Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Malware


  • This topic is locked This topic is locked
64 replies to this topic

#1 arrix

arrix

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 22 August 2011 - 09:38 AM

As the title suggests, I have some ver tenacious malware on my computer somewhere. I've used Malwarebytes, Spybot, and Avast's scanners both in and out of safe mode, and I'm still experiencing very frequent browser redirects. Specifically, when I do a Google search for anything, clicking on a search result link, even a reputable site, redirects me to a random ad site. And also general slowness and crappy computer operation as a whole. I am attaching the three text files of the scan results I was instructed to save.

Attached Files

  • Attached File  ark.txt   128.68KB   0 downloads
  • Attached File  gmer.log   128.68KB   1 downloads
  • Attached File  dds.txt   10.8KB   2 downloads


BC AdBot (Login to Remove)

 


#2 arrix

arrix
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 22 August 2011 - 05:42 PM

Also including the HijackThis report

Attached Files



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 AM

Posted 27 August 2011 - 09:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415592 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 arrix

arrix
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 27 August 2011 - 06:13 PM

Thank you. Here are the updated GMER and DDS logs. And I do not have the Windows Startup disc available, as I bought the computer refurbished and did not receive one with it.

Attached Files



#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 AM

Posted 27 August 2011 - 09:09 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

There looks to be a rootkit in the machine.

Please run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#6 arrix

arrix
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 28 August 2011 - 01:20 AM

Hey m0le!

Thank you for your help! Here's the scan results (I'm assuming you meant to copy & paste it in the reply rather than attach the txt file):

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-08-28 01:16:17
-----------------------------
01:16:17.515 OS Version: Windows 5.1.2600 Service Pack 3
01:16:17.515 Number of processors: 2 586 0x403
01:16:17.515 ComputerName: N8DAM8 UserName:
01:16:18.750 Initialize success
01:16:45.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f
01:16:45.500 Disk 0 Vendor: ST3808110AS 3.ADH Size: 76293MB BusType: 3
01:16:45.500 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
01:16:45.500 Disk 1 Vendor: ST3250824AS 3.AAE Size: 238475MB BusType: 3
01:16:47.531 Disk 0 MBR read successfully
01:16:47.531 Disk 0 MBR scan
01:16:47.531 Disk 0 Windows XP default MBR code
01:16:47.531 Disk 0 scanning sectors +156232125
01:16:47.593 Disk 0 scanning C:\WINDOWS\system32\drivers
01:16:52.859 Service scanning
01:16:54.078 Modules scanning
01:16:59.984 Disk 0 trace - called modules:
01:17:00.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
01:17:00.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871c7ab8]
01:17:00.031 3 CLASSPNP.SYS[f7692fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-f[0x8713bb00]
01:17:00.031 Scan finished successfully
01:17:22.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\compter\Desktop\MBR.dat"
01:17:22.796 The log file has been saved successfully to "C:\Documents and Settings\compter\Desktop\aswMBR.txt"

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 AM

Posted 28 August 2011 - 09:41 AM

Now please run Combofix (yes, unless I specify can you post all the logs. Thanks)

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#8 arrix

arrix
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 28 August 2011 - 06:04 PM

Hey m0le,

Thanks! Here's the ComboFix log:

ComboFix 11-08-28.01 - compter 08/28/2011 17:45:15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.98 [GMT -5:00]
Running from: c:\documents and settings\compter\My Documents\Downloads\ComFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\itns.exe
c:\documents and settings\All Users\Application Data\ivmw.exe
c:\documents and settings\All Users\Application Data\kdmy.exe
c:\documents and settings\All Users\Application Data\pcmq.exe
c:\documents and settings\compter\Application Data\3EB6.111
c:\documents and settings\compter\asixwswfke.tmp
c:\documents and settings\compter\Local Settings\Application Data\atlr.exe
c:\documents and settings\compter\Local Settings\Application Data\lhdc.exe
c:\documents and settings\compter\Local Settings\Application Data\mpig.exe
c:\documents and settings\compter\Local Settings\Application Data\txep.exe
c:\documents and settings\compter\My Documents\2222.jpg
c:\documents and settings\compter\Templates\iham.exe
c:\documents and settings\compter\Templates\moqw.exe
c:\documents and settings\compter\Templates\uvdq.exe
c:\documents and settings\compter\Templates\xntm.exe
c:\documents and settings\compter\WINDOWS
c:\documents and settings\LocalService\Application Data\020000001dde61d01406C.manifest
c:\documents and settings\LocalService\Application Data\020000001dde61d01406O.manifest
c:\documents and settings\LocalService\Application Data\020000001dde61d01406P.manifest
c:\documents and settings\LocalService\Application Data\020000001dde61d01406S.manifest
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\comct332.ocx
c:\windows\system32\iedkcs3232.exe
c:\windows\system32\neth32.exe
c:\windows\system32\rasman32.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BITS32
-------\Legacy_COMSERVER
-------\Legacy_DMADMIN32
-------\Legacy_NPF
-------\Legacy_WMI32
-------\Service_BITS32
-------\Service_COMServer
-------\Service_dmadmin32
-------\Service_Wmi32
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-28 )))))))))))))))))))))))))))))))
.
.
2011-08-28 22:33 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\photowiz32.exe
2011-08-28 22:33 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\ati2dvaa32.exe
2011-08-28 22:33 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\D3DCompiler_3832.exe
2011-08-28 22:33 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\cewmdm32.exe
2011-08-28 22:33 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\netui132.exe
2011-08-28 22:33 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\nvcuvenc32.exe
2011-08-28 22:33 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\mchgrcoi32.exe
2011-08-28 22:32 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\kbdit14232.exe
2011-08-28 06:36 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\shimeng32.exe
2011-08-28 06:36 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\msvidctl32.exe
2011-08-28 06:36 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\nwevent32.exe
2011-08-28 06:36 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\scriptpw32.exe
2011-08-28 06:36 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\msdtclog32.exe
2011-08-28 06:36 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\iprop32.exe
2011-08-28 06:36 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\wshatm32.exe
2011-08-28 06:36 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\utildll32.exe
2011-08-28 06:35 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\shgina32.exe
2011-08-28 06:35 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\hidserv32.exe
2011-08-28 06:35 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\dx7vb32.exe
2011-08-28 06:35 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\wmsdmod32.exe
2011-08-28 06:35 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\nvcod(6)32.exe
2011-08-28 06:35 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\icaapi32.exe
2011-08-28 06:35 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\D3DCompiler_3532.exe
2011-08-28 06:13 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\msw3prt32.exe
2011-08-28 06:13 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\dot3cfg32.exe
2011-08-28 06:08 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\midimap32.exe
2011-08-28 06:07 . 2011-08-28 06:07 158208 ------w- c:\windows\system32\kbdmaori32.dll
2011-08-27 22:04 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\mqcertui32.exe
2011-08-27 22:04 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\kbdlv32.exe
2011-08-27 22:04 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\iyuv_3232.exe
2011-08-27 22:04 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\wmploc32.exe
2011-08-27 22:04 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\ddraw32.exe
2011-08-27 22:04 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\D3DCompiler_4132.exe
2011-08-24 13:54 . 2011-08-24 13:54 334336 ----a-w- c:\windows\system32\ativtmxx32.dll
2011-08-24 08:31 . 2011-08-24 08:31 -------- d-----w- c:\program files\ESET
2011-08-24 08:19 . 2011-08-24 08:19 -------- d-----w- c:\documents and settings\compter\Application Data\Malwarebytes
2011-08-24 08:19 . 2011-07-08 12:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 08:19 . 2011-08-24 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-24 08:19 . 2011-08-24 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-24 08:19 . 2011-07-08 12:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 07:42 . 2011-08-24 07:42 -------- dc----w- C:\_OTL
2011-08-22 22:39 . 2011-08-22 22:39 388096 ----a-r- c:\documents and settings\compter\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-22 11:58 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\ativtmxx32.exe
2011-08-19 21:24 . 2011-08-19 21:24 -------- d-----w- c:\program files\iPod
2011-08-19 21:24 . 2011-08-19 21:24 -------- d-----w- c:\program files\iTunes
2011-08-19 21:21 . 2011-08-19 21:21 -------- d-----w- c:\program files\Bonjour
2011-08-19 17:41 . 2011-08-23 23:42 -------- d-----w- c:\documents and settings\compter\Local Settings\Application Data\AskToolbar
2011-08-08 21:17 . 2011-08-08 21:17 -------- d-----w- c:\documents and settings\compter\Application Data\Media Player Classic
2011-08-08 18:01 . 2011-08-27 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-08-08 18:01 . 2011-08-08 18:01 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-22 11:58 . 2011-08-28 22:56 717312 ----a-w- c:\windows\system32\mqad32.exe
2011-08-22 11:58 . 2011-08-28 22:56 717312 ----a-w- c:\windows\system32\ialmuPTG32.exe
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-08-19 00:18 . 2011-06-25 08:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\documents and settings\compter\Desktop\utorrent.exe" [2011-03-28 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
setup_9.0.0.722_26.06.2011_01-08.lnk - c:\documents and settings\compter\Desktop\Virus Removal Tool\setup_9.0.0.722_26.06.2011_01-08\startup.exe [N/A]
.
c:\documents and settings\compter\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-8-7 0]
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:1bc79e590cc7
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"e:\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"e:\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\compter\\Desktop\\utorrent.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\compter\\My Documents\\Downloads\\WoW-4.0.0-WOW-enUS-Installer.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\compter\\Local Settings\\Apps\\2.0\\O1XZQ016.JAO\\A3J9O14A.C5Z\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader
.
R0 71397612;71397612 Boot Guard Driver;c:\windows\system32\drivers\71397612.sys [6/25/2011 5:52 PM 37392]
R1 71397611;71397611;c:\windows\system32\drivers\71397611.sys [6/25/2011 5:52 PM 128016]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [7/13/2010 7:48 PM 95024]
R1 setup_9.0.0.722_26.06.2011_01-08drv;setup_9.0.0.722_26.06.2011_01-08drv;c:\windows\system32\drivers\7139761.sys [6/25/2011 5:52 PM 315408]
R2 AudioSrv32;Windows Audio ;c:\windows\system32\kbdmac32.exe [8/27/2011 5:01 PM 717312]
R2 Dot3svc32;Wired AutoConfig ;c:\windows\system32\dot3cfg32.exe [8/28/2011 1:13 AM 717312]
R2 helpsvc32;Help and Support ;c:\windows\system32\msw3prt32.exe [8/28/2011 1:13 AM 717312]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/24/2011 3:19 AM 366640]
R2 MSIServer323232;Windows Installer ;c:\windows\system32\iyuv_3232.exe [8/27/2011 5:04 PM 717312]
R2 NVSvc32;NVIDIA Display Driver Service ;c:\windows\system32\clb32.exe [8/27/2011 5:01 PM 717312]
R2 ProtectedStorage3232;Protected Storage ;c:\windows\system32\mqcertui32.exe [8/27/2011 5:04 PM 717312]
R2 Schedule3232;Task Scheduler ;c:\windows\system32\shgina32.exe [8/28/2011 1:35 AM 717312]
R2 SENS3232;System Event Notification ;c:\windows\system32\midimap32.exe [8/28/2011 1:08 AM 717312]
R2 xmlprov32;Network Provisioning Service ;c:\windows\system32\msr2c32.exe [8/27/2011 5:01 PM 717312]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/24/2011 3:19 AM 22712]
S2 Alerter32;Alerter ;c:\windows\system32\docprop32.exe --> c:\windows\system32\docprop32.exe [?]
S2 AppMgmt32;Application Management ;c:\windows\system32\msltus4032.exe --> c:\windows\system32\msltus4032.exe [?]
S2 aspnet_state32;ASP.NET State Service ;c:\windows\system32\odbcjt3232.exe --> c:\windows\system32\odbcjt3232.exe [?]
S2 AudioSrv3232;Windows Audio ;c:\windows\system32\nvrscs32.exe --> c:\windows\system32\nvrscs32.exe [?]
S2 BITS3232;Background Intelligent Transfer Service ;c:\windows\system32\msv1_032.exe --> c:\windows\system32\msv1_032.exe [?]
S2 Browser32;Computer Browser ;c:\windows\system32\dmstyle32.exe --> c:\windows\system32\dmstyle32.exe [?]
S2 CiSvc32;Indexing Service ;c:\windows\system32\odbcconf32.exe --> c:\windows\system32\odbcconf32.exe [?]
S2 clr_optimization_v2.0.50727_3232;.NET Runtime Optimization Service v2.0.50727_X86 ;c:\windows\system32\ir50_qc32.exe --> c:\windows\system32\ir50_qc32.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 COMServer32;COMServer ;c:\windows\system32\ialmuENG32.exe --> c:\windows\system32\ialmuENG32.exe [?]
S2 COMSysApp32;COM+ System Application ;c:\windows\system32\qdv32.exe --> c:\windows\system32\qdv32.exe [?]
S2 Dnscache32;DNS Client ;c:\windows\system32\unicows32.exe --> c:\windows\system32\unicows32.exe [?]
S2 Dnscache3232;DNS Client ;c:\windows\system32\rastls32.exe --> c:\windows\system32\rastls32.exe [?]
S2 Eventlog32;Event Log ;c:\windows\system32\avtapi32.exe --> c:\windows\system32\avtapi32.exe [?]
S2 Eventlog3232;Event Log ;c:\windows\system32\igfxpph32.exe --> c:\windows\system32\igfxpph32.exe [?]
S2 Eventlog323232;Event Log ;c:\windows\system32\rgb9rast_232.exe --> c:\windows\system32\rgb9rast_232.exe [?]
S2 FastUserSwitchingCompatibility32;Fast User Switching Compatibility ;c:\windows\system32\nv4_disp(4)32.exe --> c:\windows\system32\nv4_disp(4)32.exe [?]
S2 FastUserSwitchingCompatibility3232;Fast User Switching Compatibility ;c:\windows\system32\mciavi3232.exe --> c:\windows\system32\mciavi3232.exe [?]
S2 FontCache3.0.0.032;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\windows\system32\xpsp3res32.exe --> c:\windows\system32\xpsp3res32.exe [?]
S2 FontCache3.0.0.03232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\windows\system32\Edcrypt32.exe --> c:\windows\system32\Edcrypt32.exe [?]
S2 helpsvc3232;Help and Support ;c:\windows\system32\sens32.exe --> c:\windows\system32\sens32.exe [?]
S2 hkmsvc32;Health Key and Certificate Management Service ;c:\windows\system32\LegitCheckControl32.exe --> c:\windows\system32\LegitCheckControl32.exe [?]
S2 hkmsvc3232;Health Key and Certificate Management Service ;c:\windows\system32\adsnt32.exe --> c:\windows\system32\adsnt32.exe [?]
S2 ImapiService32;IMAPI CD-Burning COM Service ;c:\windows\system32\upnpui32.exe --> c:\windows\system32\upnpui32.exe [?]
S2 iPod Service32;iPod Service ;c:\windows\system32\usrcntra32.exe --> c:\windows\system32\usrcntra32.exe [?]
S2 JavaQuickStarterService32;Java Quick Starter ;c:\windows\system32\icwdial32.exe --> c:\windows\system32\icwdial32.exe [?]
S2 LmHosts32;TCP/IP NetBIOS Helper ;c:\windows\system32\hotplug32.exe --> c:\windows\system32\hotplug32.exe [?]
S2 LmHosts3232;TCP/IP NetBIOS Helper ;c:\windows\system32\w3ssl32.exe --> c:\windows\system32\w3ssl32.exe [?]
S2 MBAMService32;MBAMService ;c:\windows\system32\authz32.exe --> c:\windows\system32\authz32.exe [?]
S2 MBAMService3232;MBAMService ;c:\windows\system32\stclient32.exe --> c:\windows\system32\stclient32.exe [?]
S2 Messenger32;Messenger ;c:\windows\system32\nvrsnl32.exe --> c:\windows\system32\nvrsnl32.exe [?]
S2 mnmsrvc32;NetMeeting Remote Desktop Sharing ;c:\windows\system32\clbcatq32.exe --> c:\windows\system32\clbcatq32.exe [?]
S2 MSIServer32;Windows Installer ;c:\windows\system32\kbdno132.exe --> c:\windows\system32\kbdno132.exe [?]
S2 MSIServer3232;Windows Installer ;c:\windows\system32\xpsp4res32.exe --> c:\windows\system32\xpsp4res32.exe [?]
S2 napagent32;Network Access Protection Agent ;c:\windows\system32\nvcod(4)32.exe --> c:\windows\system32\nvcod(4)32.exe [?]
S2 NetDDE32;Network DDE ;c:\windows\system32\apcups32.exe --> c:\windows\system32\apcups32.exe [?]
S2 Netlogon32;Net Logon ;c:\windows\system32\odpdx3232.exe --> c:\windows\system32\odpdx3232.exe [?]
S2 Netman32;Network Connections ;c:\windows\system32\ialmuTHA32.exe --> c:\windows\system32\ialmuTHA32.exe [?]
S2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\toolhelp32.exe --> c:\windows\system32\toolhelp32.exe [?]
S2 NtmsSvc32;Removable Storage ;c:\windows\system32\mqtrig32.exe --> c:\windows\system32\mqtrig32.exe [?]
S2 NtmsSvc3232;Removable Storage ;c:\windows\system32\msacm32.exe --> c:\windows\system32\msacm32.exe [?]
S2 PolicyAgent32;IPSEC Services ;c:\windows\system32\ncobjapi32.exe --> c:\windows\system32\ncobjapi32.exe [?]
S2 ProtectedStorage32;Protected Storage ;c:\windows\system32\ipxrtmgr32.exe --> c:\windows\system32\ipxrtmgr32.exe [?]
S2 ProtectedStorage323232;Protected Storage ;c:\windows\system32\kbdca32.exe --> c:\windows\system32\kbdca32.exe [?]
S2 RemoteAccess32;Routing and Remote Access ;c:\windows\system32\msxmlr32.exe --> c:\windows\system32\msxmlr32.exe [?]
S2 RemoteRegistry32;Remote Registry ;c:\windows\system32\PortableDeviceWMDRM32.exe --> c:\windows\system32\PortableDeviceWMDRM32.exe [?]
S2 RpcLocator32;Remote Procedure Call (RPC) Locator ;c:\windows\system32\D3DCompiler_3632.exe --> c:\windows\system32\D3DCompiler_3632.exe [?]
S2 RSVP32;QoS RSVP ;c:\windows\system32\inetcfg32.exe --> c:\windows\system32\inetcfg32.exe [?]
S2 SamSs32;Security Accounts Manager ;c:\windows\system32\ialmuPTG32.exe [8/28/2011 5:56 PM 717312]
S2 SamSs3232;Security Accounts Manager ;c:\windows\system32\ptpusb32.exe --> c:\windows\system32\ptpusb32.exe [?]
S2 Schedule32;Task Scheduler ;c:\windows\system32\aaaamon32.exe --> c:\windows\system32\aaaamon32.exe [?]
S2 seclogon32;Secondary Logon ;c:\windows\system32\ocmanage32.exe --> c:\windows\system32\ocmanage32.exe [?]
S2 seclogon3232;Secondary Logon ;c:\windows\system32\nvapi(3)32.exe --> c:\windows\system32\nvapi(3)32.exe [?]
S2 SENS32;System Event Notification ;c:\windows\system32\kbd101b32.exe --> c:\windows\system32\kbd101b32.exe [?]
S2 SENS323232;System Event Notification ;c:\windows\system32\xolehlp32.exe --> c:\windows\system32\xolehlp32.exe [?]
S2 SharedAccess32;Windows Firewall/Internet Connection Sharing (ICS) ;c:\windows\system32\kbdpash32.exe --> c:\windows\system32\kbdpash32.exe [?]
S2 SharedAccess3232;Windows Firewall/Internet Connection Sharing (ICS) ;c:\windows\system32\urlmon(3)32.exe --> c:\windows\system32\urlmon(3)32.exe [?]
S2 Spooler32;Print Spooler ;c:\windows\system32\mdmxsdk32.exe --> c:\windows\system32\mdmxsdk32.exe [?]
S2 SSDPSRV32;SSDP Discovery Service ;c:\windows\system32\ntmsmgr32.exe --> c:\windows\system32\ntmsmgr32.exe [?]
S2 SSDPSRV3232;SSDP Discovery Service ;c:\windows\system32\mprui32.exe --> c:\windows\system32\mprui32.exe [?]
S2 SSDPSRV323232;SSDP Discovery Service ;c:\windows\system32\kbdlt132.exe --> c:\windows\system32\kbdlt132.exe [?]
S2 stisvc32;Windows Image Acquisition (WIA) ;c:\windows\system32\nvapi(6)32.exe --> c:\windows\system32\nvapi(6)32.exe [?]
S2 STSService32;STSService ;c:\windows\system32\safrcdlg32.exe --> c:\windows\system32\safrcdlg32.exe [?]
S2 STSService3232;STSService ;c:\windows\system32\icmp32.exe --> c:\windows\system32\icmp32.exe [?]
S2 STSService323232;STSService ;c:\windows\system32\xinput1_232.exe --> c:\windows\system32\xinput1_232.exe [?]
S2 TapiSrv32;Telephony ;c:\windows\system32\osuninst32.exe --> c:\windows\system32\osuninst32.exe [?]
S2 Themes32;Themes ;c:\windows\system32\ialmuPTG32.exe [8/28/2011 5:56 PM 717312]
S2 TrkWks32;Distributed Link Tracking Client ;c:\windows\system32\rasmxs32.exe --> c:\windows\system32\rasmxs32.exe [?]
S2 TrkWks3232;Distributed Link Tracking Client ;c:\windows\system32\qmgrprxy32.exe --> c:\windows\system32\qmgrprxy32.exe [?]
S2 TrkWks323232;Distributed Link Tracking Client ;c:\windows\system32\sti32.exe --> c:\windows\system32\sti32.exe [?]
S2 upnphost32;Universal Plug and Play Device Host ;c:\windows\system32\msrd3x4032.exe --> c:\windows\system32\msrd3x4032.exe [?]
S2 WebClient32;WebClient ;c:\windows\system32\compstui32.exe --> c:\windows\system32\compstui32.exe [?]
S2 Wmi3232;Windows Management Instrumentation Driver Extensions ;c:\windows\system32\usbmon32.exe --> c:\windows\system32\usbmon32.exe [?]
S2 wscsvc32;Security Center ;c:\windows\system32\igmpagnt32.exe --> c:\windows\system32\igmpagnt32.exe [?]
S2 WZCSVC32;Wireless Zero Configuration ;c:\windows\system32\dot3ui32.exe --> c:\windows\system32\dot3ui32.exe [?]
S3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [2/16/2011 9:46 AM 385024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\compter\Application Data\Mozilla\Firefox\Profiles\etcuxtxj.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52889
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-28 17:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\ativtmxx32.exe
c:\program files\OpenOffice.org 2.1\program\soffice.exe
c:\program files\OpenOffice.org 2.1\program\soffice.BIN
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SoftwareDistribution\Download\2d27ce3f0ff7c49d95c2b43a6bb0e270\update\update.exe
.
**************************************************************************
.
Completion time: 2011-08-28 18:01:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-28 23:01
.
Pre-Run: 10,755,260,416 bytes free
Post-Run: 11,978,477,568 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=0
.
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 85D244462D0AF002E5C92DEF6DC41234

