XP (KB963027)
Actualización de seguridad para Windows XP (KB968537)
Actualización de seguridad para Windows XP (KB969059)
Actualización de seguridad para Windows XP (KB969897)
Actualización de seguridad para Windows XP (KB969898)
Actualización de seguridad para Windows XP (KB969947)
Actualización de seguridad para Windows XP (KB970238)
Actualización de seguridad para Windows XP (KB970430)
Actualización de seguridad para Windows XP (KB971468)
Actualización de seguridad para Windows XP (KB971486)
Actualización de seguridad para Windows XP (KB971557)
Actualización de seguridad para Windows XP (KB971633)
Actualización de seguridad para Windows XP (KB971657)
Actualización de seguridad para Windows XP (KB971961)
Actualización de seguridad para Windows XP (KB972260)
Actualización de seguridad para Windows XP (KB972270)
Actualización de seguridad para Windows XP (KB973346)
Actualización de seguridad para Windows XP (KB973354)
Actualización de seguridad para Windows XP (KB973507)
Actualización de seguridad para Windows XP (KB973525)
Actualización de seguridad para Windows XP (KB973869)
Actualización de seguridad para Windows XP (KB973904)
Actualización de seguridad para Windows XP (KB974112)
Actualización de seguridad para Windows XP (KB974318)
Actualización de seguridad para Windows XP (KB974392)
Actualización de seguridad para Windows XP (KB974571)
Actualización de seguridad para Windows XP (KB975025)
Actualización de seguridad para Windows XP (KB975467)
Actualización de seguridad para Windows XP (KB975560)
Actualización de seguridad para Windows XP (KB975561)
Actualización de seguridad para Windows XP (KB975562)
Actualización de seguridad para Windows XP (KB975713)
Actualización de seguridad para Windows XP (KB976325)
Actualización de seguridad para Windows XP (KB977165)
Actualización de seguridad para Windows XP (KB977816)
Actualización de seguridad para Windows XP (KB977914)
Actualización de seguridad para Windows XP (KB978037)
Actualización de seguridad para Windows XP (KB978251)
Actualización de seguridad para Windows XP (KB978262)
Actualización de seguridad para Windows XP (KB978338)
Actualización de seguridad para Windows XP (KB978542)
Actualización de seguridad para Windows XP (KB978601)
Actualización de seguridad para Windows XP (KB978706)
Actualización de seguridad para Windows XP (KB979309)
Actualización de seguridad para Windows XP (KB979482)
Actualización de seguridad para Windows XP (KB979559)
Actualización de seguridad para Windows XP (KB979683)
Actualización de seguridad para Windows XP (KB980195)
Actualización de seguridad para Windows XP (KB980218)
Actualización de seguridad para Windows XP (KB980232)
Actualización de seguridad para Windows XP (KB980436)
Actualización de seguridad para Windows XP (KB981322)
Actualización de seguridad para Windows XP (KB981349)
Actualización de seguridad para Windows XP (KB981852)
Actualización de seguridad para Windows XP (KB981997)
Actualización de seguridad para Windows XP (KB982214)
Actualización de seguridad para Windows XP (KB982381)
Actualización de seguridad para Windows XP (KB982665)
Actualización de seguridad para Windows XP (KB982802)
Actualización para Windows Internet Explorer 8 (KB976662)
Actualización para Windows Internet Explorer 8 (KB982632)
Actualización para Windows XP (KB2141007)
Actualización para Windows XP (KB951072-v2)
Actualización para Windows XP (KB951978)
Actualización para Windows XP (KB955759)
Actualización para Windows XP (KB955839)
Actualización para Windows XP (KB961503)
Actualización para Windows XP (KB967715)
Actualización para Windows XP (KB968389)
Actualización para Windows XP (KB971737)
Actualización para Windows XP (KB973687)
Actualización para Windows XP (KB973815)
Actualización para Windows XP (KB978207)
Actualización para Windows XP (KB980182)
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3 - Español
ANIO Service
ANIWZCS2 Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asus ChkMail
ASUS Live Update
ASUS Video Security
ASUS WLAN Card Utilities/Driver
Asus_A6_ScreenSaver
ASUSDVD
ATK0100 ACPI UTILITY
Auslogics Disk Defrag
Auslogics Registry Cleaner
Avira AntiVir Personal - Free Antivirus
Belarc Advisor 8.1
BisonCam, USB2.0
Bonjour
Browser Hijack Blaster v1.0
Browser Hijack Retaliator 4.5.0 Build 471
Compatibility Pack for the 2007 Office system
Compresor WinRAR
Connection Keep Alive
Content Transfer
D-Link Wireless N DWA-140
Driver Detective
Epson Easy Photo Print 2
EPSON Scan
EPSON Stylus SX100_TX100 Manual
EPSON SX100 Series Printer Uninstall
EPSON Web-To-Page
ES: Radialpoint Security Advisor 2.5.13
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
iTunes
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MozBackup 1.4.10
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multi-Card Reader & Flash Disk
NB Probe
Norton Cleanup
Norton SystemWorks (Symantec Corporation)
Norton SystemWorks Basic Edition
Norton Utilities
OGA Notifier 1.7.0105.0
PerfectDisk 10 Professional
PerformanceTest
Power4 Gear
QuickTime
Rapport
RealPlayer
Realtek AC'97 Audio
RealUpgrade 1.0
Registrar Registry Manager 6.52
Registrar Registry Manager 6.52 (Lite Edition)
Reproductor de Windows Media 11
Revisión para el Reproductor de Windows Media 11 (KB939683)
Revisión para Windows XP (KB952287)
Revisión para Windows XP (KB961118)
Revisión para Windows XP (KB970653-v3)
Revisión para Windows XP (KB976098-v2)
Revisión para Windows XP (KB979306)
Revisión para Windows XP (KB981793)
RPS CRT
RPS PerfectDiskStub
RPS RpsCore
RunAlyzer
SA23xx Device Manager
SanityCheck 2.01
Security Update for CAPICOM (KB931906)
SiS VGA Utilities
SiSAGP driver
Skype Toolbars
Skype™ 4.2
SoftV92 Data Fax Modem with SmartCP
SpeedTouch USB Software
Spybot - Search & Destroy
Spyware Terminator
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Virgin Media Chat Extension 2.0.23
Virgin Media Digital Home Support 3.7.20
Virgin Media Security
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinFlash

==== Event Viewer Messages From Past Week ========

18/10/2010 10:45:08, ERROR: Service Control Manager [7023] - El servicio Servicios IPSEC terminó con el error: No se conoce el servicio de autenticación.
18/10/2010 10:45:08, ERROR: Service Control Manager [7000] - El servicio Virgin Media Security no pudo iniciarse debido al siguiente error: El servicio no ha respondido a la petición o inicio del control en un tiempo adecuado.
18/10/2010 10:45:07, ERROR: Service Control Manager [7023] - El servicio HID Input Service terminó con el error: No se puede encontrar el módulo especificado.
18/10/2010 10:45:07, ERROR: Service Control Manager [7009] - Intervalo de espera (30000 ms.) para la conexión con el servicio Virgin Media Security.
18/10/2010 10:45:07, ERROR: Service Control Manager [7000] - El servicio Virgin Media Security Firewall no pudo iniciarse debido al siguiente error: No se pudo iniciar la aplicación porque su configuración es incorrecta. Reinstalar la aplicación puede solucionar el problema.
18/10/2010 10:44:47, ERROR: SideBySide [59] - Error en Resolve Partial Assembly para Microsoft.VC80.MFC. Mensaje de error referencia: El ensamblaje referido no está instalado en su sistema. .
18/10/2010 10:44:47, ERROR: SideBySide [59] - Error en Generate Activation Context para C:\Archivos de programa\Virgin Media\Security\CLBR.DLL. Mensaje de error referencia: La operación se ha completado correctamente. .
18/10/2010 10:44:47, ERROR: SideBySide [32] - No se encontró el ensamblaje dependiente Microsoft.VC80.MFC y el error final fue El ensamblaje referido no está instalado en su sistema.
18/10/2010 10:44:35, ERROR: SideBySide [59] - Error en Resolve Partial Assembly para Microsoft.VC80.MFC. Mensaje de error referencia: El ensamblaje referido no está instalado en su sistema. .
18/10/2010 10:44:35, ERROR: SideBySide [59] - Error en Generate Activation Context para C:\Archivos de programa\Virgin Media\Security\Fws.exe. Mensaje de error referencia: La operación se ha completado correctamente. .
18/10/2010 10:44:35, ERROR: SideBySide [32] - No se encontró el ensamblaje dependiente Microsoft.VC80.MFC y el error final fue El ensamblaje referido no está instalado en su sistema.

