Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've got the Audio Ads 'virus'


  • This topic is locked This topic is locked
25 replies to this topic

#1 BozoT

BozoT

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 27 June 2012 - 01:10 PM

Hi

I think this started yesterday (26th) but that was also my first day back home after being away for about a week so I can't be 100% sure.

It started out by playing ads for cleaning products every 5-10 minutes or so. Then it switched to just doing loud music. After I cottoned on to what was happening, each time I'd use the Windows Task Manager to terminate the 'extra' instance of iexplore. It was usually pretty easy to spot since it was using a significant amount of cpu.

I'd been hoping to find a do-it-yourself solution on the web, but if there is one it doesn't rate highly with Google. After a while I found you guys, and you seem to have been able to help a bunch of others with the same malware, so I really hope you'll be able to help me also!

A note of possible (or not) interest: When I registered here and was trying to confirm the registration by clicking on the link in the email you sent, it first went to the linked-to page and then the window immediately switched to (another instance of) my hotmail inbox. My first reaction was that the malware was aware of your site and didn't want me there. But I'm just guessing.

I did the scans yesterday (26th). Today (27th) I have so far had zero occurrences of the intrusive audio, although I can see that I have more iexplore.exe processes than I should have. I think it's just lying doggo for a while.

... BIO / "BozoT"

The logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by BIO at 19:09:39 on 2012-06-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.316 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [POINTER] point32.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203806884234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
TCP: Interfaces\{EC0925F8-53A3-4E3F-B416-3395D3D5AE57} : NameServer = 64.59.160.13,64.59.160.16
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2008-2-23 24971]
R2 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2009-9-28 24645]
R2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2008-2-24 267333]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-21 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-21 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-2-24 145800]
.
=============== Created Last 30 ================
.
2012-06-07 04:10:28 770384 ------w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-07 04:10:28 421200 ------w- c:\program files\mozilla firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-06-19 16:49:03 70344 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-19 16:49:03 426184 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-05-01 04:08:39 0 --sh--w- c:\windows\system32\dds_trash_log.cmd
2012-04-04 22:56:40 22344 ------w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 19:10:52.70 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:20 PM

Posted 28 June 2012 - 12:16 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 BozoT

BozoT
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 28 June 2012 - 09:32 PM

ComboFix 12-06-28.01 - BIO 2012-06-28 11:06:05.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.280 [GMT -7:00]
Running from: c:\documents and settings\BIO\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\18210612
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\BIO\Desktop\Internet Explorer.lnk
c:\documents and settings\BIO\My Documents\DPE.DUS
c:\documents and settings\BIO\WINDOWS
c:\windows\$NtUninstallKB1922$
c:\windows\$NtUninstallKB1922$\1155062596
c:\windows\$NtUninstallKB1922$\2748621910\@
c:\windows\$NtUninstallKB1922$\2748621910\cfg.ini
c:\windows\$NtUninstallKB1922$\2748621910\Desktop.ini
c:\windows\$NtUninstallKB1922$\2748621910\L\ljutoaua
c:\windows\$NtUninstallKB1922$\2748621910\oemid
c:\windows\$NtUninstallKB1922$\2748621910\U\00000001.@
c:\windows\$NtUninstallKB1922$\2748621910\U\00000002.@
c:\windows\$NtUninstallKB1922$\2748621910\U\00000004.@
c:\windows\$NtUninstallKB1922$\2748621910\U\80000000.@
c:\windows\$NtUninstallKB1922$\2748621910\U\80000004.@
c:\windows\$NtUninstallKB1922$\2748621910\U\80000032.@
c:\windows\$NtUninstallKB1922$\2748621910\version
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\SET106.tmp
c:\windows\system32\SETF6.tmp
c:\windows\system32\SETF8.tmp
.
c:\windows\system32\drivers\netbt.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\netbt.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 18:15 . 2008-04-13 19:21 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-06-28 18:15 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-06-07 04:10 . 2012-06-07 04:10 770384 ------w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-07 04:10 . 2012-06-07 04:10 421200 ------w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 17:51 . 2011-04-05 15:40 1409 ----a-w- c:\windows\QTFont.for
2012-06-19 16:49 . 2012-04-03 16:25 426184 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 16:49 . 2011-05-13 16:24 70344 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:56 . 2009-06-24 18:49 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-06-16 18:31 . 2011-05-07 02:50 85472 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"POINTER"="point32.exe" [N/A]
"SoundMan"="SOUNDMAN.EXE" [2004-09-24 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-25 2559488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-25 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584]
Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2009-9-28 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Aptana\\Aptana Studio 2.0\\AptanaStudio.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
.
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2008-02-23 24971]
R2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-09-28 24645]
R2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2008-02-24 267333]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 113120]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
incdrec
CSDriver
NWADI
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 19:15]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 19:15]
.
2012-06-27 c:\windows\Tasks\WebReg 20080224111322.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 09:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: Interfaces\{EC0925F8-53A3-4E3F-B416-3395D3D5AE57}: NameServer = 64.59.160.13,64.59.160.16
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-28 11:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.22.08]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3572)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
.
**************************************************************************
.
Completion time: 2012-06-28 11:28:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 18:28
.
Pre-Run: 433,343,885,312 bytes free
Post-Run: 437,384,065,024 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin
.
- - End Of File - - BD7AEA8D5F765E39D9077F262B07C991

•Problems I had? Hmm.