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 AM

Posted 28 August 2011 - 07:41 PM

A very persistent trojan called Trojan.Agent.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

File::
c:\windows\system32\photowiz32.exe
c:\windows\system32\ati2dvaa32.exe
c:\windows\system32\D3DCompiler_3832.exe
c:\windows\system32\cewmdm32.exe
c:\windows\system32\netui132.exe
c:\windows\system32\nvcuvenc32.exe
c:\windows\system32\mchgrcoi32.exe
c:\windows\system32\kbdit14232.exe
c:\windows\system32\shimeng32.exe
c:\windows\system32\msvidctl32.exe
c:\windows\system32\nwevent32.exe
c:\windows\system32\scriptpw32.exe
c:\windows\system32\msdtclog32.exe
c:\windows\system32\iprop32.exe
c:\windows\system32\wshatm32.exe
c:\windows\system32\utildll32.exe
c:\windows\system32\shgina32.exe
c:\windows\system32\hidserv32.exe
c:\windows\system32\dx7vb32.exe
c:\windows\system32\wmsdmod32.exe
c:\windows\system32\nvcod(6)32.exe
c:\windows\system32\icaapi32.exe
c:\windows\system32\D3DCompiler_3532.exe
c:\windows\system32\msw3prt32.exe
c:\windows\system32\dot3cfg32.exe
c:\windows\system32\midimap32.exe
c:\windows\system32\kbdmaori32.dll
c:\windows\system32\mqcertui32.exe
c:\windows\system32\kbdlv32.exe
c:\windows\system32\iyuv_3232.exe
c:\windows\system32\wmploc32.exe
c:\windows\system32\ddraw32.exe
c:\windows\system32\D3DCompiler_4132.exe
c:\windows\system32\ativtmxx32.dll
c:\windows\system32\mqad32.exe
c:\windows\system32\ialmuPTG32.exe
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
setup_9.0.0.722_26.06.2011_01-08.lnk

Folder::
c:\documents and settings\compter\Desktop\Virus Removal Tool

Firefox::
FF - ProfilePath - c:\documents and settings\compter\Application Data\Mozilla\Firefox\Profiles\etcuxtxj.default\
FF - prefs.js: network.proxy.http_port - 52889

Driver::
AudioSrv32
Dot3svc32
helpsvc32
ProtectedStorage3232
Schedule3232
SENS3232
xmlprov32
Alerter32
AppMgmt32
aspnet_state32
AudioSrv3232
BITS3232
Browser32
CiSvc32
COMServer32
COMSysApp32
Dnscache32
Dnscache3232
Eventlog32
Eventlog3232
Eventlog323232
FastUserSwitchingCompatibility32
FastUserSwitchingCompatibility3232
FontCache3.0.0.032
FontCache3.0.0.03232
helpsvc3232
hkmsvc32
hkmsvc3232
ImapiService32
iPod Service32
JavaQuickStarterService32
LmHosts32
LmHosts3232
MBAMService32
MBAMService3232
Messenger32
mnmsrvc32
MSIServer32
MSIServer3232
napagent32
NetDDE32
Netlogon32
Netman32
NetTcpPortSharing32
NtmsSvc32;Removable Storage
NtmsSvc3232;Removable Storage
PolicyAgent32;IPSEC Services
ProtectedStorage32;Protected Storage
ProtectedStorage323232;Protected Storage
RemoteAccess32
RemoteRegistry32
RpcLocator32
RSVP32
SamSs32
SamSs3232
Schedule32
seclogon32
seclogon3232
SENS32
SENS323232
SharedAccess32
SharedAccess3232
Spooler32
SSDPSRV32
SSDPSRV3232]
SSDPSRV323232
stisvc32
STSService32
STSService3232
STSService323232
TapiSrv32
Themes32
TrkWks32
TrkWks3232
TrkWks323232
upnphost32
WebClient32
Wmi3232
wscsvc32
WZCSVC32


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#10 arrix

arrix
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 28 August 2011 - 08:45 PM

Thank you m0le. Here's that report:

ComboFix 11-08-28.01 - compter 08/28/2011 20:26:10.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.604 [GMT -5:00]
Running from: c:\documents and settings\compter\Desktop\ComFix.exe
Command switches used :: c:\documents and settings\compter\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\"
"c:\windows\system32\ati2dvaa32.exe"
"c:\windows\system32\ativtmxx32.dll"
"c:\windows\system32\cewmdm32.exe"
"c:\windows\system32\D3DCompiler_3532.exe"
"c:\windows\system32\D3DCompiler_3832.exe"
"c:\windows\system32\D3DCompiler_4132.exe"
"c:\windows\system32\ddraw32.exe"
"c:\windows\system32\dot3cfg32.exe"
"c:\windows\system32\dx7vb32.exe"
"c:\windows\system32\hidserv32.exe"
"c:\windows\system32\ialmuPTG32.exe"
"c:\windows\system32\icaapi32.exe"
"c:\windows\system32\iprop32.exe"
"c:\windows\system32\iyuv_3232.exe"
"c:\windows\system32\kbdit14232.exe"
"c:\windows\system32\kbdlv32.exe"
"c:\windows\system32\kbdmaori32.dll"
"c:\windows\system32\mchgrcoi32.exe"
"c:\windows\system32\midimap32.exe"
"c:\windows\system32\mqad32.exe"
"c:\windows\system32\mqcertui32.exe"
"c:\windows\system32\msdtclog32.exe"
"c:\windows\system32\msvidctl32.exe"
"c:\windows\system32\msw3prt32.exe"
"c:\windows\system32\netui132.exe"
"c:\windows\system32\nvcod(6)32.exe"
"c:\windows\system32\nvcuvenc32.exe"
"c:\windows\system32\nwevent32.exe"
"c:\windows\system32\photowiz32.exe"
"c:\windows\system32\scriptpw32.exe"
"c:\windows\system32\shgina32.exe"
"c:\windows\system32\shimeng32.exe"
"c:\windows\system32\utildll32.exe"
"c:\windows\system32\wmploc32.exe"
"c:\windows\system32\wmsdmod32.exe"
"c:\windows\system32\wshatm32.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\compter\Local Settings\Application Data\{697C2836-7F79-4F46-BBAC-D49DE0894B58}
c:\documents and settings\compter\Local Settings\Application Data\{697C2836-7F79-4F46-BBAC-D49DE0894B58}\chrome.manifest
c:\documents and settings\compter\Local Settings\Application Data\{697C2836-7F79-4F46-BBAC-D49DE0894B58}\chrome\content\_cfg.js
c:\documents and settings\compter\Local Settings\Application Data\{697C2836-7F79-4F46-BBAC-D49DE0894B58}\chrome\content\overlay.xul
c:\documents and settings\compter\Local Settings\Application Data\{697C2836-7F79-4F46-BBAC-D49DE0894B58}\install.rdf
c:\windows\system32\ati2dvaa32.exe
c:\windows\system32\ativtmxx32.dll
c:\windows\system32\cewmdm32.exe
c:\windows\system32\D3DCompiler_3532.exe
c:\windows\system32\D3DCompiler_3832.exe
c:\windows\system32\D3DCompiler_4132.exe
c:\windows\system32\ddraw32.exe
c:\windows\system32\dot3cfg32.exe
c:\windows\system32\dx7vb32.exe
c:\windows\system32\hidserv32.exe
c:\windows\system32\ialmuPTG32.exe
c:\windows\system32\icaapi32.exe
c:\windows\system32\iprop32.exe
c:\windows\system32\iyuv_3232.exe
c:\windows\system32\kbdit14232.exe
c:\windows\system32\kbdlv32.exe
c:\windows\system32\kbdmaori32.dll
c:\windows\system32\mchgrcoi32.exe
c:\windows\system32\midimap32.exe
c:\windows\system32\mqad32.exe
c:\windows\system32\mqcertui32.exe
c:\windows\system32\msdtclog32.exe
c:\windows\system32\msvidctl32.exe
c:\windows\system32\msw3prt32.exe
c:\windows\system32\netui132.exe
c:\windows\system32\nvcod(6)32.exe
c:\windows\system32\nvcuvenc32.exe
c:\windows\system32\nwevent32.exe
c:\windows\system32\photowiz32.exe
c:\windows\system32\scriptpw32.exe
c:\windows\system32\shgina32.exe
c:\windows\system32\shimeng32.exe
c:\windows\system32\utildll32.exe
c:\windows\system32\wmploc32.exe
c:\windows\system32\wmsdmod32.exe
c:\windows\system32\wshatm32.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ALERTER32
-------\Legacy_APPMGMT32
-------\Legacy_ASPNET_STATE32
-------\Legacy_AUDIOSRV32
-------\Legacy_AUDIOSRV3232
-------\Legacy_BITS3232
-------\Legacy_BROWSER32
-------\Legacy_CISVC32
-------\Legacy_COMSERVER32
-------\Legacy_COMSYSAPP32
-------\Legacy_DNSCACHE32
-------\Legacy_DNSCACHE3232
-------\Legacy_DOT3SVC32
-------\Legacy_EVENTLOG32
-------\Legacy_EVENTLOG3232
-------\Legacy_EVENTLOG323232
-------\Legacy_FASTUSERSWITCHINGCOMPATIBILITY32
-------\Legacy_FASTUSERSWITCHINGCOMPATIBILITY3232
-------\Legacy_FONTCACHE3.0.0.032
-------\Legacy_FONTCACHE3.0.0.03232
-------\Legacy_HELPSVC32
-------\Legacy_HELPSVC3232
-------\Legacy_HKMSVC32
-------\Legacy_HKMSVC3232
-------\Legacy_IMAPISERVICE32
-------\Legacy_IPOD_SERVICE32
-------\Legacy_JAVAQUICKSTARTERSERVICE32
-------\Legacy_LMHOSTS32
-------\Legacy_LMHOSTS3232
-------\Legacy_MBAMSERVICE32
-------\Legacy_MBAMSERVICE3232
-------\Legacy_MESSENGER32
-------\Legacy_MNMSRVC32
-------\Legacy_MSISERVER32
-------\Legacy_MSISERVER3232
-------\Legacy_NAPAGENT32
-------\Legacy_NETDDE32
-------\Legacy_NETLOGON32
-------\Legacy_NETMAN32
-------\Legacy_NETTCPPORTSHARING32
-------\Legacy_PROTECTEDSTORAGE3232
-------\Legacy_REMOTEACCESS32
-------\Legacy_REMOTEREGISTRY32
-------\Legacy_RPCLOCATOR32
-------\Legacy_RSVP32
-------\Legacy_SAMSS32
-------\Legacy_SAMSS3232
-------\Legacy_SCHEDULE32
-------\Legacy_SCHEDULE3232
-------\Legacy_SECLOGON32
-------\Legacy_SECLOGON3232
-------\Legacy_SENS32
-------\Legacy_SENS3232
-------\Legacy_SENS323232
-------\Legacy_SHAREDACCESS32
-------\Legacy_SHAREDACCESS3232
-------\Legacy_SPOOLER32
-------\Legacy_SSDPSRV32
-------\Legacy_SSDPSRV323232
-------\Legacy_STISVC32
-------\Legacy_STSSERVICE32
-------\Legacy_STSSERVICE3232
-------\Legacy_STSSERVICE323232
-------\Legacy_TAPISRV32
-------\Legacy_THEMES32
-------\Legacy_TRKWKS32
-------\Legacy_TRKWKS3232
-------\Legacy_TRKWKS323232
-------\Legacy_UPNPHOST32
-------\Legacy_WEBCLIENT32
-------\Legacy_WMI3232
-------\Legacy_WSCSVC32
-------\Legacy_WZCSVC32
-------\Legacy_XMLPROV32
-------\Service_Alerter32
-------\Service_AppMgmt32
-------\Service_aspnet_state32
-------\Service_AudioSrv32
-------\Service_AudioSrv3232
-------\Service_BITS3232
-------\Service_Browser32
-------\Service_CiSvc32
-------\Service_COMServer32
-------\Service_COMSysApp32
-------\Service_Dnscache32
-------\Service_Dnscache3232
-------\Service_Dot3svc32
-------\Service_Eventlog32
-------\Service_Eventlog3232
-------\Service_Eventlog323232
-------\Service_FastUserSwitchingCompatibility32
-------\Service_FastUserSwitchingCompatibility3232
-------\Service_FontCache3.0.0.032
-------\Service_FontCache3.0.0.03232
-------\Service_helpsvc32
-------\Service_helpsvc3232
-------\Service_hkmsvc32
-------\Service_hkmsvc3232
-------\Service_ImapiService32
-------\Service_iPod Service32
-------\Service_JavaQuickStarterService32
-------\Service_LmHosts32
-------\Service_LmHosts3232
-------\Service_MBAMService32
-------\Service_MBAMService3232
-------\Service_Messenger32
-------\Service_mnmsrvc32
-------\Service_MSIServer32
-------\Service_MSIServer3232
-------\Service_napagent32
-------\Service_NetDDE32
-------\Service_Netlogon32
-------\Service_Netman32
-------\Service_NetTcpPortSharing32
-------\Service_ProtectedStorage3232
-------\Service_RemoteAccess32
-------\Service_RemoteRegistry32
-------\Service_RpcLocator32
-------\Service_RSVP32
-------\Service_SamSs32
-------\Service_SamSs3232
-------\Service_Schedule32
-------\Service_Schedule3232
-------\Service_seclogon32
-------\Service_seclogon3232
-------\Service_SENS32
-------\Service_SENS3232
-------\Service_SENS323232
-------\Service_SharedAccess32
-------\Service_SharedAccess3232
-------\Service_Spooler32
-------\Service_SSDPSRV32
-------\Service_SSDPSRV323232
-------\Service_stisvc32
-------\Service_STSService32
-------\Service_STSService3232
-------\Service_STSService323232
-------\Service_TapiSrv32
-------\Service_Themes32
-------\Service_TrkWks32
-------\Service_TrkWks3232
-------\Service_TrkWks323232
-------\Service_upnphost32
-------\Service_WebClient32
-------\Service_Wmi3232
-------\Service_wscsvc32
-------\Service_WZCSVC32
-------\Service_xmlprov32
-------\Legacy_MSIServer323232
-------\Service_MSIServer323232
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))
.
.
2011-08-29 01:33 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\wsecedit32.exe
2011-08-29 00:06 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\wmdrmdev32.exe
2011-08-24 08:31 . 2011-08-24 08:31 -------- d-----w- c:\program files\ESET
2011-08-24 08:19 . 2011-08-24 08:19 -------- d-----w- c:\documents and settings\compter\Application Data\Malwarebytes
2011-08-24 08:19 . 2011-07-08 12:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 08:19 . 2011-08-24 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-24 08:19 . 2011-08-24 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-24 08:19 . 2011-07-08 12:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 07:42 . 2011-08-24 07:42 -------- dc----w- C:\_OTL
2011-08-22 22:39 . 2011-08-22 22:39 388096 ----a-r- c:\documents and settings\compter\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-22 11:58 . 2011-08-22 11:58 717312 ------w- c:\windows\system32\ativtmxx32.exe
2011-08-19 21:24 . 2011-08-19 21:24 -------- d-----w- c:\program files\iPod
2011-08-19 21:24 . 2011-08-19 21:24 -------- d-----w- c:\program files\iTunes
2011-08-19 21:21 . 2011-08-19 21:21 -------- d-----w- c:\program files\Bonjour
2011-08-19 17:41 . 2011-08-23 23:42 -------- d-----w- c:\documents and settings\compter\Local Settings\Application Data\AskToolbar
2011-08-08 21:17 . 2011-08-08 21:17 -------- d-----w- c:\documents and settings\compter\Application Data\Media Player Classic
2011-08-08 18:01 . 2011-08-27 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-08-08 18:01 . 2011-08-08 18:01 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-22 11:58 . 2011-08-29 01:37 717312 ----a-w- c:\windows\system32\nvrszhc32.exe
2011-08-22 11:58 . 2011-08-29 01:37 717312 ----a-w- c:\windows\system32\blackbox32.exe
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-08-19 00:18 . 2011-06-25 08:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-28_22.56.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-29 01:36 . 2011-08-29 01:36 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat
+ 2011-08-29 01:38 . 2011-08-22 11:58 717312 c:\windows\system32\w32time32.exe
+ 2011-08-29 01:38 . 2011-08-22 11:58 717312 c:\windows\system32\usrv80a32.exe
+ 2011-08-29 01:37 . 2011-08-22 11:58 717312 c:\windows\system32\msvcp5032.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\documents and settings\compter\Desktop\utorrent.exe" [2011-03-28 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
setup_9.0.0.722_26.06.2011_01-08.lnk - c:\documents and settings\compter\Desktop\Virus Removal Tool\setup_9.0.0.722_26.06.2011_01-08\startup.exe [N/A]
.
c:\documents and settings\compter\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-8-7 0]
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:1bc79e590cc7
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"e:\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"e:\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\compter\\Desktop\\utorrent.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\compter\\My Documents\\Downloads\\WoW-4.0.0-WOW-enUS-Installer.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\compter\\Local Settings\\Apps\\2.0\\O1XZQ016.JAO\\A3J9O14A.C5Z\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader
.
R0 71397612;71397612 Boot Guard Driver;c:\windows\system32\drivers\71397612.sys [6/25/2011 5:52 PM 37392]
R1 71397611;71397611;c:\windows\system32\drivers\71397611.sys [6/25/2011 5:52 PM 128016]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [7/13/2010 7:48 PM 95024]
R1 setup_9.0.0.722_26.06.2011_01-08drv;setup_9.0.0.722_26.06.2011_01-08drv;c:\windows\system32\drivers\7139761.sys [6/25/2011 5:52 PM 315408]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/24/2011 3:19 AM 366640]
R2 NVSvc32;NVIDIA Display Driver Service ;c:\windows\system32\clb32.exe [8/27/2011 5:01 PM 717312]
R2 SwPrv32;MS Software Shadow Copy Provider ;c:\windows\system32\wsecedit32.exe [8/28/2011 8:33 PM 717312]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/24/2011 3:19 AM 22712]
S2 ALG32;Application Layer Gateway Service ;c:\windows\system32\loghours32.exe --> c:\windows\system32\loghours32.exe [?]
S2 Apple Mobile Device32;Apple Mobile Device ;c:\windows\system32\igfxsrvc32.exe --> c:\windows\system32\igfxsrvc32.exe [?]
S2 AppMgmt32;Application Management ;c:\windows\system32\wmsdmoe32.exe --> c:\windows\system32\wmsdmoe32.exe [?]
S2 aspnet_state32;ASP.NET State Service ;c:\windows\system32\mpr32.exe --> c:\windows\system32\mpr32.exe [?]
S2 clr_optimization_v2.0.50727_3232;.NET Runtime Optimization Service v2.0.50727_X86 ;c:\windows\system32\ir50_qc32.exe --> c:\windows\system32\ir50_qc32.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 CryptSvc32;CryptSvc ;c:\windows\system32\atl32.exe --> c:\windows\system32\atl32.exe [?]
S2 DcomLaunch32;DCOM Server Process Launcher ;c:\windows\system32\tscfgwmi32.exe --> c:\windows\system32\tscfgwmi32.exe [?]
S2 DcomLaunch3232;DCOM Server Process Launcher ;c:\windows\system32\kbdes32.exe --> c:\windows\system32\kbdes32.exe [?]
S2 dmserver32;Logical Disk Manager ;c:\windows\system32\usrsdpia32.exe --> c:\windows\system32\usrsdpia32.exe [?]
S2 Eventlog32323232;Event Log ;c:\windows\system32\kbdmaori3232.exe --> c:\windows\system32\kbdmaori3232.exe [?]
S2 ImapiService32;IMAPI CD-Burning COM Service ;c:\windows\system32\kbdukx32.exe --> c:\windows\system32\kbdukx32.exe [?]
S2 JavaQuickStarterService32;Java Quick Starter ;c:\windows\system32\avtapi32.exe --> c:\windows\system32\avtapi32.exe [?]
S2 lanmanworkstation32;Workstation ;c:\windows\system32\kbdmaori32.exe --> c:\windows\system32\kbdmaori32.exe [?]
S2 lanmanworkstation3232;Workstation ;c:\windows\system32\es32.exe --> c:\windows\system32\es32.exe [?]
S2 LmHosts32;TCP/IP NetBIOS Helper ;c:\windows\system32\xactengine3_032.exe --> c:\windows\system32\xactengine3_032.exe [?]
S2 MSIServer32;Windows Installer ;c:\windows\system32\WgaLogon32.exe --> c:\windows\system32\WgaLogon32.exe [?]
S2 napagent32;Network Access Protection Agent ;c:\windows\system32\blackbox32.exe --> c:\windows\system32\blackbox32.exe [?]
S2 Nla32;Network Location Awareness (NLA) ;c:\windows\system32\dxtrans32.exe --> c:\windows\system32\dxtrans32.exe [?]
S2 NtmsSvc32;Removable Storage ;c:\windows\system32\mqtrig32.exe --> c:\windows\system32\mqtrig32.exe [?]
S2 NtmsSvc3232;Removable Storage ;c:\windows\system32\msacm32.exe --> c:\windows\system32\msacm32.exe [?]
S2 NtmsSvc323232;Removable Storage ;c:\windows\system32\Edcrypt32.exe --> c:\windows\system32\Edcrypt32.exe [?]
S2 NVSvc3232;NVIDIA Display Driver Service ;c:\windows\system32\itircl32.exe --> c:\windows\system32\itircl32.exe [?]
S2 NVSvc323232;NVIDIA Display Driver Service ;c:\windows\system32\pschdprf32.exe --> c:\windows\system32\pschdprf32.exe [?]
S2 PolicyAgent32;IPSEC Services ;c:\windows\system32\ncobjapi32.exe --> c:\windows\system32\ncobjapi32.exe [?]
S2 ProtectedStorage32;Protected Storage ;c:\windows\system32\ipxrtmgr32.exe --> c:\windows\system32\ipxrtmgr32.exe [?]
S2 ProtectedStorage323232;Protected Storage ;c:\windows\system32\kbdca32.exe --> c:\windows\system32\kbdca32.exe [?]
S2 RDSessMgr32;Remote Desktop Help Session Manager ;c:\windows\system32\mtxoci32.exe --> c:\windows\system32\mtxoci32.exe [?]
S2 SCardSvr32;Smart Card ;c:\windows\system32\nvrszhc32.exe --> c:\windows\system32\nvrszhc32.exe [?]
S2 SCardSvr3232;Smart Card ;c:\windows\system32\dfsshlex32.exe --> c:\windows\system32\dfsshlex32.exe [?]
S2 seclogon32;Secondary Logon ;c:\windows\system32\kbdusl32.exe --> c:\windows\system32\kbdusl32.exe [?]
S2 SSDPSRV32;SSDP Discovery Service ;c:\windows\system32\WMVADVE32.exe --> c:\windows\system32\WMVADVE32.exe [?]
S2 SSDPSRV3232;SSDP Discovery Service ;c:\windows\system32\mprui32.exe --> c:\windows\system32\mprui32.exe [?]
S2 TapiSrv32;Telephony ;c:\windows\system32\ntlsapi32.exe --> c:\windows\system32\ntlsapi32.exe [?]
S2 TlntSvr32;Telnet ;c:\windows\system32\shmedia32.exe --> c:\windows\system32\shmedia32.exe [?]
S2 W32Time32;Windows Time ;c:\windows\system32\tcpmib32.exe --> c:\windows\system32\tcpmib32.exe [?]
S2 winmgmt32;Windows Management Instrumentation ;c:\windows\system32\ialmuTHA32.exe --> c:\windows\system32\ialmuTHA32.exe [?]
S2 WmdmPmSN32;Portable Media Serial Number Service ;c:\windows\system32\senscfg32.exe --> c:\windows\system32\senscfg32.exe [?]
S2 WMPNetworkSvc32;Windows Media Player Network Sharing Service ;c:\windows\system32\diactfrm32.exe --> c:\windows\system32\diactfrm32.exe [?]
S2 wscsvc32;Security Center ;c:\windows\system32\jgpl40032.exe --> c:\windows\system32\jgpl40032.exe [?]
S2 WZCSVC32;Wireless Zero Configuration ;c:\windows\system32\mfc4232.exe --> c:\windows\system32\mfc4232.exe [?]
S2 WZCSVC3232;Wireless Zero Configuration ;c:\windows\system32\winipsec32.exe --> c:\windows\system32\winipsec32.exe [?]
S3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [2/16/2011 9:46 AM 385024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - APPMGMT32
*NewlyCreated* - ASPNET_STATE32
*NewlyCreated* - CRYPTSVC32
*NewlyCreated* - DCOMLAUNCH3232
*NewlyCreated* - DMSERVER32
*NewlyCreated* - IMAPISERVICE32
*NewlyCreated* - JAVAQUICKSTARTERSERVICE32
*NewlyCreated* - LANMANWORKSTATION32
*NewlyCreated* - LANMANWORKSTATION3232
*NewlyCreated* - LMHOSTS32
*NewlyCreated* - MSISERVER32
*NewlyCreated* - NAPAGENT32
*NewlyCreated* - NLA32
*NewlyCreated* - NTMSSVC323232
*NewlyCreated* - NVSVC3232
*NewlyCreated* - NVSVC323232
*NewlyCreated* - RDSESSMGR32
*NewlyCreated* - SCARDSVR32
*NewlyCreated* - SCARDSVR3232
*NewlyCreated* - SECLOGON32
*NewlyCreated* - SSDPSRV32
*NewlyCreated* - TAPISRV32
*NewlyCreated* - W32TIME32
*NewlyCreated* - WINMGMT32
*NewlyCreated* - WMDMPMSN32
*NewlyCreated* - WMPNETWORKSVC32
*NewlyCreated* - WSCSVC32
*NewlyCreated* - WZCSVC32
*NewlyCreated* - WZCSVC3232
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\compter\Application Data\Mozilla\Firefox\Profiles\etcuxtxj.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-28 20:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\tcpmib32.exe
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3980)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.1\program\soffice.exe
c:\program files\OpenOffice.org 2.1\program\soffice.BIN
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\windows\system32\ativtmxx32.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-08-28 20:42:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-29 01:40
ComboFix2.txt 2011-08-28 23:01
.
Pre-Run: 12,044,210,176 bytes free
Post-Run: 11,994,890,240 bytes free
.
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BE9EF4B5286BE6F3AF80A91C34963DA9

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 AM

Posted 29 August 2011 - 06:03 AM

We may need to run Combofix a number of times but it should decrease to nil.


First run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • Please post the resulting log in your next reply.

Now re rerun Combofix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

File::
c:\windows\system32\wsecedit32.exe
c:\windows\system32\wmdrmdev32.exe
c:\windows\system32\ativtmxx32.exe
c:\windows\system32\nvrszhc32.exe
c:\windows\system32\blackbox32.exe
c:\windows\system32\w32time32.exe
c:\windows\system32\usrv80a32.exe
c:\windows\system32\msvcp5032.exe
c:\windows\system32\loghours32.exe
c:\windows\system32\igfxsrvc32.exe
c:\windows\system32\wmsdmoe32.exe
c:\windows\system32\mpr32.exe
c:\windows\system32\atl32.exe
c:\windows\system32\tscfgwmi32.exe
c:\windows\system32\kbdes32.exe
c:\windows\system32\usrsdpia32.exe
c:\windows\system32\kbdmaori3232.exe
c:\windows\system32\kbdukx32.exe
c:\windows\system32\avtapi32.exe
c:\windows\system32\kbdmaori32.exe
c:\windows\system32\es32.exe
c:\windows\system32\xactengine3_032.exe
c:\windows\system32\WgaLogon32.exe
c:\windows\system32\blackbox32.exe
c:\windows\system32\dxtrans32.exe
c:\windows\system32\mqtrig32.exe
c:\windows\system32\msacm32.exe
c:\windows\system32\Edcrypt32.exe
c:\windows\system32\itircl32.exe
c:\windows\system32\pschdprf32.exe
c:\windows\system32\ncobjapi32.exe
c:\windows\system32\ipxrtmgr32.exe
c:\windows\system32\kbdca32.exe
c:\windows\system32\mtxoci32.exe
c:\windows\system32\nvrszhc32.exe
c:\windows\system32\dfsshlex32.exe
c:\windows\system32\kbdusl32.exe
c:\windows\system32\WMVADVE32.exe
c:\windows\system32\mprui32.exe
c:\windows\system32\ntlsapi32.exe
c:\windows\system32\shmedia32.exe
c:\windows\system32\tcpmib32.exe
c:\windows\system32\ialmuTHA32.exe
c:\windows\system32\senscfg32.exe
c:\windows\system32\diactfrm32.exe
c:\windows\system32\jgpl40032.exe
c:\windows\system32\mfc4232.exe
c:\windows\system32\winipsec32.exe

Driver::
ALG32
Apple Mobile Device32
AppMgmt32
aspnet_state32
CryptSvc32
DcomLaunch32
DcomLaunch3232
dmserver32
Eventlog32323232
ImapiService32
JavaQuickStarterService32
lanmanworkstation32
lanmanworkstation3232
LmHosts32
MSIServer32
napagent32
Nla32
NtmsSvc32
NtmsSvc3232
NtmsSvc323232
NVSvc3232
NVSvc323232
PolicyAgent32
ProtectedStorage32
ProtectedStorage323232
RDSessMgr32
SCardSvr32
SCardSvr3232
seclogon32
SSDPSRV32
SSDPSRV3232
TapiSrv32
TlntSvr32
W32Time32
winmgmt32
WmdmPmSN32
WMPNetworkSvc32
wscsvc32
WZCSVC32
WZCSVC3232


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Edited by m0le, 29 August 2011 - 06:04 AM.