==== End Of File ===========================


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
!!!!!!!!!!!Hidden driver: 0x84D5F000 00000458 2153100512 bytes
0xF6D09000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2318336 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069248 bytes (Microsoft Corporation, Sistema y núcleo de Windows NT)
0x804D7000 PnpManager 2069248 bytes
0x804D7000 RAW 2069248 bytes
0x804D7000 WMIxWDM 2069248 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Controlador Win32 multiusuario)
0xBF012000 C:\WINDOWS\System32\SiSGRV.dll 1216512 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0xF6FE7000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1040384 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF6F3F000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB540A000 C:\WINDOWS\System32\Drivers\Bs350u2.sys 638976 bytes (Bison Electronics. Inc. , Universal Serial Bus Camera Driver)
0xF6B61000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB5674000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB4958000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB452F000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7171000 C:\WINDOWS\system32\DRIVERS\sisgrp.sys 258048 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0xF70E5000 C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys 196608 bytes (Conexant Systems, Inc., HSFHWSIS WDM driver)
0xF7368000 ACPI.sys 192512 bytes (Microsoft Corporation, Controlador ACPI para NT)
0xB4BA8000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7255000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB3540000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB564C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB55B7000 C:\Archivos de programa\Trusteer\Rapport\bin\RapportPG.sys 163840 bytes (Trusteer Ltd., RapportPG)
0xB54F1000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF72AC000 Fastfat.sys 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6CE5000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6CC1000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB54CE000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 143360 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF7115000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB55DF000 C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 143360 bytes (-, -)
0xB5602000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF72E2000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF731A000 ftdisk.sys 126976 bytes (Microsoft Corporation, Controlador de disco con tolerancia a errores)
0xF7339000 pcmcia.sys 122880 bytes (Microsoft Corporation, Controlador de bus PCMCIA)
0xF722A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7302000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7302000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB53F2000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7295000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6C98000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB4FFA000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xB527D000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xB5150000 C:\WINDOWS\System32\Drivers\DefragFS.SYS 86016 bytes (Raxco Software, Inc., Defragmentation Support Driver)
0xB4DDD000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7138000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Controlador de puerto paralelo)
0xF715D000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB56CD000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7282000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF6CAF000 C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 73728 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF72D0000 sr.sys 73728 bytes (Microsoft Corporation, Controlador de filtro del sistema de archivos para Restaurar sistema)
0xF7357000 pci.sys 69632 bytes (Microsoft Corporation, Enumerador PCI Plug and Play de NT)
0xF6BE7000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7244000 rmedia.sys 69632 bytes (REDC, RICOH Media Driver as DiskDrive)
0xF714C000 C:\WINDOWS\System32\Drivers\Serial.SYS 69632 bytes (Microsoft Corporation, Controlador del dispositivo de serie)
0xF76D8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7578000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF74A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF75A8000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 61440 bytes (Microsoft Corporation, Controlador del dispositvo de procesador)
0xF7598000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7508000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF7588000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Controlador de filtros de sonido Redbook)
0xB4F5A000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7658000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF74B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7558000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, Controlador de puerto de i8042)
0xF7678000 C:\Archivos de programa\Trusteer\Rapport\bin\RapportKELL.sys 57344 bytes (Trusteer Ltd., RapportKE)
0xF7618000 C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys 57344 bytes (Radialpoint, Inc., Radialpoint Filter)
0xF74F8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF75B8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76C8000 C:\WINDOWS\System32\Drivers\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF74D8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Controlador de instantánea de volumen)
0xF7528000 gagp30kx.sys 49152 bytes (Microsoft Corporation, MS Generic AGPv3.0 Filter for K8/9 Processor Platforms)
0xF75D8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF75F8000 C:\WINDOWS\system32\DRIVERS\rp_skt32.sys 49152 bytes (Radialpoint Inc., Radialpoint Filter)
0xF7688000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Unidad Crypto FIPS)
0xF7568000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF74C8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF75C8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7498000 isapnp.sys 40960 bytes (Microsoft Corporation, Controlador de bus ISA PNP)
0xF7628000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7518000 SISAGPX.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter)
0xF7608000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF74E8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF75E8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB35EB000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7698000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7758000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Controlador del dispositivo de módem)
0xF77B8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7768000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7878000 C:\WINDOWS\system32\ANIO.SYS 28672 bytes (Alpha Networks Inc., ANIO (NT5) Driver )
0xF7740000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Controlador de clase de teclado)
0xF7718000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7748000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Controlador del tipo de Mouse)
0xF77C0000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF77A8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7750000 C:\WINDOWS\system32\DRIVERS\irsir.sys 20480 bytes (Microsoft Corporation, Serial Infrared Driver)
0xF77B0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7720000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7780000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7770000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF7788000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7778000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7760000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF77C8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF78B4000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF793C000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB529A000 C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF7954000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB5014000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF71EE000 C:\WINDOWS\system32\DRIVERS\srvkp.sys 16384 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)
0xF78B8000 ACPIEC.sys 12288 bytes (Microsoft Corporation, Controlador de controladora integrada ACPI)
0xF7958000 C:\WINDOWS\system32\DRIVERS\admjoy.sys 12288 bytes (Aureal, Inc., Vortex AU8820 WDM Joystick Driver)
0xF78AC000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF78B0000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF6B51000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7934000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0xB4BD9000 C:\Archivos de programa\ASUS\NB Probe\SPM\ghaio.sys 12288 bytes
0xF7930000 C:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xB4E12000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7944000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF71FA000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF71F2000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF799C000 C:\WINDOWS\system32\DRIVERS\ATKACPI.sys 8192 bytes (-, ATK0100 ACPI Utility)
0xF79B0000 C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF79A4000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79C4000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79A2000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF79A6000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79A8000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF799E000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79A0000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7998000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x84EA0000 C:\WINDOWS\system32\KDCOM.DLL 7040 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B02000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF71D1000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xF7BE3000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7AD0000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A61000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7A60000 pciide.sys 4096 bytes (Microsoft Corporation, Controlador de bus IDE PCI genérico)
!!!!!!!!!!!Hidden driver: 0x84F04999 ?_empty_? 1639 bytes
==============================================
>Stealth
==============================================
0xF7302000 WARNING: suspicious driver modification [atapi.sys::0x84F04999]


Best Regards

David

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 18 October 2010 - 06:11 AM

Hello

thanks for the suggestion does this look better.

Note** you may get this warning it is ok,

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

One or more of the identified infections is Known as a Backdoor Trojan. - TDSS rootkit <--please read

What this virus does do.
QUOTE
Functionality
The functionality that the Trojan exhibits implies that it has been designed with profit-making as its primary objective. Making money from the Web typically involves generating Web traffic, installing pay-per-install software and also by generating sales leads for other Web sites and services of a dubious nature. It tries to achieve its objective by employing an array of techniques to try and make the user participate in these income-generating activities.


What the virus can do.
QUOTE
Backdoor.Tidserv is a Trojan horse that uses an advanced rootkit to hide itself. It also displays advertisements, redirects user search results, and opens a back door on the compromised computer.


This "could" allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can clean this machine but I cannot guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"

I Would like you to do the following.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"
    In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 david240

david240
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 18 October 2010 - 04:43 PM

Hello,

Here´s what happened running Combofix:

¨Warning!!

Combofix has detected the following real time scanner(s) to be active:
antivirus: Virgin Media Security Anti-Virus...¨

Again the Programme RPS.exe to control the Virgin AV fails to run, reporting:
¨No se pudo iniciar la aplicación porque su configuración es incorrecta. Reinstalar la aplicación puede solucionar el problema.¨ I.e., the app could not start up because its configuration is incorrect. Reinstalling the app may solve the problem.

