Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Security 2011 and TDSS removal help


  • This topic is locked This topic is locked
10 replies to this topic

#1 brianhjazz

brianhjazz

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 01 November 2011 - 10:23 PM

Hi, my computer is infected with System Security 2011 and the TDSS rootkit (and possibly more? I'm not sure yet). I tried running Malwarebytes but the program was blocked from running, then I tried to install/run TDSSKiller which ran and found the TDSS File System along with 3 other "Unsigned Files" but all 4 threats are missing the option to "cure" and only have options to skip, quarantine or delete.

I also am missing all of my desktop icons/start menu icons...I am running in "safe mode with networking" and I know that all of my files are intact so i'm hoping that the same virus(es) are also causing this but any help would be greatly appreciated here as well! Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Run by Brian at 18:50:10 on 2011-11-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1532 [GMT -5:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\P0E9WYBB\tdsskiller[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Facebook Update] "c:\documents and settings\brian\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [YG6X6FVUUC6C1VUZACLCIZOQ] c:\win32t\9DCCDACAEAD.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Broadcom Wireless Manager] c:\windows\system32\wltray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1423.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [JzONyxA1uSoFpGs8234A] c:\windows\system32\FmH6sWK7fLgXjCk.exe
mRun: [RTXqjUCelBzNc1] c:\documents and settings\brian\application data\dwme.exe
mRun: [nGAJwRsisPtsC.exe] c:\documents and settings\all users\application data\nGAJwRsisPtsC.exe
StartupFolder: c:\docume~1\brian\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\brian\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\brian\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\brian\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
uPolicies-explorer: NoDesktop = 1 (0x1)
dPolicies-explorer: NoDesktop = 1 (0x1)
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 68.113.206.10 24.217.0.5 24.217.201.67
TCP: Interfaces\{208BD793-7FBA-4348-90FE-CA68C67F0715} : DhcpNameServer = 68.113.206.10 24.217.0.5 24.217.201.67
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\brian\application data\mozilla\firefox\profiles\i7ydmh9q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.unt.edu/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\brian\application data\mozilla\firefox\profiles\i7ydmh9q.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\brian\application data\mozilla\firefox\profiles\i7ydmh9q.default\extensions\activegs@freetoolsassociation.com\platform\winnt_x86-msvc\plugins\npActiveGS.dll
FF - plugin: c:\documents and settings\brian\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ActiveGS: activegs@freetoolsassociation.com - %profile%\extensions\activegs@freetoolsassociation.com
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: XUL Cache: {506fcbf1-995f-4d82-9849-50c5bc13ea62} - %profile%\extensions\{506fcbf1-995f-4d82-9849-50c5bc13ea62}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys [2004-10-6 18432]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-9 385536]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-6-19 82952]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-6-19 141792]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-11-1 263888]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-11-1 338880]
S1 $sys$crater;$sys$crater;c:\windows\system32\$sys$filesystem\crater.sys [2004-10-7 11904]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-31 164048]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-28 11608]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-6-17 13696]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-11-1 233976]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-28 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-28 269480]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-31 19024]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-31 40384]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-28 66616]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-16 94880]
S2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-6-19 188136]
S2 VRSService;VRS Recording System;c:\program files\nch swift sound\vrs\vrs.exe [2008-7-3 651268]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-21 1684736]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-31 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-31 40384]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-6-19 55456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys --> c:\windows\system32\drivers\mfendisk.sys [?]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys --> c:\windows\system32\drivers\mfendisk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-16 40552]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-8-18 30576]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-11-1 371472]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-11-1 1117144]
.
=============== Created Last 30 ================
.
2011-11-01 23:22:01 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-11-01 23:22:01 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-11-01 23:22:00 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-01 23:21:57 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-01 23:21:57 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-01 23:21:56 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-01 23:21:54 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-01 23:21:47 -------- d-----w- c:\program files\PC Tools Security
2011-11-01 23:21:47 -------- d-----w- c:\program files\common files\PC Tools
2011-11-01 23:20:39 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-11-01 13:41:29 -------- d--h--w- c:\documents and settings\brian\application data\WqhYCwkIVlNx0c2
2011-11-01 13:41:29 -------- d--h--w- c:\documents and settings\brian\application data\FJ7dEL8gT
2011-11-01 07:46:14 499712 ---ha-w- c:\documents and settings\all users\application data\nGAJwRsisPtsC.exe
2011-11-01 06:09:00 -------- d--h--w- c:\documents and settings\brian\application data\lS22ibbD3pn5QHd
2011-11-01 06:09:00 -------- d--h--w- c:\documents and settings\brian\application data\jL8gRZqYCkrlOx0
2011-11-01 06:08:48 99328 ---ha-w- c:\documents and settings\brian\application data\dwme.exe
2011-11-01 06:08:48 -------- d--h--w- c:\documents and settings\brian\application data\WS1ibD3pn4Q6W7R
2011-11-01 06:08:47 1766912 ---ha-w- c:\windows\system32\FmH6sWK7fLgXjCk.exe
2011-11-01 06:08:47 -------- d--h--w- c:\documents and settings\brian\application data\eVelOBtzPySiDoG
2011-11-01 06:08:10 -------- d--h--w- c:\windows\optimableep
.
==================== Find3M ====================
.
2011-09-26 16:41:20 611328 ---ha-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ---ha-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ---ha-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ---ha-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ---ha-w- c:\windows\system32\win32k.sys
2011-08-31 22:00:50 22216 ---ha-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 18:51:29 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 21:32:17 832512 ---ha-w- c:\windows\system32\wininet.dll
2011-08-17 21:32:16 78336 ---ha-w- c:\windows\system32\ieencode.dll
2011-08-17 21:32:16 1830912 ---ha-w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32:15 17408 ---ha-w- c:\windows\system32\corpol.dll
2011-08-17 13:49:54 138496 ---ha-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22:23 389120 ---ha-w- c:\windows\system32\html.iec
2011-08-12 18:51:26 26488 ---ha-w- c:\windows\system32\spupdsvc.exe
.
============= FINISH: 18:50:53.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:50 PM