Posted Image
m0le is a proud member of UNITE

#12 arrix

arrix
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 29 August 2011 - 09:02 AM

Hey m0le,

Thank you, as always. First, here is the report from TDSS:

2011/08/29 08:27:25.0296 3700 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/29 08:27:25.0687 3700 ================================================================================
2011/08/29 08:27:25.0687 3700 SystemInfo:
2011/08/29 08:27:25.0687 3700
2011/08/29 08:27:25.0687 3700 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/29 08:27:25.0687 3700 Product type: Workstation
2011/08/29 08:27:25.0687 3700 ComputerName: N8DAM8
2011/08/29 08:27:25.0687 3700 UserName: compter
2011/08/29 08:27:25.0687 3700 Windows directory: C:\WINDOWS
2011/08/29 08:27:25.0687 3700 System windows directory: C:\WINDOWS
2011/08/29 08:27:25.0687 3700 Processor architecture: Intel x86
2011/08/29 08:27:25.0687 3700 Number of processors: 2
2011/08/29 08:27:25.0687 3700 Page size: 0x1000
2011/08/29 08:27:25.0687 3700 Boot type: Normal boot
2011/08/29 08:27:25.0687 3700 ================================================================================
2011/08/29 08:27:26.0328 3700 Initialize success
2011/08/29 08:27:28.0171 3708 ================================================================================
2011/08/29 08:27:28.0171 3708 Scan started
2011/08/29 08:27:28.0171 3708 Mode: Manual;
2011/08/29 08:27:28.0171 3708 ================================================================================
2011/08/29 08:27:28.0656 3708 71397611 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\71397611.sys
2011/08/29 08:27:28.0703 3708 71397612 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\71397612.sys
2011/08/29 08:27:28.0765 3708 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/29 08:27:28.0812 3708 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/29 08:27:28.0906 3708 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/29 08:27:28.0984 3708 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/29 08:27:29.0500 3708 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/29 08:27:29.0546 3708 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/29 08:27:29.0640 3708 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/29 08:27:29.0734 3708 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/29 08:27:29.0812 3708 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/08/29 08:27:29.0843 3708 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/29 08:27:29.0890 3708 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/29 08:27:29.0953 3708 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/29 08:27:30.0000 3708 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/29 08:27:30.0046 3708 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/29 08:27:30.0140 3708 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/08/29 08:27:30.0437 3708 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/29 08:27:30.0515 3708 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/29 08:27:30.0546 3708 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/29 08:27:30.0609 3708 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/29 08:27:30.0687 3708 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/29 08:27:30.0781 3708 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/29 08:27:30.0843 3708 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/08/29 08:27:30.0890 3708 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/08/29 08:27:31.0000 3708 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/29 08:27:31.0062 3708 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/29 08:27:31.0125 3708 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/29 08:27:31.0250 3708 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/29 08:27:31.0390 3708 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/29 08:27:31.0453 3708 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/29 08:27:31.0484 3708 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/29 08:27:31.0531 3708 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/29 08:27:31.0562 3708 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/29 08:27:31.0640 3708 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/29 08:27:31.0718 3708 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/29 08:27:31.0781 3708 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/08/29 08:27:31.0906 3708 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/29 08:27:31.0984 3708 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/29 08:27:32.0125 3708 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/29 08:27:32.0171 3708 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/29 08:27:32.0250 3708 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/29 08:27:32.0312 3708 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/29 08:27:32.0359 3708 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/29 08:27:32.0390 3708 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/29 08:27:32.0390 3708 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/29 08:27:32.0421 3708 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/29 08:27:32.0484 3708 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/29 08:27:32.0531 3708 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/29 08:27:32.0593 3708 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/29 08:27:32.0656 3708 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/29 08:27:32.0796 3708 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/29 08:27:32.0859 3708 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/29 08:27:32.0921 3708 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/29 08:27:32.0937 3708 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/29 08:27:33.0000 3708 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/29 08:27:33.0031 3708 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/29 08:27:33.0078 3708 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/29 08:27:33.0156 3708 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/29 08:27:33.0250 3708 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/29 08:27:33.0281 3708 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/29 08:27:33.0328 3708 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/29 08:27:33.0375 3708 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/29 08:27:33.0468 3708 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/29 08:27:33.0515 3708 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/29 08:27:33.0562 3708 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/29 08:27:33.0609 3708 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/29 08:27:33.0671 3708 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/29 08:27:33.0703 3708 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/29 08:27:33.0765 3708 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/29 08:27:33.0812 3708 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/29 08:27:33.0828 3708 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/29 08:27:33.0890 3708 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/29 08:27:33.0953 3708 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/29 08:27:34.0093 3708 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/29 08:27:34.0406 3708 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/29 08:27:34.0656 3708 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/29 08:27:34.0718 3708 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/29 08:27:34.0781 3708 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/29 08:27:34.0828 3708 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/29 08:27:34.0890 3708 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/29 08:27:34.0921 3708 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/29 08:27:35.0046 3708 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/29 08:27:35.0125 3708 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/29 08:27:35.0515 3708 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/29 08:27:35.0578 3708 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/29 08:27:35.0593 3708 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/29 08:27:35.0687 3708 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/29 08:27:36.0000 3708 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/29 08:27:36.0093 3708 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/29 08:27:36.0109 3708 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/29 08:27:36.0171 3708 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/29 08:27:36.0250 3708 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/29 08:27:36.0296 3708 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/29 08:27:36.0343 3708 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/29 08:27:36.0390 3708 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/29 08:27:36.0453 3708 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/29 08:27:36.0562 3708 SBRE (4019149e4e296072831c8855605d9fdc) C:\WINDOWS\system32\drivers\SBREdrv.sys
2011/08/29 08:27:36.0656 3708 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/29 08:27:36.0765 3708 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/08/29 08:27:36.0843 3708 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/29 08:27:36.0890 3708 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/29 08:27:37.0000 3708 setup_9.0.0.722_26.06.2011_01-08drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\WINDOWS\system32\DRIVERS\7139761.sys
2011/08/29 08:27:37.0031 3708 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/29 08:27:37.0125 3708 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/08/29 08:27:37.0187 3708 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/29 08:27:37.0218 3708 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/29 08:27:37.0296 3708 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/29 08:27:37.0359 3708 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/08/29 08:27:37.0390 3708 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/08/29 08:27:37.0453 3708 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/29 08:27:37.0484 3708 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/29 08:27:37.0765 3708 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/29 08:27:37.0843 3708 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/29 08:27:37.0906 3708 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/29 08:27:37.0937 3708 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/29 08:27:37.0953 3708 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/29 08:27:38.0031 3708 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/08/29 08:27:38.0078 3708 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/08/29 08:27:38.0109 3708 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/08/29 08:27:38.0140 3708 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
2011/08/29 08:27:38.0156 3708 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/08/29 08:27:38.0171 3708 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/08/29 08:27:38.0218 3708 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/08/29 08:27:38.0234 3708 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/08/29 08:27:38.0265 3708 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/08/29 08:27:38.0406 3708 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/29 08:27:38.0515 3708 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/29 08:27:38.0593 3708 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/29 08:27:38.0640 3708 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/29 08:27:38.0671 3708 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/29 08:27:38.0718 3708 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/29 08:27:38.0734 3708 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/29 08:27:38.0781 3708 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/29 08:27:38.0796 3708 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/29 08:27:38.0890 3708 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/29 08:27:38.0968 3708 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/29 08:27:39.0031 3708 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/29 08:27:39.0203 3708 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/29 08:27:39.0281 3708 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/29 08:27:39.0359 3708 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/29 08:27:39.0406 3708 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/29 08:27:39.0718 3708 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk1\DR1
2011/08/29 08:27:39.0812 3708 Boot (0x1200) (232b4c1d8281eddd6fc411646440363c) \Device\Harddisk0\DR0\Partition0
2011/08/29 08:27:39.0828 3708 Boot (0x1200) (7406fcbaf8427dab13a47eff297c3037) \Device\Harddisk1\DR1\Partition0
2011/08/29 08:27:39.0828 3708 ================================================================================
2011/08/29 08:27:39.0828 3708 Scan finished
2011/08/29 08:27:39.0828 3708 ================================================================================
2011/08/29 08:27:39.0843 3728 Detected object count: 0
2011/08/29 08:27:39.0843 3728 Actual detected object count: 0


Next, here is RKill:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 08/29/2011 at 8:57:54.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 08/29/2011 at 8:57:59.


Finally, here is ComboFix:

ComboFix 11-08-29.01 - compter 08/29/2011 8:37.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.535 [GMT -5:00]
Running from: c:\documents and settings\compter\Desktop\ComFix.exe
Command switches used :: c:\documents and settings\compter\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\ativtmxx32.exe"
"c:\windows\system32\atl32.exe"
"c:\windows\system32\avtapi32.exe"
"c:\windows\system32\blackbox32.exe"
"c:\windows\system32\dfsshlex32.exe"
"c:\windows\system32\diactfrm32.exe"
"c:\windows\system32\dxtrans32.exe"
"c:\windows\system32\Edcrypt32.exe"
"c:\windows\system32\es32.exe"
"c:\windows\system32\ialmuTHA32.exe"
"c:\windows\system32\igfxsrvc32.exe"
"c:\windows\system32\ipxrtmgr32.exe"
"c:\windows\system32\itircl32.exe"
"c:\windows\system32\jgpl40032.exe"
"c:\windows\system32\kbdca32.exe"
"c:\windows\system32\kbdes32.exe"
"c:\windows\system32\kbdmaori32.exe"
"c:\windows\system32\kbdmaori3232.exe"
"c:\windows\system32\kbdukx32.exe"
"c:\windows\system32\kbdusl32.exe"
"c:\windows\system32\loghours32.exe"
"c:\windows\system32\mfc4232.exe"
"c:\windows\system32\mpr32.exe"
"c:\windows\system32\mprui32.exe"
"c:\windows\system32\mqtrig32.exe"
"c:\windows\system32\msacm32.exe"
"c:\windows\system32\msvcp5032.exe"
"c:\windows\system32\mtxoci32.exe"
"c:\windows\system32\ncobjapi32.exe"
"c:\windows\system32\ntlsapi32.exe"
"c:\windows\system32\nvrszhc32.exe"
"c:\windows\system32\pschdprf32.exe"
"c:\windows\system32\senscfg32.exe"
"c:\windows\system32\shmedia32.exe"
"c:\windows\system32\tcpmib32.exe"
"c:\windows\system32\tscfgwmi32.exe"
"c:\windows\system32\usrsdpia32.exe"
"c:\windows\system32\usrv80a32.exe"
"c:\windows\system32\w32time32.exe"
"c:\windows\system32\WgaLogon32.exe"
"c:\windows\system32\winipsec32.exe"
"c:\windows\system32\wmdrmdev32.exe"
"c:\windows\system32\wmsdmoe32.exe"
"c:\windows\system32\WMVADVE32.exe"
"c:\windows\system32\wsecedit32.exe"
"c:\windows\system32\xactengine3_032.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Application Data\020000001dde61d01406C.manifest
c:\documents and settings\LocalService\Application Data\020000001dde61d01406O.manifest
c:\documents and settings\LocalService\Application Data\020000001dde61d01406P.manifest
c:\documents and settings\LocalService\Application Data\020000001dde61d01406S.manifest
c:\windows\system32\ativtmxx32.exe
c:\windows\system32\icmui32.exe
c:\windows\system32\inetpp32.exe
c:\windows\system32\msvcp5032.exe
c:\windows\system32\rasppp32.exe
c:\windows\system32\rshx3232.exe
c:\windows\system32\usrv80a32.exe
c:\windows\system32\w32time32.exe
c:\windows\system32\wmdrmdev32.exe
c:\windows\system32\wsecedit32.exe
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ALG32
-------\Legacy_APPLE_MOBILE_DEVICE32
-------\Legacy_APPMGMT32
-------\Legacy_ASPNET_STATE32
-------\Legacy_CRYPTSVC32
-------\Legacy_DCOMLAUNCH32
-------\Legacy_DCOMLAUNCH3232
-------\Legacy_DMSERVER32
-------\Legacy_EVENTLOG32323232
-------\Legacy_IMAPISERVICE32
-------\Legacy_JAVAQUICKSTARTERSERVICE32
-------\Legacy_LANMANWORKSTATION32
-------\Legacy_LANMANWORKSTATION3232
-------\Legacy_LMHOSTS32
-------\Legacy_MSISERVER32
-------\Legacy_NAPAGENT32
-------\Legacy_NLA32
-------\Legacy_NTMSSVC32
-------\Legacy_NTMSSVC3232
-------\Legacy_NTMSSVC323232
-------\Legacy_NVSVC3232
-------\Legacy_NVSVC323232
-------\Legacy_POLICYAGENT32
-------\Legacy_PROTECTEDSTORAGE32
-------\Legacy_PROTECTEDSTORAGE323232
-------\Legacy_RDSESSMGR32
-------\Legacy_SCARDSVR32
-------\Legacy_SCARDSVR3232
-------\Legacy_SECLOGON32
-------\Legacy_SSDPSRV32
-------\Legacy_SSDPSRV3232
-------\Legacy_TAPISRV32
-------\Legacy_TLNTSVR32
-------\Legacy_W32TIME32
-------\Legacy_WINMGMT32
-------\Legacy_WMDMPMSN32
-------\Legacy_WMI32
-------\Legacy_WMPNETWORKSVC32
-------\Legacy_WSCSVC32
-------\Legacy_WZCSVC32
-------\Legacy_WZCSVC3232
-------\Service_ALG32
-------\Service_Apple Mobile Device32
-------\Service_AppMgmt32
-------\Service_aspnet_state32
-------\Service_CryptSvc32
-------\Service_DcomLaunch32
-------\Service_DcomLaunch3232
-------\Service_dmserver32
-------\Service_Eventlog32323232
-------\Service_JavaQuickStarterService32
-------\Service_lanmanworkstation32
-------\Service_lanmanworkstation3232
-------\Service_MSIServer32
-------\Service_Nla32
-------\Service_NtmsSvc32
-------\Service_NtmsSvc3232
-------\Service_NtmsSvc323232
-------\Service_NVSvc3232
-------\Service_NVSvc323232
-------\Service_PolicyAgent32
-------\Service_ProtectedStorage32
-------\Service_ProtectedStorage323232
-------\Service_RDSessMgr32
-------\Service_SCardSvr32
-------\Service_SCardSvr3232
-------\Service_seclogon32
-------\Service_SSDPSRV3232
-------\Service_TlntSvr32
-------\Service_W32Time32
-------\Service_winmgmt32
-------\Service_WmdmPmSN32
-------\Service_Wmi32
-------\Service_WMPNetworkSvc32
-------\Service_wscsvc32
-------\Service_WZCSVC3232
-------\Legacy_SwPrv32
-------\Service_SwPrv32
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))
.
.
2011-08-29 13:22 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\pidgen32.exe
2011-08-29 13:21 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\mmcshext32.exe
2011-08-29 05:04 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\adsnt32.exe
2011-08-29 05:03 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\certmgr32.exe
2011-08-29 05:03 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\kbdhe32.exe
2011-08-29 05:03 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\qdvd32.exe
2011-08-29 05:03 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\kbdblr32.exe
2011-08-29 05:03 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\XAPOFX1_132.exe
2011-08-29 05:00 . 2011-08-29 05:00 158208 ------w- c:\windows\system32\ativtmxx32.dll
2011-08-28 23:01 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
2011-08-28 23:01 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-28 23:00 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-28 23:00 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-08-24 08:31 . 2011-08-24 08:31 -------- d-----w- c:\program files\ESET
2011-08-24 08:19 . 2011-08-24 08:19 -------- d-----w- c:\documents and settings\compter\Application Data\Malwarebytes
2011-08-24 08:19 . 2011-07-08 12:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 08:19 . 2011-08-24 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-24 08:19 . 2011-08-24 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-24 08:19 . 2011-07-08 12:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 07:42 . 2011-08-24 07:42 -------- dc----w- C:\_OTL
2011-08-22 22:39 . 2011-08-22 22:39 388096 ----a-r- c:\documents and settings\compter\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-19 21:24 . 2011-08-19 21:24 -------- d-----w- c:\program files\iPod
2011-08-19 21:24 . 2011-08-19 21:24 -------- d-----w- c:\program files\iTunes
2011-08-19 21:21 . 2011-08-19 21:21 -------- d-----w- c:\program files\Bonjour
2011-08-19 17:41 . 2011-08-23 23:42 -------- d-----w- c:\documents and settings\compter\Local Settings\Application Data\AskToolbar
2011-08-08 21:17 . 2011-08-08 21:17 -------- d-----w- c:\documents and settings\compter\Application Data\Media Player Classic
2011-08-08 18:01 . 2011-08-27 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-08-08 18:01 . 2011-08-08 18:01 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2006-02-23 02:04 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:18 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 12:58 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-19 00:18 . 2011-06-25 08:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-28_22.56.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-29 13:47 . 2011-08-29 13:47 16384 c:\windows\Temp\Perflib_Perfdata_780.dat
- 2004-08-04 12:00 . 2008-04-14 00:12 37888 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2011-06-21 18:18 37888 c:\windows\system32\url.dll
+ 2007-11-13 11:31 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2007-11-13 11:31 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2010-05-07 11:03 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
- 2010-05-07 11:03 . 2007-11-30 10:39 17272 c:\windows\system32\spmsg.dll
+ 2004-08-04 12:00 . 2011-08-29 06:31 79494 c:\windows\system32\perfc009.dat
+ 2011-06-21 18:18 . 2011-06-21 18:18 37888 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2011-06-21 18:18 81920 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 12:00 . 2011-02-17 13:51 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2004-08-04 12:00 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-04 12:00 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
- 2010-03-18 18:16 . 2010-03-18 18:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-04-12 20:11 . 2011-04-12 20:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-07-18 08:30 . 2011-07-18 08:30 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-08-29 06:17 . 2011-08-29 06:17 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-29 06:17 . 2011-08-29 06:17 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-29 06:17 . 2011-08-29 06:17 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-09-21 04:07 . 2010-09-21 04:07 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll
+ 2011-08-29 06:15 . 2011-08-29 06:15 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4cd8ba75f60cf8dc66767b833520241e\UIAutomationProvider.ni.dll
+ 2011-08-29 06:16 . 2011-08-29 06:16 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\a1cbada42bb39fc34ee40e9e4afba87e\System.AddIn.Contract.ni.dll
+ 2011-08-29 06:14 . 2011-08-29 06:14 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\2bdbd057211d05a088b7a9004203e58b\Microsoft.VisualC.ni.dll
+ 2011-08-29 06:13 . 2011-08-29 06:13 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\0c39314a7513b436d3aaaeae3b4bd3e7\Accessibility.ni.dll
+ 2011-08-29 13:25 . 2011-08-29 13:25 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
+ 2011-08-29 13:23 . 2011-08-29 13:23 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\40ee65aacd9d7472cd6f8dddbfca604b\PresentationFontCache.ni.exe
+ 2011-08-29 13:22 . 2011-08-29 13:22 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\12c424eed7ee0e9c017bf72ff09eb78c\PresentationCFFRasterizer.ni.dll
+ 2011-08-29 13:44 . 2011-08-29 13:44 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
+ 2011-08-29 13:43 . 2011-08-29 13:43 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
+ 2011-08-29 13:43 . 2011-08-29 13:43 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
+ 2011-08-29 13:42 . 2011-08-29 13:42 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-11-02 08:21 . 2011-04-13 08:08 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-08-29 06:14 . 2011-08-29 06:14 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\cec5dc6db7419a80bba3f9d73833fb65\dfsvc.ni.exe
+ 2011-08-29 06:30 . 2011-08-29 06:30 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-13 08:08 . 2011-04-13 08:08 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-08-29 06:17 . 2011-08-29 06:17 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2011-08-29 06:17 . 2011-08-29 06:17 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\xactengine2_932.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\xactengine2_1032.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\X3DAudio1_632.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\webcheck32.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\verifier32.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\usrvoica32.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\usp1032.exe
+ 2004-08-04 12:00 . 2011-06-21 18:18 633344 c:\windows\system32\urlmon.dll
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\uniplat32.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\tsgqec32.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\traffic32.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\ssdpsrv32.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\snmpsnap32.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\shellstyle32.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\servdeps32.exe
+ 2004-08-04 12:00 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\rwnh32.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\remotepg32.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\printui32.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\PortableDeviceWiaCompat32.exe
+ 2004-08-04 12:00 . 2011-08-29 06:31 481420 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\odbccp3232.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\nvcod(9)32.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\ntlanui232.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\netapi3232.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\msxbde4032.exe
+ 2004-08-04 12:00 . 2011-06-21 18:18 532480 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2011-02-17 13:51 532480 c:\windows\system32\mstime.dll
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\msrd2x4032.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\msimsg32.exe
+ 2004-08-04 12:00 . 2011-06-21 18:18 449536 c:\windows\system32\mshtmled.dll
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\mscpxl3232.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\MP4SDMOD32.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\lzexpand32.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\kbdsl32.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\kbdno132.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\kbdhela232.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\kbdgr132.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\kbdgae32.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\inetcplc32.exe
+ 2006-02-23 02:05 . 2011-05-02 15:31 692736 c:\windows\system32\inetcomm.dll
- 2006-02-23 02:05 . 2011-03-07 05:33 692736 c:\windows\system32\inetcomm.dll
+ 2004-08-04 12:00 . 2011-06-21 18:18 251904 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2011-02-17 13:51 251904 c:\windows\system32\iepeers.dll
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\ieaksie32.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\ialmuFIN32.exe
+ 2004-08-04 12:00 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
- 2004-08-04 12:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-04 12:00 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2008-06-23 15:09 . 2011-06-21 18:18 667136 c:\windows\system32\dllcache\wininet.dll
- 2008-06-23 15:09 . 2011-02-17 13:51 667136 c:\windows\system32\dllcache\wininet.dll
+ 2008-06-26 08:15 . 2011-06-21 18:18 633344 c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2010-11-05 05:05 . 2011-06-21 18:18 532480 c:\windows\system32\dllcache\mstime.dll
- 2010-11-05 05:05 . 2011-02-17 13:51 532480 c:\windows\system32\dllcache\mstime.dll
+ 2010-09-09 14:16 . 2011-06-21 18:18 449536 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-11-20 23:04 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-09-29 23:46 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2008-09-29 23:46 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2010-02-26 05:43 . 2011-02-17 13:51 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2010-02-26 05:43 . 2011-06-21 18:18 251904 c:\windows\system32\dllcache\iepeers.dll
- 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\dbnmpntw32.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\datime32.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\d3dpmesh32.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\D3DCompiler_3632.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\D3DCompiler_3332.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\crtdll32.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\cmsetacl32.exe
+ 2011-08-29 13:23 . 2011-08-22 11:58 717312 c:\windows\system32\AgCPanelSwedish32.exe
+ 2011-08-29 13:22 . 2011-08-22 11:58 717312 c:\windows\system32\adsldp32.exe
+ 2011-04-12 20:11 . 2011-04-12 20:11 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2010-03-18 18:16 . 2010-03-18 18:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-04-12 20:11 . 2011-04-12 20:11 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2010-03-18 18:16 . 2010-03-18 18:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-04-12 20:11 . 2011-04-12 20:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
- 2010-03-18 18:16 . 2010-03-18 18:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-08-29 06:17 . 2011-08-29 06:17 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-08-29 06:17 . 2011-08-29 06:17 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-08-29 06:17 . 2011-08-29 06:17 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-08-29 06:17 . 2011-08-29 06:17 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-08-29 06:17 . 2011-08-29 06:17 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-09-21 04:07 . 2010-09-21 04:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe
+ 2010-09-21 04:07 . 2010-09-21 04:07 932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe
+ 2010-09-21 04:07 . 2010-09-21 04:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe
+ 2008-11-20 23:04 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-08-29 06:15 . 2011-08-29 06:15 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\7297158168dfc68b1b96bf6b0f56b093\UIAutomationTypes.ni.dll
+ 2011-08-29 06:24 . 2011-08-29 06:24 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ff20e15edfa14ce628b0502173347062\System.Xml.Linq.ni.dll
+ 2011-08-29 06:14 . 2011-08-29 06:14 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\58f4a472aa647ae0881133d2f0187b7c\System.Xml.Linq.ni.dll
+ 2011-08-29 06:15 . 2011-08-29 06:15 188416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\763e0cf8dcfa71acc84f9683954c7dd2\System.Windows.Input.Manipulations.ni.dll
+ 2011-08-29 06:25 . 2011-08-29 06:25 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\40e165d670da20b9911cf7f15db916d2\System.Windows.Input.Manipulations.ni.dll
+ 2011-08-29 06:15 . 2011-08-29 06:15 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\3efb12bdce947a533640d9f52be380f9\System.Transactions.ni.dll
+ 2011-08-29 06:25 . 2011-08-29 06:25 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\0df91adfb9c0e51b7b967d61e8151b78\System.Transactions.ni.dll
+ 2011-08-29 06:20 . 2011-08-29 06:20 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\cbb93497a3dddc9ab32316cc54dfb16a\System.Security.ni.dll
+ 2011-08-29 06:10 . 2011-08-29 06:10 726016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\33127571f1f632b3fbdf773e0d792505\System.Security.ni.dll
+ 2011-08-29 06:15 . 2011-08-29 06:15 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a31a4045963913a3228777af311f4428\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-29 06:15 . 2011-08-29 06:15 761856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b53890f1df6f622f49cc79dfa60e9824\System.Runtime.Remoting.ni.dll
+ 2011-08-29 06:25 . 2011-08-29 06:25 762368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8985ef7c12df01b25c53bd80f7103819\System.Runtime.Remoting.ni.dll
+ 2011-08-29 06:09 . 2011-08-29 06:09 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\6bff4a4db9703b01e7495f5f9e0f2baf\System.Numerics.ni.dll
+ 2011-08-29 06:25 . 2011-08-29 06:25 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.Wrapper.dll
+ 2011-08-29 06:25 . 2011-08-29 06:25 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.ni.dll
+ 2011-08-29 06:15 . 2011-08-29 06:15 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\2b604cab258156d2e0e36cade3a01543\System.EnterpriseServices.Wrapper.dll
+ 2011-08-29 06:15 . 2011-08-29 06:15 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\2b604cab258156d2e0e36cade3a01543\System.EnterpriseServices.ni.dll
+ 2011-08-29 06:20 . 2011-08-29 06:20 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\c87031ba66d6a1809ac68142397eeddf\System.Dynamic.ni.dll
+ 2011-08-29 06:16 . 2011-08-29 06:16 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\03450e5d732da8a05522bcf9012e0b33\System.Data.DataSetExtensions.ni.dll
+ 2011-08-29 06:20 . 2011-08-29 06:20 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\618e6d3cd8824d6d72ae1767acaa1078\System.Configuration.ni.dll
+ 2011-08-29 06:09 . 2011-08-29 06:09 974336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4e4fc4ea85c68d7c666d59e4967b7c70\System.Configuration.ni.dll
+ 2011-08-29 06:16 . 2011-08-29 06:16 147968 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\9020be097be4da3534b9ee8ff31f691e\System.Configuration.Install.ni.dll
+ 2011-08-29 06:16 . 2011-08-29 06:16 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\9a708eae0dbea8457bac70fdea17b56f\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-29 06:21 . 2011-08-29 06:21 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\15f169fe8bb8f4cf564093b812c46959\System.ComponentModel.Composition.ni.dll
+ 2011-08-29 06:16 . 2011-08-29 06:16 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\64ea655548ce01d76be17022c13d11fe\System.AddIn.ni.dll
+ 2011-08-29 06:15 . 2011-08-29 06:15 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\44b44132be2ae385bfcb83ef6d0f521f\System.Activities.DurableInstancing.ni.dll
+ 2011-08-29 06:24 . 2011-08-29 06:24 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\7190f7e40c8095e13f45e40b1709671f\SMSvcHost.ni.exe
+ 2011-08-29 06:14 . 2011-08-29 06:14 317440 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\2f608582afac3c42754e4f77b6da6093\SMSvcHost.ni.exe
+ 2011-08-29 06:15 . 2011-08-29 06:15 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b119348b184bdb0c7f0fa8a03e461139\SMDiagnostics.ni.dll
+ 2011-08-29 06:24 . 2011-08-29 06:24 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b028b6680f5a3b315320a5bf7b659518\SMDiagnostics.ni.dll
+ 2011-08-29 06:20 . 2011-08-29 06:20 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b61b31d1f518e9663fc204e7de21215a\PresentationFramework.Aero.ni.dll
+ 2011-08-29 06:20 . 2011-08-29 06:20 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a348b36756a7be813df69750717dd563\PresentationFramework.Luna.ni.dll
+ 2011-08-29 06:21 . 2011-08-29 06:21 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9c37ac442a730e335146d5a82c52ed39\PresentationFramework.Royale.ni.dll
+ 2011-08-29 06:21 . 2011-08-29 06:21 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7da6438d5b963b85283a2b793e60aadf\PresentationFramework.Classic.ni.dll
+ 2011-08-29 06:24 . 2011-08-29 06:24 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a26d5665e589bdc7f46544a94cf49338\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-08-29 06:14 . 2011-08-29 06:14 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8e13fb2238a7d6b793cf4b8173df6bdf\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-08-29 06:14 . 2011-08-29 06:14 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\b97584f8cad7083d115d487ee3c4ac98\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-29 06:24 . 2011-08-29 06:24 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\23c48b3a578d71fd90e8d8db8e7d6b37\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-29 06:14 . 2011-08-29 06:14 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\dcc2883f0bbf0909874059fe9768016b\CustomMarshalers.ni.dll
+ 2011-08-29 13:43 . 2011-08-29 13:43 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe
+ 2011-08-29 13:25 . 2011-08-29 13:25 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\39ce0c9c9cc294c0ee26c4ff01522961\WindowsFormsIntegration.ni.dll
+ 2011-08-29 13:25 . 2011-08-29 13:25 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
+ 2011-08-29 13:25 . 2011-08-29 13:25 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\431e918aee8da919f5b9e3a5195ccf93\UIAutomationClient.ni.dll
+ 2011-08-29 13:44 . 2011-08-29 13:44 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
+ 2011-08-29 13:42 . 2011-08-29 13:42 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll
+ 2011-08-29 13:42 . 2011-08-29 13:42 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll
+ 2011-08-29 13:25 . 2011-08-29 13:25 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\f7cd3d07c15366b76fe4c38d24455d6b\System.Drawing.Design.ni.dll
+ 2011-08-29 13:44 . 2011-08-29 13:44 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
+ 2011-08-29 13:43 . 2011-08-29 13:43 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe
+ 2011-08-29 13:43 . 2011-08-29 13:43 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
+ 2011-08-29 13:43 . 2011-08-29 13:43 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe
+ 2011-08-29 13:24 . 2011-08-29 13:24 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f52e48f55258d0a04fbab3a1f93752e9\PresentationFramework.Classic.ni.dll
+ 2011-08-29 13:24 . 2011-08-29 13:24 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cf812b99f587ab514afb36fa9d4c1567\PresentationFramework.Aero.ni.dll
+ 2011-08-29 13:24 . 2011-08-29 13:24 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll
+ 2011-08-29 13:24 . 2011-08-29 13:24 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09f5af61ea2af04eb32c04b3091ffc86\PresentationFramework.Royale.ni.dll
+ 2011-08-29 13:43 . 2011-08-29 13:43 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe
+ 2011-08-29 13:43 . 2011-08-29 13:43 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-29 13:44 . 2011-08-29 13:44 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll
+ 2011-08-29 13:44 . 2011-08-29 13:44 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\37db660a84ee52b61a7ca55812581bbd\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-08-29 13:44 . 2011-08-29 13:44 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll
+ 2011-08-29 13:43 . 2011-08-29 13:43 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe
+ 2011-08-29 13:42 . 2011-08-29 13:42 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-08-29 06:31 . 2011-08-29 06:31 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-08-29 06:31 . 2011-08-29 06:31 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-11-02 08:22 . 2011-04-13 08:09 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-08-29 06:31 . 2011-08-29 06:31 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-08-29 06:31 . 2011-08-29 06:31 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-08-29 06:31 . 2011-08-29 06:31 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-08-29 06:31 . 2011-08-29 06:31 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2004-08-04 12:00 . 2011-02-17 13:51 1510400 c:\windows\system32\shdocvw.dll
+ 2004-08-04 12:00 . 2011-06-21 18:18 1510400 c:\windows\system32\shdocvw.dll
+ 2004-08-04 12:00 . 2011-06-27 14:43 3084800 c:\windows\system32\mshtml.dll
+ 2006-02-22 19:49 . 2011-08-29 13:19 3416472 c:\windows\system32\FNTCACHE.DAT
- 2006-02-22 19:49 . 2011-04-13 13:16 3416472 c:\windows\system32\FNTCACHE.DAT
+ 2008-11-20 23:02 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
- 2008-06-26 08:15 . 2011-02-17 13:51 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-06-26 08:15 . 2011-06-21 18:18 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-06-23 15:09 . 2011-06-27 14:43 3084800 c:\windows\system32\dllcache\mshtml.dll
- 2010-03-10 04:33 . 2011-02-17 13:51 1025024 c:\windows\system32\dllcache\browseui.dll
+ 2010-03-10 04:33 . 2011-06-21 18:18 1025024 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 12:00 . 2011-06-21 18:18 1025024 c:\windows\system32\browseui.dll
- 2004-08-04 12:00 . 2011-02-17 13:51 1025024 c:\windows\system32\browseui.dll
+ 2011-04-12 20:11 . 2011-04-12 20:11 5028200 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2011-03-23 03:01 . 2011-03-23 03:01 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-04-12 20:11 . 2011-04-12 20:11 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-04-12 20:11 . 2011-04-12 20:11 1142104 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-04-12 20:11 . 2011-04-12 20:11 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-04-29 02:50 . 2011-04-29 02:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2010-03-23 10:32 . 2010-03-23 10:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-07-18 08:31 . 2011-07-18 08:31 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-08-29 06:17 . 2011-08-29 06:17 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-08-29 06:18 . 2011-08-29 06:18 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-07-18 08:30 . 2011-07-18 08:30 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-05-02 05:06 . 2011-05-02 05:06 2705920 c:\windows\Installer\398756.msp
+ 2011-03-25 14:03 . 2011-03-25 14:03 5079552 c:\windows\Installer\39874f.msp
+ 2011-08-29 06:09 . 2011-08-29 06:09 3793408 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6bb123fa7b5c9807b2798fcfc8ce0f35\WindowsBase.ni.dll
+ 2011-08-29 06:20 . 2011-08-29 06:20 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3154b66d01dcd674b256e03d5f359fac\WindowsBase.ni.dll
+ 2011-08-29 06:25 . 2011-08-29 06:25 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\Temp\d38-0\System.Printing.dll
+ 2011-08-29 06:19 . 2011-08-29 06:19 9085440 c:\windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll
+ 2011-08-29 06:09 . 2011-08-29 06:09 9060352 c:\windows\assembly\NativeImages_v4.0.30319_32\System\3e6310122b78fa46230e670128eb9956\System.ni.dll
+ 2011-08-29 06:20 . 2011-08-29 06:20 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll
+ 2011-08-29 06:09 . 2011-08-29 06:09 5611008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\4b1fa3660015ab29d372aa49142b84a0\System.Xml.ni.dll
+ 2011-08-29 06:14 . 2011-08-29 06:14 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5d1bf7a82af98dabaf41cef6005db236\System.Xaml.ni.dll
+ 2011-08-29 06:24 . 2011-08-29 06:24 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\19f85a4f6faaeb87a9055ccf23a9f8b7\System.Xaml.ni.dll
+ 2011-08-29 06:24 . 2011-08-29 06:24 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ce480f313eb8be9a3a4dd6d7902325\System.Runtime.Serialization.ni.dll
+ 2011-08-29 06:14 . 2011-08-29 06:15 2629632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\bb8be3520f0f74ccdcf0dbc881cd0242\System.Runtime.Serialization.ni.dll
+ 2011-08-29 06:25 . 2011-08-29 06:25 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\b9f7f5b0b28dd57cb5400c437c388545\System.Runtime.DurableInstancing.ni.dll
+ 2011-08-29 06:15 . 2011-08-29 06:15 1019392 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\58a7cd0e599f233ccedbc9102a3a33ef\System.Runtime.DurableInstancing.ni.dll
+ 2011-08-29 06:15 . 2011-08-29 06:15 1048064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\0a9acffcec672d2a54be15f3092fd591\System.Printing.ni.dll
+ 2011-08-29 06:19 . 2011-08-29 06:19 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll
+ 2011-08-29 06:10 . 2011-08-29 06:10 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\08611941782a717e865d7c0a4408387c\System.Drawing.ni.dll
+ 2011-08-29 06:15 . 2011-08-29 06:15 1171968 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\7711a75391790f8c986adf45b95ed069\System.DirectoryServices.ni.dll
+ 2011-08-29 06:25 . 2011-08-29 06:25 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\66c88143bc4b9f4a744b6d65e2c3629a\System.DirectoryServices.ni.dll
+ 2011-08-29 06:15 . 2011-08-29 06:15 1877504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\517002835e7307af861c7a0b4a48f3c6\System.Deployment.ni.dll
+ 2011-08-29 06:25 . 2011-08-29 06:25 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\03ca38b342903b50623336b29aa507c9\System.Deployment.ni.dll
+ 2011-08-29 06:20 . 2011-08-29 06:20 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6e6f321459aa81611031cfb582e77cc6\System.Data.ni.dll
+ 2011-08-29 06:10 . 2011-08-29 06:10 6789632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\51e83dbc96f1b7463a4273430bcce9d6\System.Data.ni.dll
+ 2011-08-29 06:20 . 2011-08-29 06:20 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\dcdaf1644fb3aabdbea894f05d55e1ba\System.Data.SqlXml.ni.dll
+ 2011-08-29 06:10 . 2011-08-29 06:10 2543616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\2a6de892edc1f1fb85c53add0732a76b\System.Data.SqlXml.ni.dll
+ 2011-08-29 06:21 . 2011-08-29 06:21 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\b11b842599889fe730da493d0c5e1857\System.Data.Linq.ni.dll
+ 2011-08-29 06:09 . 2011-08-29 06:09 7049216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\295e5058841ce043c8eb5a659e5ed291\System.Core.ni.dll
+ 2011-08-29 06:20 . 2011-08-29 06:20 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\0d4cdd1b911d6e28b4fd5c43ab39f7ea\System.Core.ni.dll
+ 2011-08-29 06:15 . 2011-08-29 06:15 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\c1b8cfef907c2602d5eb3af267248136\System.Activities.ni.dll
+ 2011-08-29 06:16 . 2011-08-29 06:16 3696640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\504c2403b435973fa8670e70d451a525\System.Activities.Presentation.ni.dll
+ 2011-08-29 06:15 . 2011-08-29 06:15 1511936 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\f78178281a70a19c4f7b9241bb2f938f\System.Activities.Core.Presentation.ni.dll
+ 2011-08-29 06:15 . 2011-08-29 06:15 2857984 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\2bb074b20846d92c9e9a01d233d4e08f\ReachFramework.ni.dll
+ 2011-08-29 06:24 . 2011-08-29 06:24 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\5dcab8576a5e02d7264bfeed28ce69b9\PresentationUI.ni.dll
+ 2011-08-29 06:14 . 2011-08-29 06:14 1629696 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\248c069941e367a05a36fb0b98fb3ed3\PresentationUI.ni.dll
+ 2011-08-29 06:24 . 2011-08-29 06:24 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e8c36043a5faedc93716717fc5bcdb05\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-08-29 06:24 . 2011-08-29 06:24 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\b4879bc20d7a718dcb51f0419721e5e5\Microsoft.VisualBasic.ni.dll
+ 2011-08-29 06:24 . 2011-08-29 06:24 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\aff7d215dd130cd94c54784c2df60e95\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-08-29 06:14 . 2011-08-29 06:14 1835008 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7d2bdea0dc17d0898dc0ee0c684ceff5\Microsoft.VisualBasic.ni.dll
+ 2011-08-29 06:14 . 2011-08-29 06:14 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\5a8419d88e3486ce8aa7ba0fb4a0e49b\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-08-29 06:14 . 2011-08-29 06:14 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\232fa1e6085ff29e2972a2b947129c6a\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-08-29 06:24 . 2011-08-29 06:24 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\156733cb276aff562e0c39d8b4fde1c6\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-29 06:14 . 2011-08-29 06:14 1081856 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\1548f40c34726c5d135ad43736256f62\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-29 06:20 . 2011-08-29 06:20 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\fcccb5e4d4bd338c678efcfa2b3e1058\Microsoft.CSharp.ni.dll
+ 2011-08-29 13:22 . 2011-08-29 13:22 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
+ 2011-08-29 13:25 . 2011-08-29 13:25 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\162600dde59fbaa0c048a949158ecba3\UIAutomationClientsideProviders.ni.dll
+ 2011-08-29 13:44 . 2011-08-29 13:44 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6E.tmp\Microsoft.Build.Tasks.v3.5.dll
+ 2011-08-29 13:22 . 2011-08-29 13:22 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
+ 2011-08-29 13:25 . 2011-08-29 13:25 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
+ 2011-08-29 13:25 . 2011-08-29 13:25 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e1208f0d981c420fc59f806bfbaa713b\System.Speech.ni.dll
+ 2011-08-29 13:42 . 2011-08-29 13:42 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
+ 2011-08-29 13:25 . 2011-08-29 13:25 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\90b444d02047ef27921153d46967ef0e\System.Printing.ni.dll
+ 2011-08-29 13:42 . 2011-08-29 13:42 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
+ 2011-08-29 13:25 . 2011-08-29 13:25 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
+ 2011-08-29 13:24 . 2011-08-29 13:24 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
+ 2011-08-29 13:44 . 2011-08-29 13:44 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll
+ 2011-08-29 13:24 . 2011-08-29 13:24 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\571af34939797a7c1cd05b0b925a45bf\System.Data.Linq.ni.dll
+ 2011-08-29 13:24 . 2011-08-29 13:24 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e54e013315849f5e34d8f2a8e7fdb450\System.Core.ni.dll
+ 2011-08-29 13:24 . 2011-08-29 13:24 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\24ab0cacc77e8696ceff3157942a2de4\ReachFramework.ni.dll
+ 2011-08-29 13:24 . 2011-08-29 13:24 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fac1ca86f4fea17de40d7fdaba38563e\PresentationUI.ni.dll
+ 2011-08-29 13:22 . 2011-08-29 13:22 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\c523412e6b11e7072f93bdd3ef24a479\PresentationBuildTasks.ni.dll
+ 2011-08-29 13:43 . 2011-08-29 13:43 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-29 13:44 . 2011-08-29 13:44 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll
+ 2011-08-29 13:43 . 2011-08-29 13:43 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-08-29 06:30 . 2011-08-29 06:31 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-08-29 06:31 . 2011-08-29 06:31 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-13 08:08 . 2011-04-13 08:08 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-13 08:09 . 2011-04-13 08:09 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-08-29 06:31 . 2011-08-29 06:31 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-11-02 08:22 . 2011-04-13 08:09 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-08-29 06:30 . 2011-08-29 06:30 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2006-03-07 00:51 . 2011-07-30 15:05 52390856 c:\windows\system32\MRT.exe
+ 2011-03-28 08:27 . 2011-03-28 08:27 15456256 c:\windows\Installer\398763.msp
+ 2011-04-13 16:37 . 2011-04-13 16:37 19201024 c:\windows\Installer\398748.msp
+ 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\15cef.msp
+ 2011-08-29 06:20 . 2011-08-29 06:20 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll
+ 2011-08-29 06:10 . 2011-08-29 06:10 13060608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\19c421e830bfe94a03197327b9d24ca5\System.Windows.Forms.ni.dll
+ 2011-08-29 06:11 . 2011-08-29 06:11 17662976 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c834bdaed56ce4a35c4cb1f256a02ee9\PresentationFramework.ni.dll
+ 2011-08-29 06:21 . 2011-08-29 06:21 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2250ddb1626087da27fb00f46a679ff5\PresentationFramework.ni.dll
+ 2011-08-29 06:10 . 2011-08-29 06:10 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\f1d6c3a6e19b19664e766a7d91e37d3c\PresentationCore.ni.dll
+ 2011-08-29 06:21 . 2011-08-29 06:21 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ca8307311e87b234b2faa5ee08332722\PresentationCore.ni.dll
+ 2011-08-29 06:09 . 2011-08-29 06:09 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll
+ 2011-08-29 13:25 . 2011-08-29 13:25 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
+ 2011-08-29 13:43 . 2011-08-29 13:43 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
+ 2011-08-29 13:25 . 2011-08-29 13:25 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\63ad0cd9b5e038c8e2e41415657db8fc\System.Design.ni.dll
+ 2011-08-29 13:24 . 2011-08-29 13:24 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\704556e34128441ea9f1a81cc89f8a79\PresentationFramework.ni.dll
+ 2011-08-29 13:23 . 2011-08-29 13:23 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
+ 2011-08-29 13:22 . 2011-08-29 13:22 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\documents and settings\compter\Desktop\utorrent.exe" [2011-03-28 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
setup_9.0.0.722_26.06.2011_01-08.lnk - c:\documents and settings\compter\Desktop\Virus Removal Tool\setup_9.0.0.722_26.06.2011_01-08\startup.exe [N/A]
.
c:\documents and settings\compter\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-8-7 0]
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:1bc79e590cc7
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"e:\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"e:\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\compter\\Desktop\\utorrent.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\compter\\My Documents\\Downloads\\WoW-4.0.0-WOW-enUS-Installer.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\compter\\Local Settings\\Apps\\2.0\\O1XZQ016.JAO\\A3J9O14A.C5Z\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader
.
R?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
R0 71397612;71397612 Boot Guard Driver;c:\windows\system32\drivers\71397612.sys [6/25/2011 5:52 PM 37392]
R1 71397611;71397611;c:\windows\system32\drivers\71397611.sys [6/25/2011 5:52 PM 128016]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [7/13/2010 7:48 PM 95024]
R1 setup_9.0.0.722_26.06.2011_01-08drv;setup_9.0.0.722_26.06.2011_01-08drv;c:\windows\system32\drivers\7139761.sys [6/25/2011 5:52 PM 315408]
R2 Eventlog3232323232;Event Log ;c:\windows\system32\kbdhela232.exe [8/29/2011 8:23 AM 717312]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/24/2011 3:19 AM 366640]
R2 NtLmSsp32;NT LM Security Support Provider ;c:\windows\system32\msimsg32.exe [8/29/2011 8:22 AM 717312]
R2 NVSvc32;NVIDIA Display Driver Service ;c:\windows\system32\clb32.exe [8/27/2011 5:01 PM 717312]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/24/2011 3:19 AM 22712]
S2 Alerter32;Alerter ;c:\windows\system32\dpnwsock32.exe --> c:\windows\system32\dpnwsock32.exe [?]
S2 Apple Mobile Device3232;Apple Mobile Device ;c:\windows\system32\WMVSDECD32.exe --> c:\windows\system32\WMVSDECD32.exe [?]
S2 AudioSrv32;Windows Audio ;c:\windows\system32\dplay32.exe --> c:\windows\system32\dplay32.exe [?]
S2 Bonjour Service32;Bonjour Service ;c:\windows\system32\D3DX9_3732.exe --> c:\windows\system32\D3DX9_3732.exe [?]
S2 CiSvc32;Indexing Service ;c:\windows\system32\atl32.exe --> c:\windows\system32\atl32.exe [?]
S2 clr_optimization_v2.0.50727_3232;.NET Runtime Optimization Service v2.0.50727_X86 ;c:\windows\system32\ir50_qc32.exe --> c:\windows\system32\ir50_qc32.exe [?]
S2 clr_optimization_v2.0.50727_323232;.NET Runtime Optimization Service v2.0.50727_X86 ;c:\windows\system32\olecnv3232.exe --> c:\windows\system32\olecnv3232.exe [?]
S2 clr_optimization_v4.0.30319_3232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\windows\system32\ufat32.exe --> c:\windows\system32\ufat32.exe [?]
S2 COMSysApp32;COM+ System Application ;c:\windows\system32\AgCPanelTraditionalChinese32.exe --> c:\windows\system32\AgCPanelTraditionalChinese32.exe [?]
S2 CryptSvc3232;CryptSvc ;c:\windows\system32\powrprof32.exe --> c:\windows\system32\powrprof32.exe [?]
S2 Dnscache32;DNS Client ;c:\windows\system32\AgCPanelGerman32.exe --> c:\windows\system32\AgCPanelGerman32.exe [?]
S2 Dot3svc32;Wired AutoConfig ;c:\windows\system32\wmpcd32.exe --> c:\windows\system32\wmpcd32.exe [?]
S2 EapHost32;Extensible Authentication Protocol Service ;c:\windows\system32\kbdmaori32.exe --> c:\windows\system32\kbdmaori32.exe [?]
S2 EventSystem32;COM+ Event System ;c:\windows\system32\credui32.exe --> c:\windows\system32\credui32.exe [?]
S2 FastUserSwitchingCompatibility32;Fast User Switching Compatibility ;c:\windows\system32\ialmuHUN32.exe --> c:\windows\system32\ialmuHUN32.exe [?]
S2 FastUserSwitchingCompatibility3232;Fast User Switching Compatibility ;c:\windows\system32\rpcns432.exe --> c:\windows\system32\rpcns432.exe [?]
S2 FastUserSwitchingCompatibility323232;Fast User Switching Compatibility ;c:\windows\system32\kbdca32.exe --> c:\windows\system32\kbdca32.exe [?]
S2 HidServ32;HID Input Service ;c:\windows\system32\rsaenh32.exe --> c:\windows\system32\rsaenh32.exe [?]
S2 HidServ3232;HID Input Service ;c:\windows\system32\d3dx10_4032.exe --> c:\windows\system32\d3dx10_4032.exe [?]
S2 HidServ323232;HID Input Service ;c:\windows\system32\xactengine3_432.exe --> c:\windows\system32\xactengine3_432.exe [?]
S2 lanmanserver32;Server ;c:\windows\system32\igfxress32.exe --> c:\windows\system32\igfxress32.exe [?]
S2 lanmanserver3232;Server ;c:\windows\system32\kbdgr32.exe --> c:\windows\system32\kbdgr32.exe [?]
S2 lanmanworkstation323232;Workstation ;c:\windows\system32\d3dx9_2432.exe --> c:\windows\system32\d3dx9_2432.exe [?]
S2 MSDTC32;Distributed Transaction Coordinator ;c:\windows\system32\dmscript32.exe --> c:\windows\system32\dmscript32.exe [?]
S2 Netlogon32;Net Logon ;c:\windows\system32\wshext32.exe --> c:\windows\system32\wshext32.exe [?]
S2 Netlogon3232;Net Logon ;c:\windows\system32\nvwddi32.exe --> c:\windows\system32\nvwddi32.exe [?]
S2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\netui032.exe --> c:\windows\system32\netui032.exe [?]
S2 NtLmSsp3232;NT LM Security Support Provider ;c:\windows\system32\objsel32.exe --> c:\windows\system32\objsel32.exe [?]
S2 NtmsSvc32323232;Removable Storage ;c:\windows\system32\kbdfo32.exe --> c:\windows\system32\kbdfo32.exe [?]
S2 PlugPlay32;Plug and Play ;c:\windows\system32\csseqchk32.exe --> c:\windows\system32\csseqchk32.exe [?]
S2 PolicyAgent3232;IPSEC Services ;c:\windows\system32\kbdtat32.exe --> c:\windows\system32\kbdtat32.exe [?]
S2 PolicyAgent323232;IPSEC Services ;c:\windows\system32\vxdmdcdlg32.exe --> c:\windows\system32\vxdmdcdlg32.exe [?]
S2 ProtectedStorage3232;Protected Storage ;c:\windows\system32\d3dx9_3232.exe --> c:\windows\system32\d3dx9_3232.exe [?]
S2 ProtectedStorage32323232;Protected Storage ;c:\windows\system32\qedit32.exe --> c:\windows\system32\qedit32.exe [?]
S2 RasAuto32;Remote Access Auto Connection Manager ;c:\windows\system32\sens32.exe --> c:\windows\system32\sens32.exe [?]
S2 RDSessMgr3232;Remote Desktop Help Session Manager ;c:\windows\system32\kbdcz232.exe --> c:\windows\system32\kbdcz232.exe [?]
S2 RDSessMgr323232;Remote Desktop Help Session Manager ;c:\windows\system32\msxml3a32.exe --> c:\windows\system32\msxml3a32.exe [?]
S2 RemoteRegistry32;Remote Registry ;c:\windows\system32\xactengine2_132.exe --> c:\windows\system32\xactengine2_132.exe [?]
S2 RpcLocator32;Remote Procedure Call (RPC) Locator ;c:\windows\system32\WMVCore32.exe --> c:\windows\system32\WMVCore32.exe [?]
S2 RSVP32;QoS RSVP ;c:\windows\system32\msasn132.exe --> c:\windows\system32\msasn132.exe [?]
S2 RSVP3232;QoS RSVP ;c:\windows\system32\comsvcs32.exe --> c:\windows\system32\comsvcs32.exe [?]
S2 SCardSvr323232;Smart Card ;c:\windows\system32\pjlmon32.exe --> c:\windows\system32\pjlmon32.exe [?]
S2 Schedule32;Task Scheduler ;c:\windows\system32\mfc4032.exe --> c:\windows\system32\mfc4032.exe [?]
S2 SENS32;System Event Notification ;c:\windows\system32\imeshare32.exe --> c:\windows\system32\imeshare32.exe [?]
S2 SharedAccess32;Windows Firewall/Internet Connection Sharing (ICS) ;c:\windows\system32\sbe32.exe --> c:\windows\system32\sbe32.exe [?]
S2 SharedAccess3232;Windows Firewall/Internet Connection Sharing (ICS) ;c:\windows\system32\kbdiultn32.exe --> c:\windows\system32\kbdiultn32.exe [?]
S2 ShellHWDetection32;Shell Hardware Detection ;c:\windows\system32\shscrap32.exe --> c:\windows\system32\shscrap32.exe [?]
S2 ShellHWDetection3232;Shell Hardware Detection ;c:\windows\system32\miglibnt32.exe --> c:\windows\system32\miglibnt32.exe [?]
S2 srservice32;System Restore Service ;c:\windows\system32\eapp3hst32.exe --> c:\windows\system32\eapp3hst32.exe [?]
S2 SSDPSRV323232;SSDP Discovery Service ;c:\windows\system32\avmeter32.exe --> c:\windows\system32\avmeter32.exe [?]
S2 stisvc32;Windows Image Acquisition (WIA) ;c:\windows\system32\eapsvc32.exe --> c:\windows\system32\eapsvc32.exe [?]
S2 STSService32;STSService ;c:\windows\system32\fmifs32.exe --> c:\windows\system32\fmifs32.exe [?]
S2 SwPrv3232;MS Software Shadow Copy Provider ;c:\windows\system32\photowiz32.exe --> c:\windows\system32\photowiz32.exe [?]
S2 SwPrv323232;MS Software Shadow Copy Provider ;c:\windows\system32\xpsp4res32.exe --> c:\windows\system32\xpsp4res32.exe [?]
S2 TrkWks32;Distributed Link Tracking Client ;c:\windows\system32\ntlanman32.exe --> c:\windows\system32\ntlanman32.exe [?]
S2 VSS32;Volume Shadow Copy ;c:\windows\system32\advapi3232.exe --> c:\windows\system32\advapi3232.exe [?]
S2 VSS3232;Volume Shadow Copy ;c:\windows\system32\iprtrmgr32.exe --> c:\windows\system32\iprtrmgr32.exe [?]
S2 VSS323232;Volume Shadow Copy ;c:\windows\system32\AgCPanelFrench32.exe --> c:\windows\system32\AgCPanelFrench32.exe [?]
S2 W32Time3232;Windows Time ;c:\windows\system32\odbc16gt32.exe --> c:\windows\system32\odbc16gt32.exe [?]
S2 WebClient32;WebClient ;c:\windows\system32\cryptnet32.exe --> c:\windows\system32\cryptnet32.exe [?]
S2 winmgmt3232;Windows Management Instrumentation ;c:\windows\system32\ialmuARB32.exe --> c:\windows\system32\ialmuARB32.exe [?]
S2 WMPNetworkSvc3232;Windows Media Player Network Sharing Service ;c:\windows\system32\kbdgkl32.exe --> c:\windows\system32\kbdgkl32.exe [?]
S2 WMPNetworkSvc323232;Windows Media Player Network Sharing Service ;c:\windows\system32\nvcod(3)32.exe --> c:\windows\system32\nvcod(3)32.exe [?]
S2 WMPNetworkSvc32323232;Windows Media Player Network Sharing Service ;c:\windows\system32\wmpcore32.exe --> c:\windows\system32\wmpcore32.exe [?]
S2 WMPNetworkSvc3232323232;Windows Media Player Network Sharing Service ;c:\windows\system32\ocmanage32.exe --> c:\windows\system32\ocmanage32.exe [?]
S2 wscsvc3232;Security Center ;c:\windows\system32\nwevent32.exe --> c:\windows\system32\nwevent32.exe [?]
S2 WudfSvc32;Windows Driver Foundation - User-mode Driver Framework ;c:\windows\system32\kbdbu32.exe --> c:\windows\system32\kbdbu32.exe [?]
S3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [2/16/2011 9:46 AM 385024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\compter\Application Data\Mozilla\Firefox\Profiles\etcuxtxj.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-29 08:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\OpenOffice.org 2.1\program\soffice.exe
c:\program files\OpenOffice.org 2.1\program\soffice.BIN
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\windows\system32\ativtmxx32.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-08-29 08:50:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-29 13:50
ComboFix2.txt 2011-08-29 01:42
ComboFix3.txt 2011-08-28 23:01
.
Pre-Run: 10,833,293,312 bytes free
Post-Run: 10,840,772,608 bytes free
.
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 92B25B7F63772A058A6C809257D2F45F