I don't think these are serious, but I'll mention them anyway.
- I did get the "Recovery console" message, and installed it, apparently successfully.
- while running ComboFix a box came up while I was out of the room and it closed itself just as I began to read it. It said something like "You are infected with ... rootkit ... This is a particularly difficult ... reboot ..." and then my PC rebooted. ComboFix started running again as soon as I signed in, and continued for a while. Then it rebooted a 2nd time and produced the log (above).
- I noticed that some of the icons that I had rearranged this morning, before starting with this, went back to their "last night" configuration. (no big deal)
- while re-rearranging them I inadvertently dropped one "too near" the ComboFix icon, so ComboFix started again, but it complained about something it perceived as a misspelling and stopped

•How is the computer doing now?

- I've been running about 6 hours after ComboFix. There have been zero occurrences of random audio and I have seen NO 'extra' iexplore.exe processes in Task Manager.
- However, some things are not working as they should when browsing. I'd say that "too much" has been purged/disabled.
-- One site where my PC has always remembered my password before - today I had to rekey it. I have not checked a lot of sites, though. There may or may not be others.
-- Many little icons are now missing. For example: 1) the "Google" logo on its main search site (it's missing with IE, but present for FF). 2) ALL of the little images on THIS page show as a box with a red X or just a dot in the middle. 3) Some of the buttons in Hotmail are invisible (I can see the 'help' text when I hover over their location, but the image isn't there.). 4) Some of the button images for Yahoo's main page are similarly blank. => I'm guessing some setting for IE has been tweaked, but I do not know which one.
So the "side effects" are annoying, but minor and almost certainly fixable, but the main effect is that the Audio Ads are gone! Yeay.

BIO/BozoT

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:20 PM

Posted 28 June 2012 - 09:55 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 BozoT

BozoT
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 28 June 2012 - 11:05 PM