Posted 05 November 2011 - 11:45 AM

Hi,

Download
RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Before we begin, you should disable any anti-malware software you have installed so they do not interfere RKill running as some anti-malware software detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
  • It shall produce a log located at C:\RKill. Please copy and paste it into your next reply.
Next:

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

jedi

Edited by jedi, 05 November 2011 - 11:45 AM.
Formatting


#3 brianhjazz

brianhjazz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 05 November 2011 - 06:43 PM

Thanks for your help so far! So here's my status as of now:

I ran RKill successfully, it found and removed 1 file which upon being removed I was able to see my desktop icons again. I

I then installed and ran ComboFix. After it had started running I got a pop-up saying that ComboFix had located Rootkit.ZeroAccess and needed to restart the computer to continue it's repair process. I let it restart and it did so successfully, then it finished it's run and put out a log. It then restarted the computer again, only this time into regular mode and not safe mode, and upon restart System Security 2011 began to block certain programs including Notepad (not sure why?).

I also now have no internet access on that computer (this also occured post-ComboFix run). My modem is recognizing a signal and I am being given an IP address but neither IE or Firefox will open any sites, hence I am currently posting from a public computer at the library. I WAS able to open/run Malwarebytes...I ran it 2 times, the first time it found/quarantined 3 files including System Security 2011 but needed to restart the comp to complete it's process, which it did but SS2011 was still there. I ran it a 2nd time, this time it found and removed the SS2011 desktop shortcut but the program is still there and is still putting out pop-ups and blocking certain programs (for some reason it is blocking Notepad and Acrobat Reader but not Malwarebytes or Avira, which I let run while I went to the library to post this).

So in summary, RKill brought back my desktop icons and i'm fairly certain that ComboFix got rid of the TDSS rootkit but I am still infected with System Security 2011 and I now have no internet connection. I also have no logs to post from RKill, ComboFix or Malwarebytes because the virus is blocking them from being opened.

#4 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:50 PM

Posted 06 November 2011 - 07:56 AM

Hi again,

Click on the Start button.
Click on the Settings menu option.
Click on the Control Panel option.
When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
You will now see a menu. Click on the Repair menu option.
Let the repair process perform its tasks.
Next:
Please follow the instructions here:
http://www.bleepingcomputer.com/virus-removal/remove-system-security-2011
under Automated Removal Instructions for System Security 2011 using Malwarebytes' Anti-Malware:
from 1. to 7.
Next:
Run TDSSKiller again,

then I tried to install/run TDSSKiller which ran and found the TDSS File System along with 3 other "Unsigned Files" but all 4 threats are missing the option to "cure" and only have options to skip, quarantine or delete.

and select Quarantine.
Please let me know if these measures improve the situation, and post any logs you can access, especially from TDSSKiller and Combofix.

jedi

Edited by jedi, 06 November 2011 - 11:36 AM.
Formatting


#5 brianhjazz

brianhjazz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 06 November 2011 - 01:05 PM

Ok here's an update:

I still have no internet access, however I talked with someone from Charter and there is an outage in my building so it's not something being caused by a virus/my computer.

After getting home again, I ran ComboFix again and this time I was able to get access to Notepad/get the log. Here is the log from that run:

ComboFix 11-05-17.03 - Brian 05/18/2011 12:28:05.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1348 [GMT -5:00]
Running from: c:\documents and settings\Brian\My Documents\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Brian\Local Settings\Application Data\bkb.exe
c:\documents and settings\Brian\Local Settings\Application Data\uuc.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 02:04 . 2010-12-29 03:35 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-07 05:33 . 2008-05-16 22:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-04 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:45 . 2011-02-08 18:32 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-02-17 19:00 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2004-08-04 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-04-14 17:50 . 2010-06-20 02:50 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-05-08_21.11.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-18 17:15 . 2011-05-18 17:15 16384 c:\windows\temp\Perflib_Perfdata_554.dat
+ 2004-08-04 12:00 . 2011-02-17 19:00 44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2011-05-09 08:04 67516 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2011-03-14 20:00 67516 c:\windows\system32\perfc009.dat
+ 2007-08-13 23:54 . 2011-02-17 19:00 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 23:54 . 2010-12-20 23:08 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 27648 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 23:39 . 2011-02-17 11:43 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 23:39 . 2010-12-20 12:54 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-04 12:00 . 2011-02-17 19:00 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 12:00 . 2010-12-20 12:54 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2011-02-17 11:43 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 23:36 . 2011-02-17 19:00 63488 c:\windows\system32\icardie.dll
- 2007-08-13 23:36 . 2010-12-20 23:08 63488 c:\windows\system32\icardie.dll
+ 2004-08-04 12:00 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
+ 2007-08-13 23:36 . 2011-02-17 19:00 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-13 23:36 . 2010-12-20 23:08 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2010-01-05 10:00 . 2010-12-20 23:08 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-01-05 10:00 . 2011-02-17 19:00 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-13 23:54 . 2011-02-17 19:00 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-13 23:54 . 2010-12-20 23:08 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-31 15:33 . 2010-12-20 12:54 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-12-31 15:33 . 2011-02-17 11:43 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-13 23:39 . 2011-02-17 19:00 44544 c:\windows\system32\dllcache\iernonce.dll
- 2007-08-13 23:39 . 2010-12-20 23:08 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 08:10 . 2011-02-17 19:00 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 08:10 . 2010-12-20 23:08 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 23:39 . 2011-02-17 11:43 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 23:39 . 2010-12-20 12:54 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-01-05 10:00 . 2011-02-17 19:00 63488 c:\windows\system32\dllcache\icardie.dll
- 2010-01-05 10:00 . 2010-12-20 23:08 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2007-08-13 23:42 . 2011-02-17 19:00 17408 c:\windows\system32\dllcache\corpol.dll
- 2007-08-13 23:42 . 2010-12-20 23:08 17408 c:\windows\system32\dllcache\corpol.dll
+ 2010-05-24 15:50 . 2011-05-18 14:25 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-24 15:50 . 2011-05-08 19:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-16 22:18 . 2011-05-18 14:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-16 22:18 . 2011-05-08 19:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-12-05 09:21 . 2010-12-16 09:04 35088 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-12-05 09:21 . 2011-05-09 08:02 35088 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-12-05 09:21 . 2011-05-09 08:02 18704 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-12-05 09:21 . 2010-12-16 09:04 18704 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-12-05 09:21 . 2010-12-16 09:04 20240 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-12-05 09:21 . 2011-05-09 08:02 20240 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-05-12 08:00 . 2011-05-12 08:00 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-11-11 09:02 . 2010-11-11 09:02 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-20 08:12 . 2011-05-09 08:09 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-20 08:12 . 2011-02-23 09:00 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 44544 c:\windows\ie7updates\KB2497640-IE7\pngfilt.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 52224 c:\windows\ie7updates\KB2497640-IE7\msfeedsbs.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 27648 c:\windows\ie7updates\KB2497640-IE7\jsproxy.dll
+ 2011-05-09 08:08 . 2010-12-20 12:54 13824 c:\windows\ie7updates\KB2497640-IE7\ieudinit.exe
+ 2011-05-09 08:08 . 2010-12-20 23:08 44544 c:\windows\ie7updates\KB2497640-IE7\iernonce.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 78336 c:\windows\ie7updates\KB2497640-IE7\ieencode.dll
+ 2011-05-09 08:08 . 2010-12-20 12:54 70656 c:\windows\ie7updates\KB2497640-IE7\ie4uinit.exe
+ 2011-05-09 08:08 . 2010-12-20 23:08 63488 c:\windows\ie7updates\KB2497640-IE7\icardie.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 17408 c:\windows\ie7updates\KB2497640-IE7\corpol.dll
+ 2011-05-09 08:07 . 2011-05-09 08:07 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll
+ 2011-05-09 08:12 . 2011-05-09 08:12 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3f621b90371e67197bd4d0b86aa6f21d\System.Windows.Presentation.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\577b049541803541e6b00e2c36c00852\System.Web.DynamicData.Design.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\636ed65b7e5481320e3010b78a5e6cfa\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f83b1e8dd8c90490c8d924826c8b107d\System.AddIn.Contract.ni.dll
+ 2011-05-09 08:06 . 2011-05-09 08:06 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe
+ 2011-05-09 08:05 . 2011-05-09 08:05 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\108426b4dc654100c9a99bfa71f69886\Microsoft.Vsa.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8905268997c77a27c7f9c54aeba37f24\Microsoft.Build.Framework.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\11bb8ef375848eb1c074da1afd5cecdc\Microsoft.Build.Framework.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\6d74b9308a1517bfe959e597c3dd2427\dfsvc.ni.exe