Before clicking in this dialogue, I used Process Explorer to look for any active process obviously related with the Virgin Security AV, but I could not see anything, nor any related active service in services.msc. ComboFix again warned about active antivirus. but I allowed it to run regardless. It gave this message:

¨!!
ComboFix has detected the presence of rootkit activity and needs to reboot the machine¨

It rebooted and ComboFix ¨Autoscan¨ continued after the reboot. Here is the log file:


ComboFix 10-10-17.04 - claudia 18/10/2010 18:12:44.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.447.95 [GMT 1:00]
Running from: c:\documents and settings\claudia\Escritorio\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Virgin Media Security Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Virgin Media Security Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
* Created a new restore point
.
PEV Error: PersonalFolder

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\claudia\Datos de programa\Laruel
c:\documents and settings\claudia\Datos de programa\Laruel\anne.exe
c:\documents and settings\claudia\Datos de programa\Maomd
c:\documents and settings\claudia\Datos de programa\Maomd\naax.exe
c:\documents and settings\claudia\Datos de programa\Niah
c:\documents and settings\claudia\Datos de programa\Niah\otti.ibi

.
((((((((((((((((((((((((( Files Created from 2010-09-18 to 2010-10-18 )))))))))))))))))))))))))))))))
.

2010-10-18 16:53 . 2010-10-18 18:07 -------- d-----w- C:\32788R22FWJFW
2010-10-05 23:11 . 2010-10-05 23:11 -------- d-----w- c:\documents and settings\claudia\Configuración local\Datos de programa\RegistryBackups
2010-10-05 08:53 . 2010-10-05 08:53 -------- d-----w- C:\FOUND.009
2010-10-04 17:26 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-04 09:07 . 2010-07-09 07:44 32824 ----a-w- c:\windows\system32\rrMon.sys
2010-10-04 09:01 . 2010-08-23 16:07 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2010-10-02 23:26 . 2010-10-02 23:26 -------- d-----w- c:\archivos de programa\Belarc
2010-10-02 23:26 . 2008-02-27 12:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-09-29 09:30 . 2010-09-29 09:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-09-29 08:42 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-29 08:37 . 2010-09-29 08:37 -------- d-----w- c:\archivos de programa\Lavasoft
2010-09-28 23:28 . 2004-03-09 12:00 132880 ----a-w- c:\windows\system32\MSINET.OCX
2010-09-28 23:28 . 2001-10-04 13:13 3584 ----a-w- c:\archivos de programa\Archivos comunes\Microsoft Shared\DAO\comcat.dll
2010-09-28 23:28 . 2001-10-04 12:16 1338880 ----a-w- c:\archivos de programa\Archivos comunes\Microsoft Shared\DAO\shdocvw.dll
2010-09-28 23:28 . 2000-05-22 16:00 203976 ----a-w- c:\windows\system32\richtx32.ocx
2010-09-28 23:28 . 1999-06-10 22:34 570128 ----a-w- c:\archivos de programa\Archivos comunes\Microsoft Shared\DAO\DAO350.DLL
2010-09-28 23:28 . 1998-06-24 12:00 244024 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2010-09-28 23:28 . 1998-06-24 12:00 140096 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-09-28 23:28 . 2010-09-28 23:28 -------- d-----w- c:\archivos de programa\Browser Hijack Retaliator 4.5
2010-09-28 22:22 . 2010-09-28 22:23 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-24 15:14 . 2010-09-24 15:14 -------- d-----w- c:\archivos de programa\Browser Hijack Blaster
2010-09-24 10:10 . 2010-09-24 10:10 -------- d-----r- c:\documents and settings\NetworkService\Favoritos
2010-09-23 17:26 . 2010-09-23 17:26 -------- d--h--r- c:\documents and settings\LocalService\Reciente
2010-09-23 16:05 . 2010-09-23 16:05 -------- d-----w- c:\documents and settings\claudia\Datos de programa\Avira
2010-09-23 15:56 . 2010-08-17 12:38 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-23 15:56 . 2010-08-17 12:38 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-23 15:56 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-09-23 15:56 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-09-23 12:42 . 2010-09-23 12:42 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-09-23 12:42 . 2010-09-23 12:42 -------- d-----w- c:\documents and settings\claudia\Datos de programa\Spyware Terminator
2010-09-23 12:41 . 2010-09-23 12:41 -------- d-----w- c:\archivos de programa\Spyware Terminator
2010-09-23 12:28 . 2010-09-23 12:28 -------- d-----w- c:\documents and settings\claudia\Configuración local\Datos de programa\NPE
2010-09-23 12:02 . 2010-09-23 12:02 -------- d-----w- c:\archivos de programa\Safer Networking_RunAlyzer
2010-09-23 11:32 . 2010-09-23 11:32 -------- d-----w- c:\archivos de programa\MozBackup
2010-09-22 18:17 . 2010-09-22 18:17 -------- d-----w- c:\documents and settings\LocalService\Datos de programa\QuickScan
2010-09-22 12:56 . 2010-09-22 12:57 -------- d-----w- c:\documents and settings\claudia\Datos de programa\QuickScan
2010-09-22 10:59 . 2010-09-22 10:59 -------- d-----w- c:\windows\system32\XPSViewer
2010-09-22 10:59 . 2010-09-22 10:59 -------- d-----w- c:\archivos de programa\MSBuild
2010-09-22 10:58 . 2010-09-22 10:58 -------- d-----w- c:\archivos de programa\Reference Assemblies
2010-09-22 10:57 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-09-22 10:57 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-09-22 10:57 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-09-22 10:57 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-09-22 10:57 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-09-22 10:57 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-09-22 10:57 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-09-22 10:57 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-09-22 10:57 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-09-22 00:37 . 2010-09-22 00:37 -------- d-----w- c:\documents and settings\claudia\Configuración local\Datos de programa\Mozilla
2010-09-21 18:31 . 2010-09-21 18:31 -------- d-----w- c:\documents and settings\claudia\Datos de programa\Malwarebytes
2010-09-21 17:26 . 2010-09-21 17:26 -------- d-----w- c:\windows\system32\CatRoot2
2010-09-21 16:44 . 2008-04-14 02:18 403456 ----a-w- c:\windows\system32\Copia de cmd.exe
2010-09-21 14:35 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-21 14:35 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-21 14:35 . 2010-09-21 14:35 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-09-21 12:10 . 2010-09-21 12:11 -------- d-----w- c:\archivos de programa\Avira
2010-09-21 11:39 . 2010-09-21 11:39 -------- d-----w- c:\documents and settings\claudia\Datos de programa\Auslogics
2010-09-21 11:31 . 2010-09-21 11:31 -------- d-----w- c:\archivos de programa\Auslogics
2010-09-21 08:44 . 2010-09-21 08:44 -------- d-----w- C:\FOUND.008
2010-09-19 11:47 . 2010-09-19 11:47 -------- d-----w- c:\documents and settings\All Users