20:36:38.0546 2908 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
20:36:39.0046 2908 ============================================================
20:36:39.0046 2908 Current date / time: 2012/06/28 20:36:39.0046
20:36:39.0046 2908 SystemInfo:
20:36:39.0046 2908
20:36:39.0046 2908 OS Version: 5.1.2600 ServicePack: 3.0
20:36:39.0046 2908 Product type: Workstation
20:36:39.0046 2908 ComputerName: INGEMAR-5D5DCFC
20:36:39.0046 2908 UserName: BIO
20:36:39.0046 2908 Windows directory: C:\WINDOWS
20:36:39.0046 2908 System windows directory: C:\WINDOWS
20:36:39.0046 2908 Processor architecture: Intel x86
20:36:39.0046 2908 Number of processors: 2
20:36:39.0046 2908 Page size: 0x1000
20:36:39.0046 2908 Boot type: Normal boot
20:36:39.0046 2908 ============================================================
20:36:43.0906 2908 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:36:43.0921 2908 Drive \Device\Harddisk1\DR1 - Size: 0x1757BDA000 (93.37 Gb), SectorSize: 0x200, Cylinders: 0x2F9C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:36:43.0921 2908 ============================================================
20:36:43.0921 2908 \Device\Harddisk0\DR0:
20:36:43.0921 2908 MBR partitions:
20:36:43.0921 2908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
20:36:43.0921 2908 \Device\Harddisk1\DR1:
20:36:43.0921 2908 MBR partitions:
20:36:43.0921 2908 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBABAC5D
20:36:43.0921 2908 ============================================================
20:36:43.0937 2908 C: <-> \Device\Harddisk0\DR0\Partition0
20:36:44.0046 2908 D: <-> \Device\Harddisk1\DR1\Partition0
20:36:44.0046 2908 ============================================================
20:36:44.0046 2908 Initialize success
20:36:44.0046 2908 ============================================================
20:36:58.0890 3108 ============================================================
20:36:58.0890 3108 Scan started
20:36:58.0890 3108 Mode: Manual;
20:36:58.0890 3108 ============================================================
20:36:59.0265 3108 Abiosdsk - ok
20:36:59.0281 3108 abp480n5 - ok
20:36:59.0328 3108 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:36:59.0328 3108 ACPI - ok
20:36:59.0359 3108 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:36:59.0359 3108 ACPIEC - ok
20:36:59.0359 3108 adpu160m - ok
20:36:59.0390 3108 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:36:59.0390 3108 aec - ok
20:36:59.0421 3108 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
20:36:59.0437 3108 AFD - ok
20:36:59.0437 3108 Aha154x - ok
20:36:59.0453 3108 aic78u2 - ok
20:36:59.0453 3108 aic78xx - ok
20:36:59.0484 3108 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:36:59.0500 3108 Alerter - ok
20:36:59.0515 3108 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:36:59.0515 3108 ALG - ok
20:36:59.0531 3108 AliIde - ok
20:36:59.0531 3108 amsint - ok
20:36:59.0609 3108 Apache2.2 (8750b3454af73568be6203047a08f560) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
20:36:59.0609 3108 Apache2.2 - ok
20:36:59.0609 3108 AppMgmt - ok
20:36:59.0625 3108 asc - ok
20:36:59.0640 3108 asc3350p - ok
20:36:59.0640 3108 asc3550 - ok
20:36:59.0671 3108 aslm75 (71356a1370739e25375a1d17b6ae318f) C:\WINDOWS\system32\drivers\aslm75.sys
20:36:59.0671 3108 aslm75 - ok
20:36:59.0734 3108 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:36:59.0765 3108 aspnet_state - ok
20:36:59.0781 3108 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:36:59.0781 3108 AsyncMac - ok
20:36:59.0843 3108 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:36:59.0843 3108 atapi - ok
20:36:59.0843 3108 Atdisk - ok
20:36:59.0906 3108 Ati HotKey Poller (870d480c911a7ee9a98b3cb190d95d22) C:\WINDOWS\system32\Ati2evxx.exe
20:36:59.0906 3108 Ati HotKey Poller - ok
20:36:59.0937 3108 ATI Smart (6b6b5de3f63c3f9e9de4f84729395f37) C:\WINDOWS\system32\ati2sgag.exe
20:36:59.0953 3108 ATI Smart - ok
20:37:00.0046 3108 ati2mtag (7554246a1f39cefd6c42b80016bdcca8) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:37:00.0109 3108 ati2mtag - ok
20:37:00.0218 3108 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:37:00.0218 3108 Atmarpc - ok
20:37:00.0265 3108 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:37:00.0265 3108 AudioSrv - ok
20:37:00.0296 3108 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:37:00.0296 3108 audstub - ok
20:37:00.0328 3108 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:37:00.0328 3108 Beep - ok
20:37:00.0359 3108 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:37:00.0468 3108 BITS - ok
20:37:00.0515 3108 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:37:00.0515 3108 Browser - ok
20:37:00.0515 3108 catchme - ok
20:37:00.0562 3108 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:37:00.0562 3108 cbidf2k - ok
20:37:00.0562 3108 cd20xrnt - ok
20:37:00.0593 3108 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:37:00.0609 3108 Cdaudio - ok
20:37:00.0640 3108 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:37:00.0640 3108 Cdfs - ok
20:37:00.0671 3108 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:37:00.0671 3108 Cdrom - ok
20:37:00.0687 3108 Changer - ok
20:37:00.0703 3108 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:37:00.0703 3108 CiSvc - ok
20:37:00.0718 3108 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:37:00.0718 3108 ClipSrv - ok
20:37:00.0781 3108 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:37:00.0796 3108 clr_optimization_v2.0.50727_32 - ok
20:37:00.0796 3108 CmdIde - ok
20:37:00.0812 3108 COMSysApp - ok
20:37:00.0828 3108 Cpqarray - ok
20:37:00.0843 3108 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:37:00.0843 3108 CryptSvc - ok
20:37:00.0859 3108 CSDriver - ok
20:37:00.0984 3108 CVPND (bf14d7efb4b9d3021642fa5d88ae0bbb) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
20:37:01.0015 3108 CVPND - ok
20:37:01.0078 3108 CVPNDRV (d28cce0c911e6c5f1ebeb41a8603503c) C:\WINDOWS\system32\Drivers\CVPNDRV.sys
20:37:01.0078 3108 CVPNDRV - ok
20:37:01.0078 3108 dac2w2k - ok
20:37:01.0093 3108 dac960nt - ok