+ 2011-05-09 08:09 . 2011-05-09 08:09 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll
- 2010-10-07 08:01 . 2010-10-07 08:01 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-07 08:01 . 2010-10-07 08:01 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-04-16 09:26 . 2011-02-17 12:32 5120 c:\windows\system32\xpsp4res.dll
- 2009-04-16 09:26 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-07 08:02 . 2010-10-07 08:02 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-07 08:02 . 2010-10-07 08:02 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 233472 c:\windows\system32\webcheck.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 105984 c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 105984 c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2011-03-14 20:00 432686 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2011-05-09 08:04 432686 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2011-02-17 19:00 102912 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 102912 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
+ 2004-08-04 12:00 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 671232 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 671232 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 478208 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 478208 c:\windows\system32\mshtmled.dll
- 2007-08-13 23:54 . 2010-12-20 23:08 468480 c:\windows\system32\msfeeds.dll
+ 2007-08-13 23:54 . 2011-02-17 19:00 468480 c:\windows\system32\msfeeds.dll
+ 2004-08-04 12:00 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll
- 2004-08-04 12:00 . 2010-09-18 17:23 974848 c:\windows\system32\mfc42u.dll
+ 2004-08-04 12:00 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll
+ 2004-08-04 12:00 . 2011-03-04 06:45 512000 c:\windows\system32\jscript.dll
- 2004-08-04 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2007-08-13 23:34 . 2011-02-17 19:00 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 23:34 . 2010-12-20 23:08 268288 c:\windows\system32\iertutil.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 192512 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 192512 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 384512 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 384512 c:\windows\system32\iedkcs32.dll
- 2007-07-11 17:27 . 2010-12-20 23:08 380928 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 17:27 . 2011-02-17 19:00 380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 12:00 . 2011-02-14 12:15 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 12:00 . 2010-12-20 11:23 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2011-02-17 13:18 357888 c:\windows\system32\drivers\srv.sys
+ 2004-08-04 12:00 . 2011-02-17 13:18 455936 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-04 12:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
- 2004-08-04 12:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-04 12:00 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
+ 2008-04-21 06:44 . 2011-02-17 19:00 832512 c:\windows\system32\dllcache\wininet.dll
- 2008-04-21 06:44 . 2010-12-20 23:08 832512 c:\windows\system32\dllcache\wininet.dll
- 2007-08-13 23:54 . 2010-12-20 23:08 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 23:54 . 2011-02-17 19:00 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2008-05-09 10:53 . 2011-03-04 06:45 434176 c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-13 23:44 . 2011-02-17 19:00 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 23:44 . 2010-12-20 23:08 105984 c:\windows\system32\dllcache\url.dll
+ 2008-10-14 21:54 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
+ 2007-08-13 23:44 . 2011-02-17 19:00 102912 c:\windows\system32\dllcache\occache.dll
- 2007-08-13 23:44 . 2010-12-20 23:08 102912 c:\windows\system32\dllcache\occache.dll
- 2008-06-20 17:46 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2008-06-20 17:46 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
- 2007-08-13 23:54 . 2010-12-20 23:08 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 23:54 . 2011-02-17 19:00 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-08-13 23:44 . 2010-12-20 23:08 193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-13 23:44 . 2011-02-17 19:00 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-08-13 23:54 . 2010-12-20 23:08 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 23:54 . 2011-02-17 19:00 478208 c:\windows\system32\dllcache\mshtmled.dll
- 2010-01-05 10:00 . 2010-12-20 23:08 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-01-05 10:00 . 2011-02-17 19:00 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-13 00:24 . 2011-02-17 13:18 455936 c:\windows\system32\dllcache\mrxsmb.sys
- 2004-08-04 12:00 . 2010-09-18 17:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2004-08-04 12:00 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2010-10-14 20:00 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
- 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53 . 2011-03-04 06:45 512000 c:\windows\system32\dllcache\jscript.dll
+ 2008-08-13 20:23 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2008-08-13 20:23 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2007-08-13 23:43 . 2010-12-20 11:25 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2007-08-13 23:43 . 2011-02-14 12:17 634648 c:\windows\system32\dllcache\iexplore.exe
- 2010-01-05 10:00 . 2010-12-20 23:08 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2010-01-05 10:00 . 2011-02-17 19:00 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-08-13 23:54 . 2010-12-20 23:08 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 23:54 . 2011-02-17 19:00 192512 c:\windows\system32\dllcache\iepeers.dll
- 2007-08-13 23:39 . 2010-12-20 23:08 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 23:39 . 2011-02-17 19:00 384512 c:\windows\system32\dllcache\iedkcs32.dll
- 2010-01-05 10:00 . 2010-12-20 23:08 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2010-01-05 10:00 . 2011-02-17 19:00 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-04 12:00 . 2011-02-14 12:15 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 12:00 . 2010-12-20 11:23 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 23:39 . 2011-02-17 19:00 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 23:39 . 2010-12-20 23:08 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 23:39 . 2011-02-17 19:00 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 23:39 . 2010-12-20 23:08 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 23:54 . 2010-12-20 23:08 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 23:54 . 2011-02-17 19:00 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 23:35 . 2011-02-17 19:00 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-08-13 23:35 . 2010-12-20 23:08 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-08-13 23:35 . 2010-12-20 23:08 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 23:35 . 2011-02-17 19:00 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-06-20 17:46 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