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-09-21_18.04.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2010-10-18 17:22 . 2010-10-18 17:22 16384 c:\windows\TEMP\Perflib_Perfdata_c3c.dat
+ 2008-07-29 20:10 . 2008-07-29 20:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2010-10-04 09:00 . 2010-07-09 07:44 97888 c:\windows\system32\rrsec2k.exe
+ 2010-03-30 23:16 . 2010-03-30 23:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2004-10-28 15:08 . 2010-09-24 09:57 86976 c:\windows\system32\perfc00A.dat
+ 2004-10-28 15:08 . 2010-09-24 09:57 68490 c:\windows\system32\perfc009.dat
+ 2009-11-07 00:07 . 2009-11-07 00:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 83968 c:\windows\system32\mscories.dll
+ 2008-07-29 18:24 . 2008-07-29 18:24 97800 c:\windows\system32\infocardapi.dll
+ 2008-07-29 18:24 . 2008-07-29 18:24 11264 c:\windows\system32\icardres.dll
+ 2008-07-29 20:10 . 2008-07-29 20:10 73720 c:\windows\system32\dxva2.dll
+ 2010-09-29 08:42 . 2010-08-12 12:15 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
+ 2010-09-23 15:57 . 2010-06-17 14:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2010-09-29 09:30 . 2010-10-03 16:40 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-05-28 17:05 . 2010-01-06 19:18 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-09-29 09:30 . 2010-10-03 16:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-11-19 06:58 . 2010-10-03 16:40 32768 c:\windows\system32\config\systemprofile\Configuración local\Historial\History.IE5\index.dat
- 2005-11-19 06:58 . 2010-01-06 19:18 32768 c:\windows\system32\config\systemprofile\Configuración local\Historial\History.IE5\index.dat
- 2005-11-19 06:58 . 2010-01-06 19:18 32768 c:\windows\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat
+ 2005-11-19 06:58 . 2010-10-03 16:40 32768 c:\windows\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat
+ 2008-07-29 22:40 . 2008-07-29 22:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-29 22:40 . 2008-07-29 22:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-29 22:40 . 2008-07-29 22:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-29 22:40 . 2008-07-29 22:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-29 22:40 . 2008-07-29 22:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-29 22:40 . 2008-07-29 22:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-29 22:40 . 2008-07-29 22:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-29 22:40 . 2008-07-29 22:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-29 22:40 . 2008-07-29 22:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-29 20:10 . 2008-07-29 20:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 18:59 . 2008-07-29 18:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-29 20:10 . 2008-07-29 20:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 18:32 . 2008-07-29 18:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2010-04-07 22:48 . 2010-04-07 22:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 18:16 . 2008-07-29 18:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 18:16 . 2008-07-29 18:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 18:16 . 2008-07-29 18:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 10:17 . 2008-07-25 10:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 06:28 . 2005-09-23 06:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 06:28 . 2005-09-23 06:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 06:28 . 2005-09-23 06:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 06:28 . 2005-09-23 06:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2010-03-23 04:31 . 2010-03-23 04:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2005-09-23 06:28 . 2005-09-23 06:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-29 20:07 . 2008-07-29 20:07 23040 c:\windows\Installer\2847f3.msp
+ 2010-09-22 10:53 . 2010-09-22 10:53 88576 c:\windows\Installer\1d73fe.msi
+ 2010-09-22 10:57 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2010-09-22 15:38 . 2010-09-22 15:38 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-09-22 14:36 . 2010-09-22 14:36 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-09-22 14:35 . 2010-09-22 14:35 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 73728 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\6bc47a04ae577231d5edaacd826ce239\DriversHQ.DriverDetective.ExceptionLogging.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-09-22 15:43 . 2010-09-22 15:43 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2010-09-22 14:22 . 2010-09-22 14:22 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-09-22 10:58 . 2010-09-22 10:58 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-09-10 12:20 . 2010-09-10 12:20 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-09-10 12:20 . 2010-09-10 12:20 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2010-09-22 10:58 . 2010-09-22 10:58 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2010-09-10 12:20 . 2010-09-10 12:20 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-09-10 12:20 . 2010-09-10 12:20 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2010-09-10 12:20 . 2010-09-10 12:20 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-09-10 12:20 . 2010-09-10 12:20 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-09-10 12:20 . 2010-09-10 12:20 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-09-10 12:20 . 2010-09-10 12:20 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-09-10 12:21 . 2010-09-10 12:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-07-29 22:40 . 2008-07-29 22:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 06:29 . 2005-09-23 06:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 06:28 . 2005-09-23 06:28 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2010-09-22 11:01 . 2010-09-22 11:01 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-09-10 12:20 . 2010-09-10 12:20 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-09-10 12:21 . 2010-09-10 12:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-09-10 12:21 . 2010-09-10 12:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2007-11-07 01:19 . 2007-11-07 01:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 01:19 . 2007-11-07 01:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 20:23 . 2007-11-06 20:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-29 20:26 . 2008-07-29 20:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2008-07-29 18:59 . 2008-07-29 18:59 161296 c:\windows\system32\UIAutomationCore.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2010-09-22 10:57 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2010-10-04 09:00 . 2010-07-09 07:44 120376 c:\windows\system32\rrsec.dll
+ 2008-07-29 18:59 . 2008-07-29 18:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2010-03-30 23:10 . 2010-03-30 23:10 295264 c:\windows\system32\PresentationHost.exe
+ 2008-07-29 18:59 . 2008-07-29 18:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2004-10-28 15:08 . 2010-09-24 09:57 499124 c:\windows\system32\perfh00A.dat
+ 2004-10-28 15:08 . 2010-09-24 09:57 435594 c:\windows\system32\perfh009.dat
+ 2008-07-25 10:16 . 2008-07-25 10:16 158720 c:\windows\system32\mscorier.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 297808 c:\windows\system32\mscoree.dll
+ 2008-07-29 18:24 . 2008-07-29 18:24 622080 c:\windows\system32\icardagt.exe
+ 2005-11-19 06:47 . 2010-09-22 14:05 230392 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-29 20:10 . 2008-07-29 20:10 493048 c:\windows\system32\evr.dll
+ 2008-07-29 22:40 . 2008-07-29 22:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-29 22:40 . 2008-07-29 22:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 17:47 . 2008-07-29 17:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 17:47 . 2008-07-29 17:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-29 22:15 . 2008-07-29 22:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-29 22:40 . 2008-07-29 22:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-29 22:40 . 2008-07-29 22:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-29 19:35 . 2008-07-29 19:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2010-03-30 23:16 . 2010-03-30 23:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-29 20:10 . 2008-07-29 20:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-29 18:16 . 2008-07-29 18:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2010-04-07 22:48 . 2010-04-07 22:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 18:16 . 2008-07-29 18:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2010-04-07 22:48 . 2010-04-07 22:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 18:16 . 2008-07-29 18:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 18:16 . 2008-07-29 18:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 18:16 . 2008-07-29 18:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 18:24 . 2008-07-29 18:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-29 18:16 . 2008-07-29 18:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2010-03-23 04:31 . 2010-03-23 04:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2010-02-09 11:22 . 2010-02-09 11:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 06:28 . 2005-09-23 06:28 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2010-05-11 05:40 . 2010-05-11 05:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2010-05-11 05:40 . 2010-05-11 05:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 06:29 . 2005-09-23 06:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 06:29 . 2005-09-23 06:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2005-09-23 06:28 . 2005-09-23 06:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 10:16 . 2008-07-25 10:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 06:28 . 2005-09-23 06:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 10:17 . 2008-07-25 10:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 145408


END OF PART 1! Seems to be too big for one post, continued in the next.



PART 2 continued from last post...