20:37:01.0140 3108 DCCAM (b1ad007f9a7dd8cfc981958d5c167d2d) C:\WINDOWS\system32\DRIVERS\DcCam.sys
20:37:01.0140 3108 DCCAM - ok
20:37:01.0156 3108 DcFpoint (5fd20284caaf112201311619ff89fa44) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
20:37:01.0156 3108 DcFpoint - ok
20:37:01.0187 3108 DCFS2K (867f7e6841b15d32481c3f1b83364e3a) C:\WINDOWS\system32\drivers\dcfs2k.sys
20:37:01.0187 3108 DCFS2K - ok
20:37:01.0203 3108 DcLps (1b889ac45faf088ff2af690779368956) C:\WINDOWS\system32\DRIVERS\DcLps.sys
20:37:01.0203 3108 DcLps - ok
20:37:01.0281 3108 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:37:01.0296 3108 DcomLaunch - ok
20:37:01.0312 3108 DcPTP (47b1ccec23aec5ae6a2005d1a0d8ed65) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
20:37:01.0312 3108 DcPTP - ok
20:37:01.0343 3108 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:37:01.0343 3108 Dhcp - ok
20:37:01.0375 3108 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:37:01.0375 3108 Disk - ok
20:37:01.0390 3108 dmadmin - ok
20:37:01.0421 3108 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:37:01.0468 3108 dmboot - ok
20:37:01.0640 3108 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:37:01.0640 3108 dmio - ok
20:37:01.0671 3108 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:37:01.0671 3108 dmload - ok
20:37:01.0687 3108 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:37:01.0687 3108 dmserver - ok
20:37:01.0718 3108 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:37:01.0718 3108 DMusic - ok
20:37:01.0750 3108 DNE (f3d3e0d3fefac57ed1ecadfe746e52f3) C:\WINDOWS\system32\DRIVERS\dne2000.sys
20:37:01.0765 3108 DNE - ok
20:37:01.0796 3108 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:37:01.0796 3108 Dnscache - ok
20:37:01.0828 3108 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:37:01.0828 3108 Dot3svc - ok
20:37:01.0843 3108 dpti2o - ok
20:37:01.0859 3108 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:37:01.0859 3108 drmkaud - ok
20:37:01.0890 3108 E100B (5e72c8fbba5e949995ceb4d25656f904) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:37:01.0906 3108 E100B - ok
20:37:01.0921 3108 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:37:01.0921 3108 EapHost - ok
20:37:01.0953 3108 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:37:01.0953 3108 ERSvc - ok
20:37:02.0000 3108 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:37:02.0000 3108 Eventlog - ok
20:37:02.0031 3108 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:37:02.0031 3108 EventSystem - ok
20:37:02.0093 3108 Exportit (20ff28fb3b268e7c76b10841a9f81ba4) C:\WINDOWS\system32\DRIVERS\exportit.sys
20:37:02.0093 3108 Exportit - ok
20:37:02.0140 3108 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:37:02.0140 3108 Fastfat - ok
20:37:02.0171 3108 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:37:02.0203 3108 FastUserSwitchingCompatibility - ok
20:37:02.0218 3108 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:37:02.0218 3108 Fdc - ok
20:37:02.0234 3108 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:37:02.0250 3108 Fips - ok
20:37:02.0250 3108 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:37:02.0250 3108 Flpydisk - ok
20:37:02.0281 3108 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:37:02.0296 3108 FltMgr - ok
20:37:02.0390 3108 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:37:02.0390 3108 FontCache3.0.0.0 - ok
20:37:02.0421 3108 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:37:02.0421 3108 Fs_Rec - ok
20:37:02.0437 3108 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:37:02.0437 3108 Ftdisk - ok
20:37:02.0453 3108 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:37:02.0453 3108 Gpc - ok
20:37:02.0546 3108 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:37:02.0546 3108 gupdate - ok
20:37:02.0546 3108 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:37:02.0546 3108 gupdatem - ok
20:37:02.0578 3108 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
20:37:02.0593 3108 HdAudAddService - ok
20:37:02.0640 3108 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:37:02.0640 3108 HDAudBus - ok
20:37:02.0718 3108 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:37:02.0718 3108 helpsvc - ok
20:37:02.0734 3108 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:37:02.0734 3108 HidServ - ok
20:37:02.0765 3108 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:37:02.0765 3108 hidusb - ok
20:37:02.0781 3108 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:37:02.0796 3108 hkmsvc - ok
20:37:02.0796 3108 hpn - ok
20:37:02.0843 3108 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:37:02.0843 3108 HPZid412 - ok
20:37:02.0859 3108 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:37:02.0859 3108 HPZipr12 - ok
20:37:02.0859 3108 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:37:02.0875 3108 HPZius12 - ok
20:37:02.0921 3108 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:37:02.0921 3108 HTTP - ok
20:37:02.0953 3108 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:37:02.0984 3108 HTTPFilter - ok
20:37:02.0984 3108 i2omgmt - ok
20:37:02.0984 3108 i2omp - ok
20:37:03.0015 3108 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:37:03.0015 3108 i8042prt - ok
20:37:03.0125 3108 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:37:03.0156 3108 idsvc - ok
20:37:03.0156 3108 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:37:03.0156 3108 Imapi - ok
20:37:03.0234 3108 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:37:03.0250 3108 ImapiService - ok
20:37:03.0250 3108 incdrec - ok
20:37:03.0265 3108 ini910u - ok
20:37:03.0375 3108 IntcAzAudAddService (c60b77a9eac40774556201a736e050a8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:37:03.0437 3108 IntcAzAudAddService - ok
20:37:03.0546 3108 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:37:03.0546 3108 IntelIde - ok
20:37:03.0546 3108 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:37:03.0562 3108 intelppm - ok
20:37:03.0578 3108 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:37:03.0578 3108 Ip6Fw - ok
20:37:03.0609 3108 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