+ 2010-04-20 05:30 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
- 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2007-08-13 23:39 . 2011-02-17 19:00 124928 c:\windows\system32\dllcache\advpack.dll
- 2007-08-13 23:39 . 2010-12-20 23:08 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 12:00 . 2011-02-15 12:56 290432 c:\windows\system32\atmfd.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 124928 c:\windows\system32\advpack.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 124928 c:\windows\system32\advpack.dll
+ 2011-01-18 09:39 . 2011-01-18 09:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2010-05-11 11:40 . 2010-05-11 11:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-01-18 09:39 . 2011-01-18 09:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2010-05-11 11:40 . 2010-05-11 11:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-01-18 09:39 . 2011-01-18 09:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-12-05 09:21 . 2010-12-16 09:04 272648 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-12-05 09:21 . 2011-05-09 08:02 272648 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\pubs.exe
- 2009-12-05 09:21 . 2010-12-16 09:04 217864 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\misc.exe
+ 2009-12-05 09:21 . 2011-05-09 08:02 217864 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\misc.exe
+ 2011-05-09 08:08 . 2010-12-20 23:08 832512 c:\windows\ie7updates\KB2497640-IE7\wininet.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 233472 c:\windows\ie7updates\KB2497640-IE7\webcheck.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 105984 c:\windows\ie7updates\KB2497640-IE7\url.dll
+ 2011-05-09 08:08 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2497640-IE7\spuninst\updspapi.dll
+ 2011-05-09 08:08 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2497640-IE7\spuninst\spuninst.exe
+ 2011-05-09 08:08 . 2010-12-20 23:08 102912 c:\windows\ie7updates\KB2497640-IE7\occache.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 671232 c:\windows\ie7updates\KB2497640-IE7\mstime.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 193024 c:\windows\ie7updates\KB2497640-IE7\msrating.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 478208 c:\windows\ie7updates\KB2497640-IE7\mshtmled.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 468480 c:\windows\ie7updates\KB2497640-IE7\msfeeds.dll
+ 2011-05-09 08:08 . 2010-12-20 11:25 634648 c:\windows\ie7updates\KB2497640-IE7\iexplore.exe
+ 2011-05-09 08:08 . 2010-12-20 23:08 268288 c:\windows\ie7updates\KB2497640-IE7\iertutil.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 192512 c:\windows\ie7updates\KB2497640-IE7\iepeers.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 384512 c:\windows\ie7updates\KB2497640-IE7\iedkcs32.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 380928 c:\windows\ie7updates\KB2497640-IE7\ieapfltr.dll
+ 2011-05-09 08:08 . 2010-12-20 11:23 161792 c:\windows\ie7updates\KB2497640-IE7\ieakui.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 230400 c:\windows\ie7updates\KB2497640-IE7\ieaksie.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 153088 c:\windows\ie7updates\KB2497640-IE7\ieakeng.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 133120 c:\windows\ie7updates\KB2497640-IE7\extmgr.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 214528 c:\windows\ie7updates\KB2497640-IE7\dxtrans.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 347136 c:\windows\ie7updates\KB2497640-IE7\dxtmsft.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 124928 c:\windows\ie7updates\KB2497640-IE7\advpack.dll
+ 2008-11-13 00:24 . 2011-02-17 13:18 455936 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-05-09 08:10 . 2011-05-09 08:10 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\95de80b860252231b46014f58226e473\WsatConfig.ni.exe
+ 2011-05-09 08:07 . 2011-05-09 08:07 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll
+ 2011-05-09 08:07 . 2011-05-09 08:07 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll
+ 2011-05-09 08:07 . 2011-05-09 08:07 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll
+ 2011-05-09 08:12 . 2011-05-09 08:12 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3d8f787002439f4942c33f376cfd8555\System.Xml.Linq.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\4b746fea8062a10ccc6e5331914e7dad\System.Web.Routing.ni.dll
+ 2011-05-09 08:12 . 2011-05-09 08:12 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\103956fdb019bce8a173fe9cb9da3e02\System.Web.RegularExpressions.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c0a156fbf46ad272ac262e45eaa998f4\System.Web.Extensions.Design.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e3651e13567ce4e3fa7bb2fbab737d9a\System.Web.Entity.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\834d7769f39e4d937eda1ad3707d4716\System.Web.Entity.Design.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\032c96c6206b53bca122d1fbaf5f8ca2\System.Web.DynamicData.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6ce0e4fb33afcfcce43c427e82b987db\System.Web.Abstractions.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa6a58394a1f162eecce4cd8af0875c3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\6194eb4bc1e0133d0183d086b747f512\System.Net.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\d6ae8171ae6fd4fe83add34e6d70e5b5\System.Management.Instrumentation.ni.dll
+ 2011-05-09 08:09 . 2011-05-09 08:09 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\abd5a61d39e474f12b30ccbbe6277667\System.IO.Log.ni.dll
+ 2011-05-09 08:09 . 2011-05-09 08:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\12c4dba6d4ff0278d208c283d9ed7670\System.IdentityModel.Selectors.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.Wrapper.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
+ 2011-05-09 08:07 . 2011-05-09 08:07 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ef56bf47fc2fc4204e0fcc1f32bab01\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\447d7b4a7d0add13f8d2086088bcc41c\System.DirectoryServices.Protocols.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ce2afe8854ee9cdc834b6f392348c882\System.Data.Services.Design.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\03d4658290e300e437e745ef4a613b59\System.Data.Services.Client.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\7ce21a2855bb7731de4dab797e69f3f6\System.Data.Entity.Design.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ea57694aea47c05853516c9bb2ad54b4\System.Data.DataSetExtensions.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f312bb844670ebc7458fec9e6b2568b3\System.Configuration.Install.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\afd9595f07a8c68b26e81cf995957f56\System.AddIn.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3a42b2fbafe93d7b9395e328bea35afa\SMSvcHost.ni.exe