Thanks m0le!

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 AM

Posted 29 August 2011 - 06:46 PM

Hopefully the atapi.sys file replacement will stop the recurring files/drivers so here we go one more time

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

File::
c:\windows\system32\pidgen32.exe
c:\windows\system32\mmcshext32.exe
c:\windows\system32\adsnt32.exe
c:\windows\system32\certmgr32.exe
c:\windows\system32\kbdhe32.exe
c:\windows\system32\qdvd32.exe
c:\windows\system32\kbdblr32.exe
c:\windows\system32\XAPOFX1_132.exe
c:\windows\system32\ativtmxx32.dll
c:\windows\system32\kbdhela232.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\msimsg32.exe
c:\windows\system32\clb32.exe
c:\windows\system32\drivers\mbam.sys
c:\windows\system32\dpnwsock32.exe
c:\windows\system32\WMVSDECD32.exe
c:\windows\system32\dplay32.exe
c:\windows\system32\D3DX9_3732.exe
c:\windows\system32\atl32.exe
c:\windows\system32\ir50_qc32.exe
c:\windows\system32\olecnv3232.exe
c:\windows\system32\ufat32.exe
c:\windows\system32\AgCPanelTraditionalChinese32.exe
c:\windows\system32\powrprof32.exe
c:\windows\system32\AgCPanelGerman32.exe
c:\windows\system32\wmpcd32.exe
c:\windows\system32\kbdmaori32.exe
c:\windows\system32\credui32.exe
c:\windows\system32\ialmuHUN32.exe
c:\windows\system32\rpcns432.exe
c:\windows\system32\kbdca32.exe
c:\windows\system32\rsaenh32.exe
c:\windows\system32\d3dx10_4032.exe
c:\windows\system32\xactengine3_432.exe
c:\windows\system32\igfxress32.exe
c:\windows\system32\kbdgr32.exe
c:\windows\system32\d3dx9_2432.exe
c:\windows\system32\dmscript32.exe
c:\windows\system32\wshext32.exe
c:\windows\system32\nvwddi32.exe
c:\windows\system32\netui032.exe
c:\windows\system32\objsel32.exe
c:\windows\system32\kbdfo32.exe
c:\windows\system32\csseqchk32.exe
c:\windows\system32\kbdtat32.exe
c:\windows\system32\vxdmdcdlg32.exe
c:\windows\system32\d3dx9_3232.exe
c:\windows\system32\qedit32.exe
c:\windows\system32\sens32.exe
c:\windows\system32\kbdcz232.exe
c:\windows\system32\msxml3a32.exe
c:\windows\system32\xactengine2_132.exe
c:\windows\system32\WMVCore32.exe
c:\windows\system32\msasn132.exe
c:\windows\system32\comsvcs32.exe
c:\windows\system32\pjlmon32.exe
c:\windows\system32\mfc4032.exe
c:\windows\system32\imeshare32.exe
c:\windows\system32\sbe32.exe
c:\windows\system32\kbdiultn32.exe
c:\windows\system32\shscrap32.exe
c:\windows\system32\miglibnt32.exe
c:\windows\system32\eapp3hst32.exe
c:\windows\system32\avmeter32.exe
c:\windows\system32\eapsvc32.exe
c:\windows\system32\fmifs32.exe
c:\windows\system32\photowiz32.exe
c:\windows\system32\xpsp4res32.exe
c:\windows\system32\ntlanman32.exe
c:\windows\system32\advapi3232.exe
c:\windows\system32\iprtrmgr32.exe
c:\windows\system32\AgCPanelFrench32.exe
c:\windows\system32\odbc16gt32.exe
c:\windows\system32\cryptnet32.exe
c:\windows\system32\ialmuARB32.exe
c:\windows\system32\kbdgkl32.exe
c:\windows\system32\nvcod(3)32.exe
c:\windows\system32\wmpcore32.exe
c:\windows\system32\ocmanage32.exe
c:\windows\system32\nwevent32.exe
c:\windows\system32\kbdbu32.exe

Driver::
Eventlog3232323232
MBAMService
NtLmSsp32
NVSvc32
MBAMProtector
Alerter32
Apple Mobile Device3232
AudioSrv32
Bonjour Service32
CiSvc32
clr_optimization_v2.0.50727_3232
clr_optimization_v2.0.50727_323232
clr_optimization_v4.0.30319_3232
COMSysApp32
CryptSvc3232
Dnscache32
Dot3svc32
EapHost32
EventSystem32
FastUserSwitchingCompatibility32
FastUserSwitchingCompatibility3232
FastUserSwitchingCompatibility323232
HidServ32
HidServ3232
HidServ323232
lanmanserver32
lanmanserver3232
lanmanworkstation323232
MSDTC32
Netlogon32
Netlogon3232
NetTcpPortSharing32
NtLmSsp3232
NtmsSvc32323232
PlugPlay32
PolicyAgent3232
PolicyAgent323232
ProtectedStorage3232
ProtectedStorage32323232
RasAuto32
RDSessMgr3232
RDSessMgr323232
RemoteRegistry32
RpcLocator32
RSVP32
RSVP3232
SCardSvr323232
Schedule32
SENS32
SharedAccess32
SharedAccess3232
ShellHWDetection32
ShellHWDetection3232
srservice32
SSDPSRV323232
stisvc32
STSService32
SwPrv3232
SwPrv323232
TrkWks32
VSS32
VSS3232
VSS323232
W32Time3232
WebClient32
winmgmt3232
WMPNetworkSvc3232
WMPNetworkSvc323232
WMPNetworkSvc32323232
WMPNetworkSvc3232323232
wscsvc3232
WudfSvc32


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#14 arrix

arrix
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 29 August 2011 - 09:22 PM

Thank you m0le, here's the newest log:

ComboFix 11-08-29.03 - compter 08/29/2011 21:02:45.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.619 [GMT -5:00]
Running from: c:\documents and settings\compter\Desktop\ComFix.exe
Command switches used :: c:\documents and settings\compter\Desktop\CFScript.txt
.
FILE ::
"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe"
"c:\windows\system32\adsnt32.exe"
"c:\windows\system32\advapi3232.exe"
"c:\windows\system32\AgCPanelFrench32.exe"
"c:\windows\system32\AgCPanelGerman32.exe"
"c:\windows\system32\AgCPanelTraditionalChinese32.exe"
"c:\windows\system32\ativtmxx32.dll"
"c:\windows\system32\atl32.exe"
"c:\windows\system32\avmeter32.exe"
"c:\windows\system32\certmgr32.exe"
"c:\windows\system32\clb32.exe"
"c:\windows\system32\comsvcs32.exe"
"c:\windows\system32\credui32.exe"
"c:\windows\system32\cryptnet32.exe"
"c:\windows\system32\csseqchk32.exe"
"c:\windows\system32\d3dx10_4032.exe"
"c:\windows\system32\d3dx9_2432.exe"
"c:\windows\system32\d3dx9_3232.exe"
"c:\windows\system32\D3DX9_3732.exe"
"c:\windows\system32\dmscript32.exe"
"c:\windows\system32\dplay32.exe"
"c:\windows\system32\dpnwsock32.exe"
"c:\windows\system32\drivers\mbam.sys"
"c:\windows\system32\eapp3hst32.exe"
"c:\windows\system32\eapsvc32.exe"
"c:\windows\system32\fmifs32.exe"
"c:\windows\system32\ialmuARB32.exe"
"c:\windows\system32\ialmuHUN32.exe"
"c:\windows\system32\igfxress32.exe"
"c:\windows\system32\imeshare32.exe"
"c:\windows\system32\iprtrmgr32.exe"
"c:\windows\system32\ir50_qc32.exe"
"c:\windows\system32\kbdblr32.exe"
"c:\windows\system32\kbdbu32.exe"
"c:\windows\system32\kbdca32.exe"
"c:\windows\system32\kbdcz232.exe"
"c:\windows\system32\kbdfo32.exe"
"c:\windows\system32\kbdgkl32.exe"
"c:\windows\system32\kbdgr32.exe"
"c:\windows\system32\kbdhe32.exe"
"c:\windows\system32\kbdhela232.exe"
"c:\windows\system32\kbdiultn32.exe"
"c:\windows\system32\kbdmaori32.exe"
"c:\windows\system32\kbdtat32.exe"
"c:\windows\system32\mfc4032.exe"
"c:\windows\system32\miglibnt32.exe"
"c:\windows\system32\mmcshext32.exe"
"c:\windows\system32\msasn132.exe"
"c:\windows\system32\msimsg32.exe"
"c:\windows\system32\msxml3a32.exe"
"c:\windows\system32\netui032.exe"
"c:\windows\system32\ntlanman32.exe"
"c:\windows\system32\nvcod(3)32.exe"
"c:\windows\system32\nvwddi32.exe"
"c:\windows\system32\nwevent32.exe"
"c:\windows\system32\objsel32.exe"
"c:\windows\system32\ocmanage32.exe"
"c:\windows\system32\odbc16gt32.exe"
"c:\windows\system32\olecnv3232.exe"
"c:\windows\system32\photowiz32.exe"
"c:\windows\system32\pidgen32.exe"
"c:\windows\system32\pjlmon32.exe"
"c:\windows\system32\powrprof32.exe"
"c:\windows\system32\qdvd32.exe"
"c:\windows\system32\qedit32.exe"
"c:\windows\system32\rpcns432.exe"
"c:\windows\system32\rsaenh32.exe"
"c:\windows\system32\sbe32.exe"
"c:\windows\system32\sens32.exe"
"c:\windows\system32\shscrap32.exe"
"c:\windows\system32\ufat32.exe"
"c:\windows\system32\vxdmdcdlg32.exe"
"c:\windows\system32\wmpcd32.exe"
"c:\windows\system32\wmpcore32.exe"
"c:\windows\system32\WMVCore32.exe"
"c:\windows\system32\WMVSDECD32.exe"
"c:\windows\system32\wshext32.exe"
"c:\windows\system32\xactengine2_132.exe"
"c:\windows\system32\xactengine3_432.exe"
"c:\windows\system32\XAPOFX1_132.exe"
"c:\windows\system32\xpsp4res32.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Application Data\020000001dde61d01406C.manifest
c:\documents and settings\LocalService\Application Data\020000001dde61d01406O.manifest
c:\documents and settings\LocalService\Application Data\020000001dde61d01406P.manifest
c:\documents and settings\LocalService\Application Data\020000001dde61d01406S.manifest
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\adsnt32.exe
c:\windows\system32\ativtmxx32.dll
c:\windows\system32\certmgr32.exe
c:\windows\system32\clb32.exe
c:\windows\system32\drivers\mbam.sys
c:\windows\system32\kbdblr32.exe
c:\windows\system32\kbdhe32.exe
c:\windows\system32\kbdhela232.exe
c:\windows\system32\kbdmaori32.exe
c:\windows\system32\mmcshext32.exe
c:\windows\system32\msimsg32.exe
c:\windows\system32\pidgen32.exe
c:\windows\system32\qdvd32.exe
c:\windows\system32\XAPOFX1_132.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ALERTER32
-------\Legacy_APPLE_MOBILE_DEVICE3232
-------\Legacy_AUDIOSRV32
-------\Legacy_BONJOUR_SERVICE32
-------\Legacy_CISVC32
-------\Legacy_CLR_OPTIMIZATION_V2.0.50727_3232
-------\Legacy_CLR_OPTIMIZATION_V2.0.50727_323232
-------\Legacy_CLR_OPTIMIZATION_V4.0.30319_3232
-------\Legacy_COMSYSAPP32
-------\Legacy_CRYPTSVC3232
-------\Legacy_DNSCACHE32
-------\Legacy_DOT3SVC32
-------\Legacy_EAPHOST32
-------\Legacy_EVENTLOG3232323232
-------\Legacy_EVENTSYSTEM32
-------\Legacy_FASTUSERSWITCHINGCOMPATIBILITY32
-------\Legacy_FASTUSERSWITCHINGCOMPATIBILITY3232
-------\Legacy_FASTUSERSWITCHINGCOMPATIBILITY323232
-------\Legacy_HIDSERV32
-------\Legacy_HIDSERV3232
-------\Legacy_HIDSERV323232
-------\Legacy_LANMANSERVER32
-------\Legacy_LANMANSERVER3232
-------\Legacy_LANMANWORKSTATION323232
-------\Legacy_MBAMPROTECTOR
-------\Legacy_MBAMSERVICE
-------\Legacy_MSDTC32
-------\Legacy_NETLOGON32
-------\Legacy_NETLOGON3232
-------\Legacy_NETTCPPORTSHARING32
-------\Legacy_NTLMSSP32
-------\Legacy_NTLMSSP3232
-------\Legacy_NTMSSVC32323232
-------\Legacy_NVSVC32
-------\Legacy_PLUGPLAY32
-------\Legacy_POLICYAGENT3232
-------\Legacy_POLICYAGENT323232
-------\Legacy_PROTECTEDSTORAGE3232
-------\Legacy_PROTECTEDSTORAGE32323232
-------\Legacy_RASAUTO32
-------\Legacy_RDSESSMGR3232
-------\Legacy_RDSESSMGR323232
-------\Legacy_REMOTEREGISTRY32
-------\Legacy_RPCLOCATOR32
-------\Legacy_RSVP32
-------\Legacy_RSVP3232
-------\Legacy_SCARDSVR323232
-------\Legacy_SCHEDULE32
-------\Legacy_SENS32
-------\Legacy_SHAREDACCESS32
-------\Legacy_SHAREDACCESS3232
-------\Legacy_SHELLHWDETECTION32
-------\Legacy_SHELLHWDETECTION3232
-------\Legacy_SRSERVICE32
-------\Legacy_SSDPSRV323232
-------\Legacy_STISVC32
-------\Legacy_STSSERVICE32
-------\Legacy_SWPRV3232
-------\Legacy_SWPRV323232
-------\Legacy_TRKWKS32
-------\Legacy_VSS32
-------\Legacy_VSS3232
-------\Legacy_VSS323232
-------\Legacy_W32TIME3232
-------\Legacy_WEBCLIENT32
-------\Legacy_WINMGMT3232
-------\Legacy_WMPNETWORKSVC3232
-------\Legacy_WMPNETWORKSVC323232
-------\Legacy_WMPNETWORKSVC32323232
-------\Legacy_WMPNETWORKSVC3232323232
-------\Legacy_WSCSVC3232
-------\Legacy_WUDFSVC32
-------\Service_Alerter32
-------\Service_Apple Mobile Device3232
-------\Service_AudioSrv32
-------\Service_Bonjour Service32
-------\Service_CiSvc32
-------\Service_clr_optimization_v2.0.50727_3232
-------\Service_clr_optimization_v2.0.50727_323232
-------\Service_clr_optimization_v4.0.30319_3232
-------\Service_COMSysApp32
-------\Service_CryptSvc3232
-------\Service_Dnscache32
-------\Service_Dot3svc32
-------\Service_EapHost32
-------\Service_Eventlog3232323232
-------\Service_EventSystem32
-------\Service_FastUserSwitchingCompatibility32
-------\Service_FastUserSwitchingCompatibility3232
-------\Service_FastUserSwitchingCompatibility323232
-------\Service_HidServ32
-------\Service_HidServ3232
-------\Service_HidServ323232
-------\Service_lanmanserver32
-------\Service_lanmanserver3232
-------\Service_lanmanworkstation323232
-------\Service_MBAMProtector
-------\Service_MBAMService
-------\Service_MSDTC32
-------\Service_Netlogon32
-------\Service_Netlogon3232
-------\Service_NetTcpPortSharing32
-------\Service_NtLmSsp32
-------\Service_NtLmSsp3232
-------\Service_NtmsSvc32323232
-------\Service_NVSvc32
-------\Service_PlugPlay32
-------\Service_PolicyAgent3232
-------\Service_PolicyAgent323232
-------\Service_ProtectedStorage3232
-------\Service_ProtectedStorage32323232
-------\Service_RasAuto32
-------\Service_RDSessMgr3232
-------\Service_RDSessMgr323232
-------\Service_RemoteRegistry32
-------\Service_RpcLocator32
-------\Service_RSVP32
-------\Service_RSVP3232
-------\Service_SCardSvr323232
-------\Service_Schedule32
-------\Service_SENS32
-------\Service_SharedAccess32
-------\Service_SharedAccess3232
-------\Service_ShellHWDetection32
-------\Service_ShellHWDetection3232
-------\Service_srservice32
-------\Service_SSDPSRV323232
-------\Service_stisvc32
-------\Service_STSService32
-------\Service_SwPrv3232
-------\Service_SwPrv323232
-------\Service_TrkWks32
-------\Service_VSS32
-------\Service_VSS3232
-------\Service_VSS323232
-------\Service_W32Time3232
-------\Service_WebClient32
-------\Service_winmgmt3232
-------\Service_WMPNetworkSvc3232
-------\Service_WMPNetworkSvc323232
-------\Service_WMPNetworkSvc32323232
-------\Service_WMPNetworkSvc3232323232
-------\Service_wscsvc3232
-------\Service_WudfSvc32
-------\Legacy_PolicyAgent32
-------\Service_PolicyAgent32
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-30 )))))))))))))))))))))))))))))))
.
.
2011-08-30 02:09 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\dot3svc32.exe
2011-08-29 16:42 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\ativtmxx32.exe
2011-08-29 13:22 . 2011-08-22 11:58 717312 ----a-w- c:\windows\system32\xactengine2_932.exe
2011-08-28 23:01 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
2011-08-28 23:01 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-28 23:00 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-28 23:00 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-08-24 08:31 . 2011-08-24 08:31 -------- d-----w- c:\program files\ESET
2011-08-24 08:19 . 2011-08-24 08:19 -------- d-----w- c:\documents and settings\compter\Application Data\Malwarebytes
2011-08-24 08:19 . 2011-07-08 12:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 08:19 . 2011-08-24 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-24 08:19 . 2011-08-30 02:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-24 07:42 . 2011-08-24 07:42 -------- dc----w- C:\_OTL
2011-08-22 22:39 . 2011-08-22 22:39 388096 ----a-r- c:\documents and settings\compter\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-19 21:24 . 2011-08-19 21:24 -------- d-----w- c:\program files\iPod
2011-08-19 21:24 . 2011-08-19 21:24 -------- d-----w- c:\program files\iTunes
2011-08-19 21:21 . 2011-08-19 21:21 -------- d-----w- c:\program files\Bonjour
2011-08-19 17:41 . 2011-08-23 23:42 -------- d-----w- c:\documents and settings\compter\Local Settings\Application Data\AskToolbar
2011-08-08 21:17 . 2011-08-08 21:17 -------- d-----w- c:\documents and settings\compter\Application Data\Media Player Classic
2011-08-08 18:01 . 2011-08-27 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-08-08 18:01 . 2011-08-08 18:01 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2006-02-23 02:04 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:18 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 12:58 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-19 00:18 . 2011-06-25 08:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-29_13.47.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-08-29 13:47 . 2011-08-29 13:47 16384 c:\windows\Temp\Perflib_Perfdata_780.dat
+ 2011-08-30 02:11 . 2011-08-30 02:11 16384 c:\windows\Temp\Perflib_Perfdata_780.dat
+ 2011-08-29 14:52 . 2011-08-29 14:52 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\3261cf5aa8c44f49ea44e995bb1c798c\System.Windows.Presentation.ni.dll
+ 2011-08-29 14:52 . 2011-08-29 14:52 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\8f37e1ebcb6a993092f8701f4f0bff4e\System.Web.ApplicationServices.ni.dll
+ 2011-08-29 14:52 . 2011-08-29 14:52 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f43eab6f117c2733cc296f11e8ebe9ed\System.ServiceModel.Channels.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\343c52b741531ce9ae874ea7508831a7\System.Windows.Presentation.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll
+ 2011-08-29 14:33 . 2011-08-29 14:33 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ace861fe8dbf146c3e449abaa7691e9f\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-29 14:32 . 2011-08-29 14:32 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll
+ 2011-08-29 14:53 . 2011-08-29 14:53 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\97a1f8a5a83114e0cea11549602e8e72\WindowsFormsIntegration.ni.dll
+ 2011-08-29 14:52 . 2011-08-29 14:52 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\acc81364b5b1d54918a55f0ae0fbc043\UIAutomationClient.ni.dll
+ 2011-08-29 14:52 . 2011-08-29 14:52 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\840f9b4d51622f9f29888aae168a196c\System.ServiceProcess.ni.dll
+ 2011-08-29 14:52 . 2011-08-29 14:52 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8e99e3e3b47a1b63e678271947a72e22\System.ServiceModel.Routing.ni.dll
+ 2011-08-29 14:51 . 2011-08-29 14:51 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\ce945fe046c7c152d4785fe24c22eee9\System.Net.ni.dll
+ 2011-08-29 14:51 . 2011-08-29 14:51 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\f07d8a06ff89e9c2db9f2ad73e88d421\System.Messaging.ni.dll
+ 2011-08-29 14:51 . 2011-08-29 14:51 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\ec65b7f29e6d9c27cad0bb4f6199701f\System.Management.Instrumentation.ni.dll
+ 2011-08-29 14:51 . 2011-08-29 14:51 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\5e1621afee65228e6dc7fbc9fb35f091\System.IO.Log.ni.dll
+ 2011-08-29 14:51 . 2011-08-29 14:51 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\1f10456671d393187b6e2511155b8cd6\System.IdentityModel.Selectors.ni.dll
+ 2011-08-29 14:51 . 2011-08-29 14:51 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\f75ffd1a51b56e5171335277ca7d2ead\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-29 14:51 . 2011-08-29 14:51 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\448b1912c09fe3be836533e1c04332ce\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-29 14:51 . 2011-08-29 14:51 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\a8f34f6b7fc87869ea63c0a5a45e4106\System.Device.ni.dll
+ 2011-08-29 14:49 . 2011-08-29 14:49 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\8e8d0552f18365e5f57fe20cf3aebcbb\System.Data.DataSetExtensions.ni.dll
+ 2011-08-29 14:49 . 2011-08-29 14:49 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\1f12624743789147c54a5c70b34e47b7\System.Configuration.Install.ni.dll
+ 2011-08-29 14:49 . 2011-08-29 14:49 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4ce4ff836715d7e822200dd340ce8c32\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-29 14:49 . 2011-08-29 14:49 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\285ebbd21d182235113a348c951afd12\System.AddIn.ni.dll
+ 2011-08-29 14:49 . 2011-08-29 14:49 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\4a37977779bc648b11b8c333bfc1c2b8\System.Activities.DurableInstancing.ni.dll
+ 2011-08-29 14:36 . 2011-08-29 14:36 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\946eefb99bc116ee68e0e7c69a5a8a5c\System.Xml.Linq.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\a82eef3128b9527dc05b3c8667e713bc\System.Web.Routing.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54\System.Web.Extensions.Design.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2314ff800782dc85224e69e802a073f7\System.Web.Entity.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f690a8f5d784a5bb20f2cbaa7277eb6c\System.Web.Entity.Design.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5c96400424b85536443623f96f64581\System.Web.DynamicData.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5f8e87b47465a038403e73012c6d102a\System.Web.Abstractions.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\480ea914e13fe41cdd8fb542bb1f7e81\System.Net.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\dc72c7581f1b3794c0ea595ba02ff7ad\System.Management.Instrumentation.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\822c996e6ad4901219b7de399a6f78bf\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e1c009b2c9becdb732a2ea45f32a46b8\System.Data.Services.Design.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1defd94e1662a4478ccf2cd0b1b4e6a6\System.Data.Services.Client.ni.dll
+ 2011-08-29 14:33 . 2011-08-29 14:33 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04267c1dbdcdd8ec37e1518126767ead\System.Data.Entity.Design.ni.dll
+ 2011-08-29 14:33 . 2011-08-29 14:33 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\f2a6d41b3f6e26eea6dcac9298aa637b\System.Data.DataSetExtensions.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
+ 2011-08-29 14:32 . 2011-08-29 14:32 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fbf6ef12d1456058acde29f2640092fb\System.AddIn.ni.dll
+ 2011-08-29 14:32 . 2011-08-29 14:32 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll
+ 2011-08-29 14:32 . 2011-08-29 14:32 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9250f038410f0d6432e3ccb0b046862b\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-29 14:53 . 2011-08-29 14:53 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\2b22ef03091f893f5b381514149a472b\UIAutomationClientsideProviders.ni.dll
+ 2011-08-29 14:52 . 2011-08-29 14:52 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\de9ec945d6cdd90010c824320e8bc332\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-08-29 14:52 . 2011-08-29 14:52 1859584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\3e5c07211446b947b1ecb6963946320a\System.Web.Services.ni.dll
+ 2011-08-29 14:52 . 2011-08-29 14:52 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\11a89b103320d603c0bfa48179c3fe1d\System.Speech.ni.dll
+ 2011-08-29 14:52 . 2011-08-29 14:52 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e492bb75168cc53d57c2dd5e32e9911c\System.ServiceModel.Activities.ni.dll
+ 2011-08-29 14:52 . 2011-08-29 14:52 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b66a8b2c0b8c12540831b41c92bede12\System.ServiceModel.Discovery.ni.dll
+ 2011-08-29 14:49 . 2011-08-29 14:49 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\39c3d706f0fbc21443c7747f203b0b34\System.Printing.ni.dll
+ 2011-08-29 14:51 . 2011-08-29 14:51 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\76d7e84f5dca7908b45edba58bd12f48\System.Management.ni.dll
+ 2011-08-29 14:51 . 2011-08-29 14:51 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\02c1363d5beb2ae5c5722bc8f6c5b77a\System.IdentityModel.ni.dll
+ 2011-08-29 14:51 . 2011-08-29 14:51 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\0e629bbc4ccd76e072189ccbc9d7903f\System.Data.Services.Client.ni.dll
+ 2011-08-29 14:49 . 2011-08-29 14:49 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\4d3a20f0598b5da0ebf9e505b51886b9\System.Activities.ni.dll
+ 2011-08-29 14:49 . 2011-08-29 14:49 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\e4566f552e3bda84571e04a7e5d1c41f\System.Activities.Presentation.ni.dll
+ 2011-08-29 14:49 . 2011-08-29 14:49 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\236373716dcb48f5687dd6997559a425\System.Activities.Core.Presentation.ni.dll
+ 2011-08-29 14:49 . 2011-08-29 14:49 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\48530a5ad6ec27254cde667e02d3f198\ReachFramework.ni.dll
+ 2011-08-29 14:51 . 2011-08-29 14:51 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\2f83c7b63b1443a26f40b9f66bec3e2a\Microsoft.JScript.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\22229a30650a9afbac984e1093898b13\System.WorkflowServices.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\4d6b3cc1fc7a4788612241af7966715a\System.Workflow.Runtime.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e4c9853af945c9cfede19f3faf18af6e\System.Workflow.ComponentModel.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ab4b50c7c789e46a485903365765fde8\System.Workflow.Activities.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3da92a0b9b8ac97e11ca8bf4df671a78\System.Web.Mobile.ni.dll
+ 2011-08-29 14:35 . 2011-08-29 14:35 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1\System.Web.Extensions.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c1b9b8ce390548dcca661a5e6a908408\System.Data.Services.ni.dll
+ 2011-08-29 14:33 . 2011-08-29 14:33 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\afb4d5e8161d0129ba15c37de2461d8a\System.Data.Entity.ni.dll
+ 2011-08-29 14:32 . 2011-08-29 14:32 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\345abd035c9378667b1cac54c1f21c97\Microsoft.JScript.ni.dll
+ 2011-08-29 14:32 . 2011-08-29 14:32 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\906cd5555b79e4e0486dc8ef2a748b13\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-29 14:52 . 2011-08-29 14:52 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dc31b22f78cb510bf470f0ab5ef65816\System.ServiceModel.ni.dll
+ 2011-08-29 14:51 . 2011-08-29 14:51 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\978e8514751373383f79c3fdd667aa2b\System.Data.Entity.ni.dll
+ 2011-08-29 14:34 . 2011-08-29 14:34 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
setup_9.0.0.722_26.06.2011_01-08.lnk - c:\documents and settings\compter\Desktop\Virus Removal Tool\setup_9.0.0.722_26.06.2011_01-08\startup.exe [N/A]
.
c:\documents and settings\compter\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-8-7 0]
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:1bc79e590cc7
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"e:\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"e:\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\compter\\Desktop\\utorrent.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\compter\\My Documents\\Downloads\\WoW-4.0.0-WOW-enUS-Installer.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\compter\\Local Settings\\Apps\\2.0\\O1XZQ016.JAO\\A3J9O14A.C5Z\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader
.
R0 71397612;71397612 Boot Guard Driver;c:\windows\system32\drivers\71397612.sys [6/25/2011 5:52 PM 37392]
R1 71397611;71397611;c:\windows\system32\drivers\71397611.sys [6/25/2011 5:52 PM 128016]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [7/13/2010 7:48 PM 95024]
R1 setup_9.0.0.722_26.06.2011_01-08drv;setup_9.0.0.722_26.06.2011_01-08drv;c:\windows\system32\drivers\7139761.sys [6/25/2011 5:52 PM 315408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Messenger32;Messenger ;c:\windows\system32\dot3svc32.exe [8/29/2011 9:09 PM 717312]
S3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [2/16/2011 9:46 AM 385024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\compter\Application Data\Mozilla\Firefox\Profiles\etcuxtxj.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{01D4856B-122E-4D12-8028-6E48B2D8C1Ce} - c:\windows\system32\ativtmxx32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-29 21:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(924)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.1\program\soffice.exe
c:\program files\OpenOffice.org 2.1\program\soffice.BIN
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-08-29 21:14:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-30 02:14
ComboFix2.txt 2011-08-29 13:50
ComboFix3.txt 2011-08-29 01:42
ComboFix4.txt 2011-08-28 23:01
.
Pre-Run: 10,640,912,384 bytes free
Post-Run: 10,639,880,192 bytes free
.
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3FF2543D7D3ED3D815E607F70D58505C

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:57 AM

Posted 30 August 2011 - 05:11 PM

One more and we should be there

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

File::
c:\windows\system32\dot3svc32.exe
c:\windows\system32\ativtmxx32.exe
c:\windows\system32\xactengine2_932.exe


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users