20:37:03.0609 3108 IPFilter - ok
20:37:03.0640 3108 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:37:03.0640 3108 IpFilterDriver - ok
20:37:03.0640 3108 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:37:03.0640 3108 IpInIp - ok
20:37:03.0671 3108 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:37:03.0671 3108 IpNat - ok
20:37:03.0687 3108 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:37:03.0687 3108 IPSec - ok
20:37:03.0687 3108 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:37:03.0687 3108 IRENUM - ok
20:37:03.0703 3108 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:37:03.0703 3108 isapnp - ok
20:37:03.0750 3108 iteraid (c53360c1932904fe89c6be55378628cb) C:\WINDOWS\system32\DRIVERS\iteraid.sys
20:37:03.0750 3108 iteraid - ok
20:37:03.0843 3108 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe
20:37:03.0843 3108 JavaQuickStarterService - ok
20:37:03.0859 3108 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:37:03.0859 3108 Kbdclass - ok
20:37:03.0875 3108 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:37:03.0875 3108 kbdhid - ok
20:37:03.0921 3108 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:37:03.0921 3108 kmixer - ok
20:37:03.0968 3108 KodakCCS (4e1060d2f3b745931cf83b3649be8a57) C:\WINDOWS\system32\drivers\KodakCCS.exe
20:37:03.0968 3108 KodakCCS - ok
20:37:04.0015 3108 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:37:04.0015 3108 KSecDD - ok
20:37:04.0062 3108 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:37:04.0062 3108 lanmanserver - ok
20:37:04.0093 3108 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:37:04.0109 3108 lanmanworkstation - ok
20:37:04.0109 3108 lbrtfdc - ok
20:37:04.0140 3108 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:37:04.0140 3108 LmHosts - ok
20:37:04.0156 3108 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:37:04.0156 3108 Messenger - ok
20:37:04.0187 3108 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:37:04.0187 3108 mnmdd - ok
20:37:04.0203 3108 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:37:04.0203 3108 mnmsrvc - ok
20:37:04.0218 3108 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:37:04.0218 3108 Modem - ok
20:37:04.0234 3108 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:37:04.0234 3108 Mouclass - ok
20:37:04.0265 3108 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:37:04.0281 3108 mouhid - ok
20:37:04.0281 3108 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:37:04.0296 3108 MountMgr - ok
20:37:04.0343 3108 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:37:04.0343 3108 MozillaMaintenance - ok
20:37:04.0343 3108 mraid35x - ok
20:37:04.0359 3108 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:37:04.0375 3108 MRxDAV - ok
20:37:04.0437 3108 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:37:04.0437 3108 MRxSmb - ok
20:37:04.0468 3108 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:37:04.0468 3108 MSDTC - ok
20:37:04.0500 3108 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:37:04.0500 3108 Msfs - ok
20:37:04.0500 3108 MSIServer - ok
20:37:04.0546 3108 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:37:04.0546 3108 MSKSSRV - ok
20:37:04.0562 3108 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:37:04.0562 3108 MSPCLOCK - ok
20:37:04.0562 3108 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:37:04.0562 3108 MSPQM - ok
20:37:04.0593 3108 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:37:04.0593 3108 mssmbios - ok
20:37:04.0609 3108 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:37:04.0609 3108 Mup - ok
20:37:04.0656 3108 MySQL - ok
20:37:04.0671 3108 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:37:04.0687 3108 napagent - ok
20:37:04.0734 3108 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:37:04.0734 3108 NDIS - ok
20:37:04.0750 3108 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:37:04.0750 3108 NdisTapi - ok
20:37:04.0765 3108 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:37:04.0765 3108 Ndisuio - ok
20:37:04.0765 3108 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:37:04.0781 3108 NdisWan - ok
20:37:04.0796 3108 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:37:04.0796 3108 NDProxy - ok
20:37:04.0812 3108 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:37:04.0812 3108 NetBIOS - ok
20:37:04.0828 3108 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:37:04.0843 3108 NetBT - ok
20:37:04.0859 3108 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:37:04.0859 3108 NetDDE - ok
20:37:04.0859 3108 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:37:04.0859 3108 NetDDEdsdm - ok
20:37:04.0890 3108 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:37:04.0890 3108 Netlogon - ok
20:37:04.0906 3108 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:37:04.0906 3108 Netman - ok
20:37:05.0000 3108 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:37:05.0000 3108 NetTcpPortSharing - ok
20:37:05.0046 3108 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:37:05.0046 3108 Nla - ok
20:37:05.0062 3108 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:37:05.0062 3108 Npfs - ok
20:37:05.0718 3108 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:37:05.0734 3108 Ntfs - ok
20:37:05.0734 3108 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:37:05.0734 3108 NtLmSsp - ok
20:37:05.0781 3108 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:37:05.0796 3108 NtmsSvc - ok
20:37:05.0828 3108 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:37:05.0828 3108 Null - ok
20:37:05.0828 3108 NWADI - ok
20:37:05.0859 3108 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:37:05.0859 3108 NwlnkFlt - ok
20:37:05.0875 3108 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:37:05.0875 3108 NwlnkFwd - ok
20:37:05.0906 3108 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:37:05.0906 3108 Parport - ok
20:37:05.0906 3108 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:37:05.0906 3108 PartMgr - ok
20:37:05.0921 3108 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:37:05.0921 3108 ParVdm - ok