+ 2011-05-09 08:10 . 2011-05-09 08:10 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\97ff96d3fc8d0b10ea294f320acf821e\SMDiagnostics.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\28ed0e9efd938b05b4f53e0d90046701\ServiceModelReg.ni.exe
+ 2011-05-09 08:06 . 2011-05-09 08:06 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll
+ 2011-05-09 08:06 . 2011-05-09 08:06 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll
+ 2011-05-09 08:06 . 2011-05-09 08:06 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll
+ 2011-05-09 08:06 . 2011-05-09 08:06 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5670e74887ef1025c6a8c056ffe86b38\MSBuild.ni.exe
+ 2011-05-09 08:10 . 2011-05-09 08:10 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\653732002ebf5c68f69150a60e145e6a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\cc62770393640302bd4d7e442b1e49a4\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\352bff1ee71ce114e225f849038dc48d\Microsoft.Build.Utilities.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\7345f4d2d7157bf49de4158e8f2b6847\Microsoft.Build.Engine.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d7dba901ddd410ca1a0156d0f2a27533\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\010552e529d130ce914765b0801e2367\CustomMarshalers.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\6861f639b13967e9b014b44bbb7c5d4c\ComSvcConfig.ni.exe
+ 2011-05-09 08:09 . 2011-05-09 08:09 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\800da7dec567fadf3392091e9f01ecb9\AspNetMMCExt.ni.dll
- 2010-10-07 08:01 . 2010-10-07 08:01 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-10-07 08:01 . 2010-10-07 08:01 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-10-07 08:01 . 2010-10-07 08:01 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-05-08 21:37 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 1168384 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2010-12-20 23:08 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2011-02-17 19:00 3607040 c:\windows\system32\mshtml.dll
+ 2007-08-13 23:54 . 2011-02-17 19:00 6075904 c:\windows\system32\ieframe.dll
- 2007-08-13 23:54 . 2010-12-20 23:08 6075904 c:\windows\system32\ieframe.dll
+ 2008-05-16 15:10 . 2011-05-09 08:26 2179248 c:\windows\system32\FNTCACHE.DAT
- 2008-05-16 15:10 . 2011-02-10 09:23 2179248 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-14 21:54 . 2011-03-03 13:21 1857920 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-26 08:15 . 2011-02-17 19:00 1168384 c:\windows\system32\dllcache\urlmon.dll
- 2008-06-26 08:15 . 2010-12-20 23:08 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-21 06:44 . 2011-02-17 19:00 3607040 c:\windows\system32\dllcache\mshtml.dll
+ 2010-01-05 10:00 . 2011-02-17 19:00 6075904 c:\windows\system32\dllcache\ieframe.dll
- 2010-01-05 10:00 . 2010-12-20 23:08 6075904 c:\windows\system32\dllcache\ieframe.dll
+ 2011-01-18 09:39 . 2011-01-18 09:39 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2010-05-11 11:40 . 2010-05-11 11:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-01-18 09:39 . 2011-01-18 09:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-04-29 17:30 . 2011-04-29 17:30 1197056 c:\windows\Installer\f5bafec.msp
+ 2010-11-21 04:34 . 2010-11-21 04:34 1198080 c:\windows\Installer\24121e9.msp
+ 2011-03-18 01:01 . 2011-03-18 01:01 9563648 c:\windows\Installer\24121d7.msp
+ 2011-01-11 22:50 . 2011-01-11 22:50 8177152 c:\windows\Installer\24121cf.msp
+ 2011-05-09 08:08 . 2010-12-20 23:08 1168384 c:\windows\ie7updates\KB2497640-IE7\urlmon.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 3606528 c:\windows\ie7updates\KB2497640-IE7\mshtml.dll
+ 2011-05-09 08:08 . 2010-12-20 23:08 6075904 c:\windows\ie7updates\KB2497640-IE7\ieframe.dll
+ 2011-05-09 08:06 . 2011-05-09 08:06 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
+ 2011-05-09 08:07 . 2011-05-09 08:07 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll
+ 2011-05-09 08:05 . 2011-05-09 08:05 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
+ 2011-05-09 08:07 . 2011-05-09 08:07 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
+ 2011-05-09 08:12 . 2011-05-09 08:12 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6346221cecf631e5c0b754d842aad102\System.WorkflowServices.ni.dll
+ 2011-05-09 08:12 . 2011-05-09 08:12 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1fbcd203ff8d77d561df8bf806417ab6\System.Workflow.Runtime.ni.dll
+ 2011-05-09 08:12 . 2011-05-09 08:12 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\efbaf3696c44fd7d4b3cd925e0437b36\System.Workflow.ComponentModel.ni.dll
+ 2011-05-09 08:12 . 2011-05-09 08:12 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\52a9bc5dd1fa497af7c7f4600bd8e6d1\System.Workflow.Activities.ni.dll
+ 2011-05-09 08:12 . 2011-05-09 08:12 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f5ebeeb0a8aaba9db15ec3df591339ba\System.Web.Services.ni.dll
+ 2011-05-09 08:12 . 2011-05-09 08:12 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\92d6b75e3b63b528d4069bf4ee01983a\System.Web.Mobile.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\02d53154634c8000382942e0f43ead41\System.Web.Extensions.ni.dll
+ 2011-05-09 08:07 . 2011-05-09 08:07 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8b0bb430bb6af96c18b43e3c54cfafe8\System.ServiceModel.Web.ni.dll
+ 2011-05-09 08:09 . 2011-05-09 08:09 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\85090bd451617e204ffda625b8d9fc30\System.Runtime.Serialization.ni.dll
+ 2011-05-09 08:07 . 2011-05-09 08:07 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll
+ 2011-05-09 08:09 . 2011-05-09 08:09 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\86c59378e9a43bf101a10ad452a4bb8e\System.IdentityModel.ni.dll
+ 2011-05-09 08:07 . 2011-05-09 08:07 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c05d9332116964104c721e97f7ce1058\System.DirectoryServices.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0118c0c73ea5c77bda7b10b188102ab6\System.Deployment.ni.dll
+ 2011-05-09 08:07 . 2011-05-09 08:07 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ba3ca7a93e227c32ce7b50d0a7ba935f\System.Data.SqlXml.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de52be5da96059651b5bec800cb4605\System.Data.Services.ni.dll
+ 2011-05-09 08:07 . 2011-05-09 08:07 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\c91e83e85c030bc914ecc302fa9b2c60\System.Data.Entity.ni.dll
+ 2011-05-09 08:07 . 2011-05-09 08:07 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