c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2010-09-29 08:37 . 2010-09-29 08:37 236032 c:\windows\Installer\c89db.msi
+ 2010-09-22 12:57 . 2010-09-22 12:57 228352 c:\windows\Installer\94ad1d.msi
+ 2009-03-20 10:48 . 2009-03-20 10:48 183808 c:\windows\Installer\90065.msp
+ 2010-02-24 23:14 . 2010-02-24 23:14 543232 c:\windows\Installer\688e0.msp
+ 2008-12-13 08:58 . 2008-12-13 08:58 754688 c:\windows\Installer\2ac505.msp
+ 2010-09-22 11:01 . 2010-09-22 11:01 648192 c:\windows\Installer\2ac4df.msi
+ 2008-07-29 20:23 . 2008-07-29 20:23 250880 c:\windows\Installer\2847fc.msp
+ 2008-07-29 20:28 . 2008-07-29 20:28 278016 c:\windows\Installer\2847fa.msp
+ 2008-07-29 18:40 . 2008-07-29 18:40 291840 c:\windows\Installer\2847f8.msp
+ 2010-09-22 10:59 . 2010-09-22 10:59 137728 c:\windows\Installer\2847f2.msi
+ 2008-07-29 16:35 . 2008-07-29 16:35 553472 c:\windows\Installer\1d7403.msp
+ 2008-07-29 16:33 . 2008-07-29 16:33 506368 c:\windows\Installer\1d7401.msp
+ 2008-07-29 16:37 . 2008-07-29 16:37 911360 c:\windows\Installer\1d7400.msp
+ 2010-09-22 10:57 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\a2632b73708fa1ac1efc5444209f93e4\XPBurnComponent.ni.dll
+ 2010-09-22 15:43 . 2010-09-22 15:43 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-09-22 15:39 . 2010-09-22 15:39 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-09-22 15:38 . 2010-09-22 15:38 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-09-22 15:38 . 2010-09-22 15:38 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-09-22 16:20 . 2010-09-22 16:20 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3de39eb60b9d32af46f32f6c7a88fc7f\System.Runtime.Remoting.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-09-22 15:42 . 2010-09-22 15:42 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-09-22 15:35 . 2010-09-22 15:35 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-09-22 16:18 . 2010-09-22 16:18 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-09-22 15:43 . 2010-09-22 15:43 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-09-22 15:43 . 2010-09-22 15:43 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-09-22 15:43 . 2010-09-22 15:43 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2010-09-22 14:37 . 2010-09-22 14:37 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-09-22 14:37 . 2010-09-22 14:37 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-09-22 14:37 . 2010-09-22 14:37 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-09-22 14:37 . 2010-09-22 14:37 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-09-22 15:43 . 2010-09-22 15:43 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 303616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\fb91788a1c0e4667d446b67d9341e10f\Microsoft.Practices.ObjectBuilder.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 148992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\8c579a72802a7f829aa086e2181706a9\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 309248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\7840a76249d66a5b56497c7f0f1f2244\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 230912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\1e75b8275519dc63b04eb9f4b9d2a48e\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 364544 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\f2ccf92ca58409f7daffa85bfa506785\DriversHQ.DriverDetective.Client.Communication.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 315904 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\d741a9f9f54a5dbd4799a2e085a69799\DriversHQ.DriverDetective.Common.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 602112 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.Common\4eea88712ccf25e2f4bd813d0fcd84fc\DriversHQ.Common.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-09-22 15:43 . 2010-09-22 15:43 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-09-22 15:43 . 2010-09-22 15:43 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-09-10 12:21 . 2010-09-10 12:21 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2010-09-22 11:15 . 2010-09-22 11:15 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2010-09-22 11:15 . 2010-09-22 11:16 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2010-09-10 12:20 . 2010-09-10 12:20 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-09-10 12:20 . 2010-09-10 12:20 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-09-22 14:21 . 2010-09-22 14:22 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2010-09-10 12:21 . 2010-09-10 12:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2010-09-10 12:21 . 2010-09-10 12:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2010-09-22 10:58 . 2010-09-22 10:58 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2010-09-22 14:21 . 2010-09-22 14:21 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-09-10 12:20 . 2010-09-10 12:20 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-09-22 11:15 . 2010-09-22 11:15 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2010-09-22 11:15 . 2010-09-22 11:15 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2010-09-10 12:21 . 2010-09-10 12:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-09-22 14:21 . 2010-09-22 14:21 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-09-22 10:58 . 2010-09-22 10:59 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-09-10 12:21 . 2010-09-10 12:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-09-10 12:21 . 2010-09-10 12:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-09-22 10:58 . 2010-09-22 10:58 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-09-22 10:58 . 2010-09-22 10:59 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-09-10 12:20 . 2010-09-10 12:20 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-09-22 10:58 . 2010-09-22 10:58 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2010-09-22 10:57 . 2008-07-06 16:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2010-09-22 10:57 . 2008-07-06 16:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2010-09-22 10:57 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2009-11-07 00:06 . 2009-11-07 00:06 1130824 c:\windows\system32\dfshim.dll
+ 2008-07-29 22:40 . 2008-07-29 22:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 17:47 . 2008-07-29 17:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 17:47 . 2008-07-29 17:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-29 22:40 . 2008-07-29 22:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-05 18:35 . 2008-12-05 18:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-29 20:10 . 2008-07-29 20:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-29 20:10 . 2008-07-29 20:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2010-04-07 22:48 . 2010-04-07 22:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 03:59 . 2008-11-25 03:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2010-03-23 04:32 . 2010-03-23 04:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 04:32 . 2010-03-23 04:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 10:17 . 2008-07-25 10:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2010-05-11 05:40 . 2010-05-11 05:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 05:40 . 2010-05-11 05:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 10:16 . 2008-07-25 10:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\fa1e4.msp
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\ea51e1.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\ea51dc.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\ea51d7.msp
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\ca2757.msp
+ 2010-09-29 08:38 . 2010-09-29 08:38 1867264 c:\windows\Installer\c89e5.msi
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\90067.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\90057.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\90052.msp
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\8b48e.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\8b489.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\8b484.msp
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\88986.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\88981.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\8897c.msp
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\880a07.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\880a02.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\8809fd.msp
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\8798fd.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\8798f8.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\8798f3.msp
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\6893b.msp
+ 2009-11-08 23:25 . 2009-11-08 23:25 1935360 c:\windows\Installer\6892c.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\68903.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\688fe.msp
+ 2010-04-11 21:17 . 2010-04-11 21:17 2607104 c:\windows\Installer\688ed.msp
+ 2010-04-11 21:17 . 2010-04-11 21:17 4210688 c:\windows\Installer\688ec.msp
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\5958b.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\59586.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\59581.msp
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\588ea1.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\588e9c.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\588e97.msp
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\3eba63.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\3eba5e.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\3eba59.msp
+ 2010-09-22 18:13 . 2010-09-22 18:13 2638336 c:\windows\Installer\3a9769.msi
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\396503c.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\3965037.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\3965032.msp
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\38de0a0.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\38de09b.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\38de096.msp
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\36e96ad.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\36e96a8.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\36e96a3.msp
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\30a374.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\30a36f.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\30a36a.msp
+ 2008-12-13 08:57 . 2008-12-13 08:57 8397824 c:\windows\Installer\2ac4ee.msp
+ 2008-07-29 18:26 . 2008-07-29 18:26 1043456 c:\windows\Installer\2847fb.msp
+ 2008-07-29 19:37 . 2008-07-29 19:37 2679808 c:\windows\Installer\2847f9.msp
+ 2008-07-29 20:15 . 2008-07-29 20:15 3697664 c:\windows\Installer\2847f7.msp
+ 2008-07-29 18:34 . 2008-07-29 18:34 1448448 c:\windows\Installer\2847f6.msp
+ 2008-07-29 19:22 . 2008-07-29 19:22 4137984 c:\windows\Installer\2847f5.msp
+ 2008-07-29 18:18 . 2008-07-29 18:18 3376640 c:\windows\Installer\2847f4.msp
+ 2008-07-29 16:45 . 2008-07-29 16:45 2543616 c:\windows\Installer\1d7407.msp
+ 2008-07-29 16:29 . 2008-07-29 16:29 2926080 c:\windows\Installer\1d7406.msp
+ 2008-07-29 16:41 . 2008-07-29 16:41 6487040 c:\windows\Installer\1d7405.msp
+ 2008-07-29 16:39 . 2008-07-29 16:39 3403264 c:\windows\Installer\1d7404.msp
+ 2008-07-29 16:43 . 2008-07-29 16:43 1013248 c:\windows\Installer\1d7402.msp
+ 2008-07-29 16:31 . 2008-07-29 16:31 6083072 c:\windows\Installer\1d73ff.msp
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\18473f.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\18473a.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\184735.msp
+ 2010-08-05 10:47 . 2010-08-05 10:47 4038144 c:\windows\Installer\132bd0.msp
+ 2010-08-20 12:50 . 2010-08-20 12:50 5518848 c:\windows\Installer\132bcb.msp
+ 2010-08-25 16:06 . 2010-08-25 16:06 6479360 c:\windows\Installer\132bc6.msp
+ 2010-09-22 14:35 . 2010-09-22 14:35 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-09-22 15:38 . 2010-09-22 15:38 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-09-22 14:35 . 2010-09-22 14:35 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-09-22 15:37 . 2010-09-22 15:38 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-09-22 16:20 . 2010-09-22 16:20 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2010-09-22 16:20 . 2010-09-22 16:20 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2010-09-22 16:20 . 2010-09-22 16:20 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-09-22 16:20 . 2010-09-22 16:20 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-09-22 15:36 . 2010-09-22 15:36 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-09-22 15:42 . 2010-09-22 15:42 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-09-22 15:36 . 2010-09-22 15:36 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-09-22 15:42 . 2010-09-22 15:42 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2010-09-22 15:34 . 2010-09-22 15:34 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-09-22 14:38 . 2010-09-22 14:38 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-09-22 16:19 . 2010-09-22 16:19 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll
+ 2010-09-22 14:38 . 2010-09-22 14:38 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-09-22 16:18 . 2010-09-22 16:18 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-09-22 14:38 . 2010-09-22 14:38 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-09-22 14:38 . 2010-09-22 14:38 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-09-22 14:38 . 2010-09-22 14:38 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-09-22 14:35 . 2010-09-22 14:35 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2010-09-22 15:43 . 2010-09-22 15:43 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-09-22 16:17 . 2010-09-22 16:17 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-09-22 15:43 . 2010-09-22 15:43 4383232 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\f3beb1b85aca8978305cb05a96cd06bb\DriversHQ.DriverDetective.Client.ni.exe
+ 2010-09-22 14:34 . 2010-09-22 14:34 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2010-09-22 10:59 . 2010-09-22 10:59 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-09-22 11:15 . 2010-09-22 11:16 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-09-22 14:21 . 2010-09-22 14:22 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-09-22 11:01 . 2010-09-22 11:01 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2010-09-22 14:34 . 2010-09-22 14:34 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-09-22 14:34 . 2010-09-22 14:34 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-09-22 14:32 . 2010-09-22 14:32 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-03-31 00:23 . 2010-03-31 00:23 15638528 c:\windows\Installer\68939.msp
+ 2010-05-19 12:08 . 2010-05-19 12:08 11408896 c:\windows\Installer\68911.msp
+ 2010-04-11 21:17 . 2010-04-11 21:17 14599680 c:\windows\Installer\688fc.msp
+ 2008-12-13 09:21 . 2008-12-13 09:21 10473472 c:\windows\Installer\2ac4f9.msp
+ 2010-09-22 10:57 . 2010-09-22 10:57 11485184 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAD.tmp\mscorlib.dll
+ 2010-09-22 15:37 . 2010-09-22 15:37 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-09-22 16:16 . 2010-09-22 16:16 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll
+ 2010-09-22 15:42 . 2010-09-22 15:43 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ef67ec8c2cbadb84db79db3513cd25fa\System.ServiceModel.ni.dll
+ 2010-09-22 14:39 . 2010-09-22 14:40 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
+ 2010-09-22 14:37 . 2010-09-22 14:37 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-09-22 14:36 . 2010-09-22 14:36 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-09-22 14:34 . 2010-09-22 14:34 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-24 39408]
"SpywareTerminatorUpdate"="c:\archivos de programa\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-09-23 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link D-Link Wireless N DWA-140"="c:\archivos de programa\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 1388544]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"ContentTransferWMDetector.exe"="c:\archivos de programa\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"NSWosCheck"="c:\archivos de programa\Norton SystemWorks Basic Edition\osCheck.exe" [2008-09-25 160112]
"NswUiTray"="c:\archivos de programa\Norton SystemWorks Basic Edition\NswUiTray.exe" [2008-09-25 85360]
"DigitalHomeSupport.exe"="c:\archivos de programa\Virgin Media\Digital Home Support\DigitalHomeSupport.exe" [2010-03-12 4314352]
"HsdClient.exe"="c:\archivos de programa\Virgin Media\Chat Extension\HsdClient.exe" [2010-03-02 2045168]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2010-08-10 421888]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^ASUS ChkMail.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\ASUS ChkMail.lnk
backup=c:\windows\pss\ASUS ChkMail.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\archivos de programa\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2003-09-19 11:54 172032 ----a-w- c:\archivos de programa\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CICache]
2002-09-05 13:21 24576 ----a-w- c:\windows\CICache.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Control Center]
2005-06-15 14:50 1623040 ----a-w- c:\progra~1\ASUS\WLAN Card Utilities\Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:18 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
2004-04-27 13:34 86016 ----a-w- c:\windows\Dit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
2005-05-12 02:15 102400 ----a-w- c:\windows\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-10-01 17:57 289576 ----a-w- c:\archivos de programa\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:19 1695232 ----a-w- c:\archivos de programa\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NB Probe]
2005-06-09 10:50 765952 ----a-w- c:\archivos de programa\ASUS\NB Probe\NBProbe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear]
2004-09-21 15:55 81920 ----a-w- c:\archivos de programa\ASUS\Power4 Gear\BatteryLife.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 04:15 421888 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 ----a-w- c:\archivos de programa\ASUSTek\ASUSDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2005-02-16 03:02 49152 ----a-r- c:\windows\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 16:57 26192168 ----a-r- c:\archivos de programa\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-04-14 22:01 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-04-24 10:49 39408 ----a-w- c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-22 08:38 202256 ----a-w- c:\archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)
"de_serv"=3 (0x3)
"HsdService"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29/09/2010 9:42 64288]
R1 RapportKELL;RapportKELL;c:\archivos de programa\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]
R1 RapportPG;RapportPG;c:\archivos de programa\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23/09/2010 13:42 142592]
R2 AntiVirSchedulerService;Avira AntiVir Programador;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [23/09/2010 16:57 135336]
R2 RapportMgmtService;Rapport Management Service;c:\archivos de programa\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]
R2 ServicepointService;ServicepointService;c:\archivos de programa\Virgin Media\Digital Home Support\ServicepointService.exe [10/09/2010 11:16 689392]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [17/06/2004 2:57 193280]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [26/01/2008 14:16 13568]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\archivos de programa\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 13:15 1355416]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\archivos de programa\Lavasoft\Ad-Aware\kernexplorer.sys [12/08/2010 13:15 15008]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\claudia\CONFIG~1\Temp\000005f1.nmc\nse\bin\ndiskio.sys --> c:\docume~1\claudia\CONFIG~1\Temp\000005f1.nmc\nse\bin\ndiskio.sys [?]
S3 nsak;nsak;\??\c:\docume~1\claudia\CONFIG~1\Temp\000005f1.nmc\nse\bin\nsak.sys --> c:\docume~1\claudia\CONFIG~1\Temp\000005f1.nmc\nse\bin\nsak.sys [?]
S3 Radialpoint Security Services;Virgin Media Security;c:\archivos de programa\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 12:17 165408]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [04/10/2010 10:01 27192]
S3 SHUNUR;SHUNUR;c:\docume~1\claudia\CONFIG~1\Temp\SHUNUR.exe --> c:\docume~1\claudia\CONFIG~1\Temp\SHUNUR.exe [?]
S3 Update Server;BitDefender Update Server v2;c:\archivos de programa\Archivos comunes\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe --> c:\archivos de programa\Archivos comunes\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [?]
S4 AHWHWFRZTLHX;AHWHWFRZTLHX;c:\docume~1\claudia\CONFIG~1\Temp\AHWHWFRZTLHX.exe --> c:\docume~1\claudia\CONFIG~1\Temp\AHWHWFRZTLHX.exe [?]
S4 gupdate;Google Update Service (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [24/07/2009 13:28 133104]
S4 HsdService;HsdService;c:\archivos de programa\Virgin Media\Chat Extension\HsdService.exe [10/09/2010 11:24 1410288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder

2010-10-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1325162065-3819172641-3731458525-1005.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-10-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1325162065-3819172641-3731458525-1005.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-09-21 c:\windows\Tasks\Internet Explorer.job
- c:\archiv~1\INTERN~1\iexplore.exe [2005-11-19 13:09]

2010-10-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\archivos de programa\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 10.250.13.250:3128
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: bankofscotland-online.co.uk\www
Trusted Zone: rbsdigital.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\claudia\Datos de programa\Mozilla\Firefox\Profiles\rz9emvhw.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\Virgin Media\Digital Home Support\nprpspa.dll
FF - plugin: c:\documents and settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Registrar Registry Manager 6.52 (Lite Edition) - c:\program files\Registrar Registry Manager (LE)\unwise.exe



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84D75ACE]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74fcf28
\Driver\ACPI -> ACPI.sys @ 0xf736ecb8
\Driver\atapi -> atapi.sys @ 0xf7308852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\WININET.dll
.
Completion time: 2010-10-18 18:40:03
ComboFix-quarantined-files.txt 2010-10-18 17:39
ComboFix2.txt 2010-09-22 09:06
ComboFix3.txt 2010-09-21 18:17

Pre-Run: 3.023.470.592 bytes libres
Post-Run: 3.025.174.528 bytes libres

- - End Of File - - A8E1DE79EA25A6EDFB12E759005806C6

Hope this informative,

David

#6 david240

david240
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 18 October 2010 - 05:12 PM

Testing the PC after a reboot...

Firefox, Avira AntiVir excruciatingly slow to open. Firefox still hijacked similar to before, opening unasked tabs and redirecting some search results opened in new tabs, e.g to http://1pods.com/result.php?Keywords=...., where the site wants to run a script. Firefox is at least protected with NoScript extension; I don´t dare try IE!