20:37:05.0937 3108 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:37:05.0937 3108 PCI - ok
20:37:05.0937 3108 PCIDump - ok
20:37:05.0984 3108 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
20:37:05.0984 3108 PCIIde - ok
20:37:06.0015 3108 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:37:06.0015 3108 Pcmcia - ok
20:37:06.0031 3108 PDCOMP - ok
20:37:06.0031 3108 PDFRAME - ok
20:37:06.0046 3108 PDRELI - ok
20:37:06.0046 3108 PDRFRAME - ok
20:37:06.0062 3108 perc2 - ok
20:37:06.0062 3108 perc2hib - ok
20:37:06.0125 3108 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:37:06.0125 3108 PlugPlay - ok
20:37:06.0156 3108 Pml Driver HPZ12 (5c1cadd1cb67c0b9d8a84ec6e4d6b5cc) C:\WINDOWS\system32\HPZipm12.exe
20:37:06.0156 3108 Pml Driver HPZ12 - ok
20:37:06.0156 3108 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:37:06.0171 3108 PolicyAgent - ok
20:37:06.0187 3108 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:37:06.0187 3108 PptpMiniport - ok
20:37:06.0187 3108 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:37:06.0203 3108 ProtectedStorage - ok
20:37:06.0203 3108 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:37:06.0203 3108 PSched - ok
20:37:06.0250 3108 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:37:06.0250 3108 Ptilink - ok
20:37:06.0265 3108 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
20:37:06.0265 3108 PxHelp20 - ok
20:37:06.0281 3108 ql1080 - ok
20:37:06.0296 3108 Ql10wnt - ok
20:37:06.0296 3108 ql12160 - ok
20:37:06.0312 3108 ql1240 - ok
20:37:06.0312 3108 ql1280 - ok
20:37:06.0343 3108 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:37:06.0343 3108 RasAcd - ok
20:37:06.0359 3108 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:37:06.0359 3108 RasAuto - ok
20:37:06.0375 3108 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:37:06.0375 3108 Rasl2tp - ok
20:37:06.0406 3108 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:37:06.0406 3108 RasMan - ok
20:37:06.0421 3108 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:37:06.0421 3108 RasPppoe - ok
20:37:06.0453 3108 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:37:06.0453 3108 Raspti - ok
20:37:06.0468 3108 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:37:06.0468 3108 Rdbss - ok
20:37:06.0484 3108 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:37:06.0484 3108 RDPCDD - ok
20:37:06.0531 3108 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
20:37:06.0531 3108 RDPWD - ok
20:37:06.0562 3108 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:37:06.0562 3108 RDSessMgr - ok
20:37:06.0593 3108 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:37:06.0609 3108 redbook - ok
20:37:06.0640 3108 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:37:06.0640 3108 RemoteAccess - ok
20:37:06.0640 3108 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:37:06.0656 3108 RpcLocator - ok
20:37:06.0687 3108 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:37:06.0703 3108 RpcSs - ok
20:37:06.0718 3108 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:37:06.0718 3108 RSVP - ok
20:37:06.0750 3108 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:37:06.0750 3108 SamSs - ok
20:37:06.0765 3108 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:37:06.0765 3108 SCardSvr - ok
20:37:06.0781 3108 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:37:06.0796 3108 Schedule - ok
20:37:06.0812 3108 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:37:06.0812 3108 Secdrv - ok
20:37:06.0843 3108 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:37:06.0843 3108 seclogon - ok
20:37:06.0859 3108 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:37:06.0859 3108 SENS - ok
20:37:06.0875 3108 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:37:06.0875 3108 serenum - ok
20:37:06.0890 3108 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:37:06.0890 3108 Serial - ok
20:37:06.0906 3108 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:37:06.0906 3108 Sfloppy - ok
20:37:06.0937 3108 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:37:06.0953 3108 SharedAccess - ok
20:37:06.0984 3108 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:37:07.0000 3108 ShellHWDetection - ok
20:37:07.0000 3108 Simbad - ok
20:37:07.0015 3108 Sparrow - ok
20:37:07.0031 3108 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:37:07.0046 3108 splitter - ok
20:37:07.0078 3108 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:37:07.0093 3108 Spooler - ok
20:37:07.0109 3108 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:37:07.0109 3108 sr - ok
20:37:07.0125 3108 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:37:07.0125 3108 srservice - ok
20:37:07.0187 3108 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:37:07.0187 3108 Srv - ok
20:37:07.0203 3108 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:37:07.0218 3108 SSDPSRV - ok
20:37:07.0234 3108 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:37:07.0250 3108 stisvc - ok
20:37:07.0281 3108 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:37:07.0296 3108 swenum - ok
20:37:07.0312 3108 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:37:07.0312 3108 swmidi - ok
20:37:07.0312 3108 SwPrv - ok
20:37:07.0328 3108 symc810 - ok
20:37:07.0328 3108 symc8xx - ok
20:37:07.0343 3108 sym_hi - ok
20:37:07.0359 3108 sym_u3 - ok
20:37:07.0468 3108 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:37:07.0484 3108 sysaudio - ok
20:37:07.0500 3108 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:37:07.0515 3108 SysmonLog - ok
20:37:07.0531 3108 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:37:07.0531 3108 TapiSrv - ok
20:37:07.0578 3108 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:37:07.0593 3108 Tcpip - ok
20:37:07.0609 3108 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:37:07.0609 3108 TDPIPE - ok
20:37:07.0625 3108 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:37:07.0625 3108 TDTCP - ok
20:37:07.0640 3108 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:37:07.0640 3108 TermDD - ok
20:37:07.0671 3108 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:37:07.0671 3108 TermService - ok