+ 2011-05-09 08:06 . 2011-05-09 08:06 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll
+ 2011-05-09 08:06 . 2011-05-09 08:06 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll
+ 2011-05-09 08:05 . 2011-05-09 08:05 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b117bf63daa7e587f1bb2d975dccb4af\PresentationBuildTasks.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\269103939243ec6929739c8b9a645c0d\Microsoft.VisualBasic.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\bf7bd26d2828e35156814018939ce4f6\Microsoft.Transactions.Bridge.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\6594c17d7e112b0507b701d5b8a67bba\Microsoft.JScript.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f5eb1e42ccd0f67f7496b94a31949cd0\Microsoft.Build.Tasks.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cc7f05675a5cd8014222be1483d6beaf\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-05-09 08:10 . 2011-05-09 08:10 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\41cf95aa4ff5765b515d3252abc6353b\Microsoft.Build.Engine.ni.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-07 08:01 . 2010-10-07 08:01 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-07 08:01 . 2010-10-07 08:01 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-10-07 08:01 . 2010-10-07 08:01 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-05-09 08:04 . 2011-05-09 08:04 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-10-07 08:02 . 2010-10-07 08:02 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-05-24 21:10 . 2011-05-12 08:00 42829768 c:\windows\system32\MRT.exe
+ 2011-05-09 08:09 . 2011-05-09 08:09 20314624 c:\windows\Installer\24121ff.msp
+ 2011-02-12 01:47 . 2011-02-12 01:47 12028928 c:\windows\Installer\24121f4.msp
+ 2011-05-09 08:07 . 2011-05-09 08:07 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
+ 2011-05-09 08:11 . 2011-05-09 08:11 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll
+ 2011-05-09 08:09 . 2011-05-09 08:09 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b5f24d96334ea08b99350421450d3ba4\System.ServiceModel.ni.dll
+ 2011-05-09 08:07 . 2011-05-09 08:07 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll
+ 2011-05-09 08:06 . 2011-05-09 08:06 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
+ 2011-05-09 08:06 . 2011-05-09 08:06 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
+ 2011-05-09 08:05 . 2011-05-09 08:05 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Brian\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Brian\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Brian\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-06-04 822384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-26 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-11-06 611712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-24 137752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-03-02 1282048]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-21 1193336]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"LoadMSvcmm"="c:\program files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe" [2010-01-28 454856]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
.
c:\documents and settings\Brian\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Brian\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-6-18 344064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dynex Wireless Networking Utility.lnk - c:\program files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe [2009-5-30 1462272]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
2008-07-03 23:21 577540 ----a-w- c:\program files\NCH Swift Sound\Recordpad\recordpad.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRS]
2008-07-03 23:17 651268 ----a-w- c:\program files\NCH Swift Sound\VRS\vrs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Documents and Settings\\Brian\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys [10/6/2004 9:11 AM 18432]
R1 $sys$crater;$sys$crater;c:\windows\system32\$sys$filesystem\crater.sys [10/7/2004 2:57 AM 11904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/31/2010 12:45 PM 164048]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [6/17/2008 12:22 PM 13696]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [6/19/2010 9:50 PM 82952]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/28/2010 10:35 PM 136360]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/31/2010 12:45 PM 19024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/16/2009 11:59 PM 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/19/2010 9:50 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [6/19/2010 9:50 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [6/19/2010 9:50 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [6/19/2010 9:50 PM 141792]
R2 VRSService;VRS Recording System;c:\program files\NCH Swift Sound\VRS\vrs.exe [7/3/2008 6:17 PM 651268]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [6/19/2010 9:50 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [6/19/2010 9:50 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [6/19/2010 9:50 PM 88480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 11:36 PM 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/21/2010 1:34 AM 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 11:36 PM 135664]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [6/19/2010 9:50 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/19/2010 9:50 PM 83496]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-05-18 c:\windows\Tasks\At25.job
- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2011-05-18 c:\windows\Tasks\At26.job
- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2011-05-17 c:\windows\Tasks\At27.job
- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2011-05-17 c:\windows\Tasks\At28.job
- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2011-05-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-17 20:25]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 04:36]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 04:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:60061
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\i7ydmh9q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.uwec.edu/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ActiveGS: activegs@freetoolsassociation.com - %profile%\extensions\activegs@freetoolsassociation.com
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-18 12:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-05-18 12:35:58
ComboFix-quarantined-files.txt 2011-05-18 17:35
ComboFix2.txt 2011-05-18 17:10
ComboFix3.txt 2011-05-08 21:13
ComboFix4.txt 2011-03-21 04:00
ComboFix5.txt 2011-05-18 17:24
.
Pre-Run: 14,263,324,672 bytes free
Post-Run: 14,251,208,704 bytes free
.
- - End Of File - - 2B71903FADC7E10D66A572E9968FAC89