PC generally still a bit sluggish doing anything you ask of it.

That´s how the machine is now. Hope the description helps.

Regards,

David

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 18 October 2010 - 05:15 PM

Hello

It looks like the rootkit is still active. I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 david240

david240
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 19 October 2010 - 06:30 PM

Here´s the log, collected after Cure/Continue, when TDSS rebooted the machine. I have not tried anything yet; if you want me to experiment to see how the machine is behaving, please let me know.
David



2010/10/19 23:06:49.0937 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/19 23:06:49.0937 ================================================================================
2010/10/19 23:06:49.0937 SystemInfo:
2010/10/19 23:06:49.0937
2010/10/19 23:06:49.0937 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/19 23:06:49.0937 Product type: Workstation
2010/10/19 23:06:49.0937 ComputerName: NOMBRE-311E761F
2010/10/19 23:06:49.0937 UserName: claudia
2010/10/19 23:06:49.0937 Windows directory: C:\WINDOWS
2010/10/19 23:06:49.0937 System windows directory: C:\WINDOWS
2010/10/19 23:06:49.0937 Processor architecture: Intel x86
2010/10/19 23:06:49.0937 Number of processors: 1
2010/10/19 23:06:49.0937 Page size: 0x1000
2010/10/19 23:06:49.0937 Boot type: Normal boot
2010/10/19 23:06:49.0937 ================================================================================
2010/10/19 23:06:51.0000 Initialize success
2010/10/19 23:06:58.0578 ================================================================================
2010/10/19 23:06:58.0578 Scan started
2010/10/19 23:06:58.0578 Mode: Manual;
2010/10/19 23:06:58.0578 ================================================================================
2010/10/19 23:07:00.0078 ACPI (cf2a07e1751a2d612d7e13aa431ab057) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/19 23:07:00.0187 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/19 23:07:00.0406 admjoy (a23675760dec131b9f799b6fb038a1f0) C:\WINDOWS\system32\DRIVERS\admjoy.sys
2010/10/19 23:07:00.0765 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/19 23:07:01.0015 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/19 23:07:02.0234 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
2010/10/19 23:07:02.0484 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
2010/10/19 23:07:02.0796 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/10/19 23:07:03.0546 AmdK8 (4a92d3f86abdc81d29a4772ff312d0dd) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/10/19 23:07:04.0375 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
2010/10/19 23:07:04.0578 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/19 23:07:06.0187 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\WINDOWS\system32\ASNDIS5.SYS
2010/10/19 23:07:06.0375 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/19 23:07:06.0531 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/19 23:07:06.0875 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/19 23:07:07.0046 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/19 23:07:07.0281 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys
2010/10/19 23:07:07.0531 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/10/19 23:07:07.0765 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/10/19 23:07:08.0031 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/10/19 23:07:08.0265 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/10/19 23:07:08.0375 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/19 23:07:08.0593 Cam5603C (75b5d1fbd7c6b3a107624ca6e34c30b5) C:\WINDOWS\system32\Drivers\Bs350u2.sys
2010/10/19 23:07:08.0859 CardReaderFilter (8c4188e83e3b6e5c3ddbb7617820af8e) C:\WINDOWS\system32\Drivers\USBCRFT.SYS
2010/10/19 23:07:09.0187 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/19 23:07:09.0328 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/19 23:07:09.0703 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/19 23:07:09.0875 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/19 23:07:09.0984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/19 23:07:10.0718 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/19 23:07:11.0062 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/19 23:07:12.0062 DefragFS (65c7122d1115a4e1db3e8c11df919a40) C:\WINDOWS\system32\drivers\DefragFS.sys
2010/10/19 23:07:12.0234 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/19 23:07:12.0421 dmboot (c252a99c0a78b39faa2e2d1d048b1050) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/19 23:07:12.0671 dmio (33b4d4039cd2cb25351a7bf13b2988d9) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/19 23:07:12.0765 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/19 23:07:12.0984 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/19 23:07:13.0343 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/19 23:07:13.0546 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/19 23:07:13.0671 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/19 23:07:13.0859 Fips (e5e61f2c07344e91dbfb7eafde549ab4) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/19 23:07:14.0062 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/19 23:07:14.0328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/19 23:07:14.0484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/19 23:07:14.0578 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/19 23:07:14.0812 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2010/10/19 23:07:14.0953 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/10/19 23:07:15.0109 ghaio (108a784ff664a83329549e5883c84cfd) C:\Archivos de programa\ASUS\NB Probe\SPM\ghaio.sys
2010/10/19 23:07:15.0343 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/19 23:07:15.0515 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/19 23:07:15.0921 HSFHWSIS (084c5ea9445cb4b2f934ddf417d64b9e) C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys
2010/10/19 23:07:16.0187 HSF_DP (7a7fbe994d1018be8cfd1ba7a028dbd3) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/10/19 23:07:16.0437 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/19 23:07:17.0171 i8042prt (4a2490a66e8271901e89dd5fb79748ae) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/19 23:07:17.0421 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/19 23:07:17.0984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/19 23:07:18.0093 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/19 23:07:18.0312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/19 23:07:18.0437 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/19 23:07:18.0656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/19 23:07:18.0875 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/10/19 23:07:19.0015 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/19 23:07:19.0203 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2010/10/19 23:07:19.0421 isapnp (0f3d281b0410fe5d482aada37d20524b) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/19 23:07:19.0656 Kbdclass (188ddd286bc0daea6984858c6a4d7bbf) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/19 23:07:19.0875 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/19 23:07:20.0093 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/19 23:07:20.0375 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Archivos de programa\Lavasoft\Ad-Aware\KernExplorer.sys
2010/10/19 23:07:20.0656 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/10/19 23:07:21.0156 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2010/10/19 23:07:21.0343 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/19 23:07:21.0468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/19 23:07:21.0671 Modem (9024556e739b8469d2b8f5f0e4c9bc9f) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/19 23:07:21.0781 Mouclass (6fd36b4994a2363659a65c9f970cfdb7) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/19 23:07:21.0953 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/19 23:07:22.0328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/19 23:07:22.0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/19 23:07:22.0703 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/19 23:07:22.0812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/19 23:07:23.0015 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/19 23:07:23.0250 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/19 23:07:23.0359 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/19 23:07:23.0562 MTsensor (e333010a50bf603acc350f6019e9ce02) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2010/10/19 23:07:23.0781 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/19 23:07:23.0937 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/19 23:07:24.0078 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/19 23:07:24.0265 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/19 23:07:24.0640 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/19 23:07:24.0765 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/19 23:07:24.0890 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/19 23:07:25.0015 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/19 23:07:25.0250 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/19 23:07:25.0515 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/19 23:07:25.0640 NPDriver (65194f525aef541eaa5056eb3d53a25b) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
2010/10/19 23:07:25.0875 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/19 23:07:26.0281 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/19 23:07:26.0421 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/19 23:07:26.0546 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/19 23:07:26.0625 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/19 23:07:26.0750 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/19 23:07:26.0968 Parport (e7855cbd8bd1fda085a3f92cff7906e2) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/19 23:07:27.0156 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/19 23:07:27.0265 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/19 23:07:27.0421 PCI (f11bc84ae6c7b003b5e0c8eeb4a1f444) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/19 23:07:27.0765 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/19 23:07:27.0953 Pcmcia (f50c27cca56dc97b3a45e7f0059bd2ba) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/19 23:07:29.0140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/19 23:07:29.0250 Processor (d4d8634dfdae3eca83620ee4088f7aa9) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/19 23:07:29.0406 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/19 23:07:29.0468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/19 23:07:30.0515 RapportKELL (915b82d664cd38743a59b3a3524a5d3a) C:\Archivos de programa\Trusteer\Rapport\bin\RapportKELL.sys
2010/10/19 23:07:30.0750 RapportPG (25f126fdd8df81a71ff518c914055cd8) C:\Archivos de programa\Trusteer\Rapport\bin\RapportPG.sys
2010/10/19 23:07:30.0875 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/19 23:07:31.0046 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/10/19 23:07:31.0265 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/19 23:07:31.0437 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/19 23:07:31.0593 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/19 23:07:31.0687 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/19 23:07:31.0921 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/19 23:07:32.0109 redbook (20950948970a0ea329b4254052bcf093) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/19 23:07:32.0359 rmedia (57c3751fd5beeaba87de83979fbb9977) C:\WINDOWS\system32\DRIVERS\rmedia.sys
2010/10/19 23:07:32.0531 RPPKT (b7e136986bb3dac249a00e760281f0a9) C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys
2010/10/19 23:07:32.0703 RPSKT (750d83c39d60964b6bc2b8a75ed7a165) C:\WINDOWS\system32\DRIVERS\rp_skt32.sys
2010/10/19 23:07:32.0953 rspSanity (bcbf88fabf84f0f76fd7b11df65921fa) C:\WINDOWS\system32\DRIVERS\rspSanity32.sys
2010/10/19 23:07:33.0156 rt2870 (2be6b34244e2a2aaaf1e93d765483512) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2010/10/19 23:07:33.0359 RTL8023xp (accaef9f58ae156772be67df148c5b3a) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2010/10/19 23:07:33.0562 SDdriver (11b5e1da4566a68a881a7d73222f4c78) C:\WINDOWS\system32\Drivers\sddriver.sys
2010/10/19 23:07:33.0859 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/19 23:07:34.0015 Serial (f41b42b92ae9c1191858c3f80cc24a9c) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/19 23:07:34.0281 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/19 23:07:34.0765 SiS315 (8365751f9407ea612ea1e022292ffc9c) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2010/10/19 23:07:35.0046 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2010/10/19 23:07:35.0359 SiSkp (5de3c5e923eaa435ab4b48ea87c99f71) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2010/10/19 23:07:35.0546 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/19 23:07:35.0796 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/10/19 23:07:36.0218 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/19 23:07:36.0500 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2010/10/19 23:07:36.0796 sr (ccb3065c3ee63a4515fe84af9e78d1dd) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/19 23:07:37.0031 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/19 23:07:37.0390 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/19 23:07:37.0828 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/19 23:07:37.0968 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/19 23:07:38.0187 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/19 23:07:38.0703 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/10/19 23:07:39.0500 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/19 23:07:39.0640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/19 23:07:39.0828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/19 23:07:39.0953 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/19 23:07:40.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/19 23:07:40.0546 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/19 23:07:40.0937 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/19 23:07:41.0062 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/19 23:07:41.0328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/19 23:07:41.0500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/19 23:07:41.0656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/19 23:07:41.0812 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/19 23:07:41.0968 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/19 23:07:42.0203 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/19 23:07:42.0343 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/19 23:07:42.0453 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/19 23:07:42.0750 VolSnap (c41ffdc191e6c832e2e53c967eae0a16) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/19 23:07:42.0953 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/19 23:07:43.0312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/19 23:07:43.0468 winachsf (3abf96fc0e3ae1aa8ba21d8b5a9a745a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/19 23:07:43.0734 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/10/19 23:07:43.0812 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/19 23:07:44.0000 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/19 23:07:44.0250 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/19 23:07:44.0609 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/19 23:07:44.0640 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/19 23:07:44.0640 ================================================================================
2010/10/19 23:07:44.0640 Scan finished
2010/10/19 23:07:44.0640 ================================================================================
2010/10/19 23:07:44.0640 Detected object count: 1
2010/10/19 23:08:10.0140 \HardDisk0\MBR - will be cured after reboot
2010/10/19 23:08:10.0140 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/19 23:08:15.0421 Deinitialize success