20:37:07.0718 3108 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:37:07.0718 3108 Themes - ok
20:37:07.0734 3108 TosIde - ok
20:37:07.0750 3108 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:37:07.0750 3108 TrkWks - ok
20:37:07.0781 3108 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:37:07.0781 3108 Udfs - ok
20:37:07.0781 3108 ultra - ok
20:37:07.0812 3108 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:37:07.0828 3108 Update - ok
20:37:07.0875 3108 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:37:07.0875 3108 upnphost - ok
20:37:07.0890 3108 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:37:07.0906 3108 UPS - ok
20:37:07.0937 3108 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:37:07.0937 3108 usbccgp - ok
20:37:07.0953 3108 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:37:07.0953 3108 usbehci - ok
20:37:07.0968 3108 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:37:07.0968 3108 usbhub - ok
20:37:07.0984 3108 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:37:07.0984 3108 usbprint - ok
20:37:07.0984 3108 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:37:08.0015 3108 usbscan - ok
20:37:08.0046 3108 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:37:08.0046 3108 USBSTOR - ok
20:37:08.0046 3108 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:37:08.0046 3108 usbuhci - ok
20:37:08.0062 3108 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:37:08.0062 3108 VgaSave - ok
20:37:08.0062 3108 ViaIde - ok
20:37:08.0093 3108 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:37:08.0093 3108 VolSnap - ok
20:37:08.0140 3108 vsdatant (a1bbbffd303a8bc9446a094fb5de11fb) C:\WINDOWS\system32\vsdatant.sys
20:37:08.0140 3108 vsdatant - ok
20:37:08.0171 3108 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:37:08.0171 3108 VSS - ok
20:37:08.0218 3108 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:37:08.0234 3108 W32Time - ok
20:37:08.0234 3108 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:37:08.0234 3108 Wanarp - ok
20:37:08.0250 3108 WDICA - ok
20:37:08.0281 3108 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:37:08.0296 3108 wdmaud - ok
20:37:08.0328 3108 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:37:08.0328 3108 WebClient - ok
20:37:08.0406 3108 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:37:08.0406 3108 winmgmt - ok
20:37:08.0453 3108 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
20:37:08.0453 3108 WmdmPmSN - ok
20:37:08.0484 3108 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:37:08.0484 3108 WmiApSrv - ok
20:37:08.0593 3108 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:37:08.0609 3108 WMPNetworkSvc - ok
20:37:08.0640 3108 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:37:08.0640 3108 WS2IFSL - ok
20:37:08.0687 3108 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:37:08.0687 3108 wscsvc - ok
20:37:08.0703 3108 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:37:08.0703 3108 wuauserv - ok
20:37:08.0734 3108 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:37:08.0734 3108 WudfPf - ok
20:37:08.0750 3108 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:37:08.0750 3108 WudfRd - ok
20:37:08.0765 3108 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:37:08.0765 3108 WudfSvc - ok
20:37:08.0812 3108 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:37:08.0812 3108 WZCSVC - ok
20:37:08.0843 3108 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:37:08.0859 3108 xmlprov - ok
20:37:08.0875 3108 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:37:09.0250 3108 \Device\Harddisk0\DR0 - ok
20:37:09.0250 3108 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:37:09.0250 3108 \Device\Harddisk1\DR1 - ok
20:37:09.0281 3108 Boot (0x1200) (28ec56fafe7aff984e1f05e45c652c08) \Device\Harddisk0\DR0\Partition0
20:37:09.0281 3108 \Device\Harddisk0\DR0\Partition0 - ok
20:37:09.0281 3108 Boot (0x1200) (79e73e9e99b482c08043720362753b52) \Device\Harddisk1\DR1\Partition0
20:37:09.0281 3108 \Device\Harddisk1\DR1\Partition0 - ok
20:37:09.0281 3108 ============================================================
20:37:09.0281 3108 Scan finished
20:37:09.0281 3108 ============================================================
20:37:09.0296 2028 Detected object count: 0
20:37:09.0296 2028 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-28 20:41:21
-----------------------------
20:41:21.968 OS Version: Windows 5.1.2600 Service Pack 3
20:41:21.968 Number of processors: 2 586 0x304
20:41:21.968 ComputerName: INGEMAR-5D5DCFC UserName: BIO
20:41:22.593 Initialize success
20:43:09.062 AVAST engine defs: 12062900
20:43:58.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10
20:43:58.703 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
20:43:58.703 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-1b
20:43:58.703 Disk 1 Vendor: Maxtor_6L100M0 BANC1G10 Size: 95611MB BusType: 3
20:43:58.718 Disk 0 MBR read successfully
20:43:58.718 Disk 0 MBR scan
20:43:58.765 Disk 0 Windows XP default MBR code
20:43:58.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
20:43:58.765 Disk 0 scanning sectors +976768065
20:43:58.843 Disk 0 scanning C:\WINDOWS\system32\drivers
20:44:08.093 Service scanning
20:44:17.968 Modules scanning
20:44:22.828 Disk 0 trace - called modules:
20:44:22.843 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
20:44:22.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f66ab8]
20:44:22.843 3 CLASSPNP.SYS[f87b6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-10[0x82f8ab00]
20:44:26.828 AVAST engine scan C:\WINDOWS
20:44:37.906 AVAST engine scan C:\WINDOWS\system32
20:46:56.203 AVAST engine scan C:\WINDOWS\system32\drivers
20:47:11.906 AVAST engine scan C:\Documents and Settings\BIO
20:55:00.906 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
20:56:24.484 Scan finished successfully
20:57:11.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\BIO\Desktop\MBR.dat"
20:57:11.812 The log file has been saved successfully to "C:\Documents and Settings\BIO\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:20 PM