I also ran TDSSKiller again, which found nothing and did not put out a log. I did run Malwarebytes twice yesterday prior to my previous post, so I will include both of those logs in case they are of any help.

Log #1:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

11/5/2011 4:37:19 PM
mbam-log-2011-11-05 (16-37-19).txt

Scan type: Full scan (C:\|)
Objects scanned: 299547
Time elapsed: 39 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\documents and settings\all users\application data\ngajwrsisptsc.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{930a6388-8979-46d8-9c93-249a17ee4e29}\RP1164\A0155025.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Brian\Desktop\system security 2011.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

Log #2:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/5/2011 5:55:50 PM
mbam-log-2011-11-05 (17-55-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 299310
Time elapsed: 1 hour(s), 12 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Brian\Desktop\system security 2011.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

I also ran Avira yesterday and it found nothing. Current status of my computer is that I am running in "safe mode with networking" with absolutely no problems (except for not having internet which is unrelated), but whenever I try to reboot in normal mode I get the System Security 2011 popups and program blockages. I will try running Malwarebytes again later today and see if I get any new results, but both times I ran it yesterday the only noticeable difference was that it removed the SS2011 desktop icon.

Thanks again for your help so far!!

#6 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:50 PM

Posted 06 November 2011 - 02:20 PM

Hi again,

I still have no internet access, however I talked with someone from Charter and there is an outage in my building so it's not something being caused by a virus/my computer.
That's good news.

While in Safe Mode with Networking, please do the following:

* In Internet Explorer go to Tools => Internet Options = Connections Tab => Lan Settings and remove the reference to 60061 if found, then uncheck Use a proxy server and check Automatically detect settings.

* In Firefox in Tools Menu => Options... => Advanced Tab => Network Tab => Connection => Settings. Select the Auto-detect proxy settings for this network option.

Next:

Download the latest version of the Kaspersky Virus Removal Tool
  • Reboot to Normal Mode.
  • Close all other applications and double-click and run the installer.
  • When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.
  • In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats.
  • Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK.
  • Select all the scanable items except for CD-ROM drives and click the Start scan button.
  • If malware is detected, place a checkmark in the Apply to all objects box at the bottom of the window, and click the Delete button (or Disinfect if the button is active). The choice may need to be repeated depending on the ability to disinfect any infection found.
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Report button.
  • Go to the Reports tab with the image of a list .
  • Select the required section:
    Detected threats. This report displays all threats detected during autoscan. You can start automatic disinfection by clicking the Disinfect all button.
    Autoscan report. The report provides autoscan results.
    In order to save the report, click the Save button.
  • Click the Close button to close the Report window.
  • Click the Exit button in the main program window.
  • You will be prompted if you want to uninstall the program; click Yes, and then confirm that you want to completely remove the Virus Removal Tool.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the contents of the log you saved in your next reply.

jedi

#7 brianhjazz

brianhjazz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 07 November 2011 - 03:46 PM

Ok here's the latest update:

I ran the Kapersky Virus Removal Tool...originally when I tried to run it it was being blocked by SS2011 so I decided to try running it in safe mode. It started it's run (found 19 threats) before it tried to do a special disenfect, which caused it to reboot into regular mode and close the program w/o saving any sort of log. I was able to run it again for it's full duration in regular mode and it found 1 more threat. Here is the detected threats log:

Status: Deleted (events: 1)
11/6/2011 8:27:56 PM Deleted Trojan program Trojan.Win32.Jorik.Downloader.gs C:\System Volume Information\_restore{930A6388-8979-46D8-9C93-249A17EE4E29}\RP1165\A0156290.exe High

I do have the entire report but it's extremely large and for some reason it won't upload as an attachment. If you need it I can try to attach it again later.

Current status of the comp is that it is running w/o popups or any program blockage, but 3 things are still screwy:

1-there is still a SS2011 shortcut on my desktop...the last tool removed the popups and the startup icon but not the desktop shortcut
2-my quick launch icons are gone (to the right of the start button)...I can just bring those back though if that's not being caused by the virus
3-I still have no internet. I talked with someone from Charter at length today and figured out I should have service from their end, so it's something that's messed up on my end. We did figure out that I have an IP address starting with 169 that won't reset itself, which seems to be the problem. I tried resetting my router, disabling/reenabling my network device and restarting my DHCP client but none of those things worked. Is this somehow related to remnants of the virus?

Thanks again for your help!!

#8 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:50 PM

Posted 07 November 2011 - 04:40 PM

Hi again,

I do have the entire report but it's extremely large and for some reason it won't upload as an attachment. If you need it I can try to attach it again later.

No don't worry, the tool has done its job, I don't need to see exactly how.

Let's see if we can get you internet access again.

>>> Download Windows Repair: Please go here and click the "- Direct Download" button under "Portable (xxx KB)" to download tweaking.com_windows_repair_aio_setup.zip and save it to your Desktop. Then right-click on the new file => "Extract here".
Please open the new created folder "Tweaking.com - Windows Repair" and double-click "Repair_Windows.exe" (for Vista/W7, right-click on it =>"Run as administrator").

>>> System Restore: Click the "Step4" tab and click the "Create" button.
Please follow the on-screen prompts and let the program run uninterrupted.

>>> Start Repairs Options: Click the "Start Repairs" tab, select "Advanced Mode" and click "Start". In the box that opens please check the "Restart System when Finished" box and click Start. Allow the tool to run, if it does not restart your system automatically, reboot manually.

Let me know if this improves matters.

jedi

Edited by jedi, 08 November 2011 - 02:47 PM.


#9 brianhjazz

brianhjazz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 08 November 2011 - 02:01 PM

Ok, I ran Windows Repair and I now have internet again. I also updated/ran Malwarebytes again and this time it removed the SS2011 desktop icon, so I think everything is now fixed. I still don't have a quick launch toolbar even though my computer says that it should be there, but as far as I can tell everything else is working as it should. Any ideas on how to get the toolbar back?

#10 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:50 PM

Posted 09 November 2011 - 11:59 AM

Hi again,

One more scan to pick up any leftover files:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

jedi

#11 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:50 PM

Posted 20 January 2012 - 06:33 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users