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 19 October 2010 - 07:44 PM

Hello

yes do some testing aan let me know how things are

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 david240

david240
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 20 October 2010 - 06:46 AM

Hello Gringo,

First I did some testing, before starting with your last instructions, so java cache not touched...
• Firefox remains slow to open.
• Browsing safe sites: FF slows to a crawl... PC crawling
• Removed router Ethernet cable: Task Manager took about 3 or 4 minutes to open. Proceso inactive del sistema is over 90%, FF under 10%. Maybe to do with Spyware Terminator update process? Aborted update. OK, normal speeds.
• No sign of FF hijacking any more, using yahoo search, google search. No spontaneous tabs seen.
• Slow to close FF.
Updated Avira AntiVir.
• Damn, Adobe Reader updater decided to download as well... postpone the install.
• OK, IE does not appear to get hijacked either.

Clear Java cache... No Java in Control Panel! Nothing Java in Add or Remove Programs. Sorry, not sure why you asked me to do this if the machine does not have Java installed, which presumably shows up in previous scan logs - or am I misinterpreting the situation?


TFC...
60.00MB cleaned
Reboot...

MBAM...
Warning box opens:
¨vbAccelerator SGrid II Control
Run-time error ´o´¨...OK
followed by:
¨Malwarebytes'Anti-Malware
Run-time error ´440´:
Automation Error...OK

Disable Avira AntiVir Guard...

Repeat double-click MBAM...
same results.

I have stopped here to wait for your advice. Do you want me to try removing and re-installing MBAM?

Bye for now

David

Edited by david240, 20 October 2010 - 06:49 AM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 20 October 2010 - 09:06 AM

Hello

Sorry, not sure why you asked me to do this if the machine does not have Java installed, which presumably shows up in previous scan logs - or am I misinterpreting the situation?
My mistake

Yes I do want you to uninstall MBAM but do it this way.

Uninstall Malwarebytes

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 david240

david240
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 20 October 2010 - 10:39 AM

Hi Gringo,

MBAM removed and reinstalled per your instructions. I have put these files into the Avira AntiVir realtime ´Guard´ exclusions list just in case, although there´s no mention of Avira in the list at the MBAM forum FAQ posting you linked to:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
C:\Windows\System32\drivers\mbam.sys
C:\Windows\System32\drivers\mbamswissarmy.sys

Do I need to exclude any processes too? Or can I proceed to run the MBAM Quick Scan?

David

Edited by david240, 20 October 2010 - 10:41 AM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 20 October 2010 - 11:31 AM

Hello

run thequick scan and lets see what happens

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 david240

david240
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 20 October 2010 - 01:31 PM

Hi,
here is the MBAM result. I went on to run Hijackthis too and the log is appended. I hope it's all as positive as it looks to me.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4894

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/10/2010 18:33:16
mbam-log-2010-10-20 (18-33-16).txt

Scan type: Quick scan
Objects scanned: 137106
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:49:14, on 20/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.250.13.250:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Archivos de programa\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Archivos de programa\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [NSWosCheck] "C:\Archivos de programa\Norton SystemWorks Basic Edition\osCheck.exe"
O4 - HKLM\..\Run: [NswUiTray] C:\Archivos de programa\Norton SystemWorks Basic Edition\NswUiTray.exe
O4 - HKLM\..\Run: [DigitalHomeSupport.exe] "C:\Archivos de programa\Virgin Media\Digital Home Support\DigitalHomeSupport.exe" /AUTORUN
O4 - HKLM\..\Run: [HsdClient.exe] "C:\Archivos de programa\Virgin Media\Chat Extension\HsdClient.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Archivos de programa\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Archivos de programa\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Archivos de programa\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229982684453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229982658109
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Archivos de programa\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Archivos de programa\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Archivos de programa\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Virgin Media Security (Radialpoint Security Services) - Virgin Media - C:\Archivos de programa\Virgin Media\Security\RpsSecurityAwareR.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Archivos de programa\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Virgin Media Security Firewall (RP_FWS) - Virgin Media - C:\Archivos de programa\Virgin Media\Security\Fws.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Archivos de programa\Virgin Media\Digital Home Support\ServicepointService.exe
O23 - Service: SHUNUR - Unknown owner - C:\DOCUME~1\claudia\CONFIG~1\Temp\SHUNUR.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\ARCHIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: spmgr - Unknown owner - C:\Archivos de programa\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Archivos de programa\Spyware Terminator\sp_rsser.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - Unknown owner - C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (file missing)
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe

--
End of file - 11363 bytes


Regards,

David

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 PM

Posted 20 October 2010 - 11:24 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Archivos de programa\Sony\Content Transfer\ContentTransferWMDetector.exe
      O4 - HKLM\..\Run: [DigitalHomeSupport.exe] "C:\Archivos de programa\Virgin Media\Digital Home Support\DigitalHomeSupport.exe" /AUTORUN
      O4 - HKLM\..\Run: [HsdClient.exe] "C:\Archivos de programa\Virgin Media\Chat Extension\HsdClient.exe" /AUTORUN
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [swg] "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users