Posted 29 June 2012 - 10:06 PM

Greetings


download PNG_Fix.zip from this page and run the fix http://www.winhelponline.com/articles/202/1/PNG-images-are-not-displayed-on-Web-sites-in-Internet-Explorer.html


At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 BozoT

BozoT
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 29 June 2012 - 11:26 PM

ComboFix 12-06-28.01 - BIO 2012-06-29 20:52:15.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.179 [GMT -7:00]
Running from: c:\documents and settings\BIO\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\BIO\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\BIO\Application Data\PriceGong
c:\documents and settings\BIO\Application Data\PriceGong\Data\1.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\a.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\b.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\c.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\d.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\e.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\f.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\g.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\h.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\i.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\j.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\k.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\l.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\m.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\BIO\Application Data\PriceGong\Data\n.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\o.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\p.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\q.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\r.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\s.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\t.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\u.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\v.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\w.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\x.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\y.txt
c:\documents and settings\BIO\Application Data\PriceGong\Data\z.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 03:22 . 2012-06-30 03:28 -------- d-----w- c:\documents and settings\BIO\Local Settings\Application Data\Conduit
2012-06-28 22:57 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-28 22:57 . 2012-05-02 13:46 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-06-28 22:56 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-06-28 22:56 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-06-28 22:56 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-06-28 18:15 . 2008-04-13 19:21 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-06-28 18:15 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-06-07 04:10 . 2012-06-07 04:10 770384 ------w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-07 04:10 . 2012-06-07 04:10 421200 ------w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-05-31 13:22 . 2012-05-31 13:22 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 17:51 . 2011-04-05 15:40 1409 ----a-w- c:\windows\QTFont.for
2012-06-19 16:49 . 2012-04-03 16:25 426184 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 16:49 . 2011-05-13 16:24 70344 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2008-02-23 20:43 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2008-02-23 20:43 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2008-02-23 20:43 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2008-02-23 22:48 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2008-02-23 20:43 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2008-02-23 20:43 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2008-02-23 20:43 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2008-02-23 20:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-04 12:00 1863168 ------w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2004-08-04 12:00 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-02-23 20:41 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 22:56 . 2009-06-24 18:49 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-06-16 18:31 . 2011-05-07 02:50 85472 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-28_18.23.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-29 16:53 . 2012-06-29 16:53 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat
- 2007-11-13 11:31 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2007-11-13 11:31 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2012-06-28 22:54 . 2012-06-02 22:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-06-28 22:54 . 2012-06-02 22:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2004-08-04 12:00 . 2012-06-29 16:57 71488 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2012-06-28 18:25 71488 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2004-08-04 12:00 . 2011-09-26 18:41 20480 c:\windows\system32\oleaccrc.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll
- 2007-08-14 02:54 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 02:54 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2004-08-04 12:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
- 2010-06-17 18:00 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-06-17 18:00 . 2012-05-11 14:42 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-02-23 20:43 . 2012-06-02 22:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2008-02-23 20:43 . 2012-06-02 22:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2004-08-04 12:00 . 2011-09-26 18:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll
- 2010-06-17 05:09 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-06-17 05:09 . 2012-05-11 14:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2004-08-04 12:00 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-04 12:00 . 2012-06-02 22:19 97304 c:\windows\system32\dllcache\cdm.dll
- 2004-08-04 12:00 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-04 12:00 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
+ 2011-12-25 10:49 . 2011-12-25 10:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2011-12-25 18:07 . 2011-12-25 18:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-09-23 22:55 . 2010-09-23 22:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-09-23 10:17 . 2010-09-23 10:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 06:49 . 2011-12-25 06:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 06:49 . 2011-12-25 06:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-09-23 10:17 . 2010-09-23 10:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2012-06-29 05:11 . 2011-04-25 16:11 12800 c:\windows\ie8updates\KB2699988-IE8\xpshims.dll
+ 2012-06-29 05:11 . 2011-04-25 16:11 66560 c:\windows\ie8updates\KB2699988-IE8\mshtmled.dll
+ 2012-06-29 05:11 . 2011-04-25 16:11 55296 c:\windows\ie8updates\KB2699988-IE8\msfeedsbs.dll
+ 2012-06-29 05:11 . 2011-04-25 16:11 43520 c:\windows\ie8updates\KB2699988-IE8\licmgr10.dll
+ 2012-06-29 05:11 . 2011-04-25 16:11 25600 c:\windows\ie8updates\KB2699988-IE8\jsproxy.dll
+ 2012-06-29 05:15 . 2012-06-29 05:15 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_de49e879\System.Drawing.Design.dll
+ 2012-06-29 05:15 . 2012-06-29 05:15 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_60e4eeef\CustomMarshalers.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
+ 2012-06-29 18:11 . 2012-06-29 18:11 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-06-29 18:11 . 2012-06-29 18:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\7bb7e51275fa19f8b4894c772bdb1e10\System.AddIn.Contract.ni.dll
+ 2012-06-29 05:23 . 2012-06-29 05:23 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f0c4a4528f130ef2ff1ae63dd7b39075\PresentationFontCache.ni.exe
+ 2012-06-29 05:23 . 2012-06-29 05:23 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\53931181e5a5e194da82605613cda6af\PresentationCFFRasterizer.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2be3ad4cda6853d7959a84cec0414c5\Microsoft.Vsa.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8fab9cd28bbc860a34feec119512664d\Microsoft.Build.Framework.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0eac132c7c36f1c100ae23c956b379e7\Microsoft.Build.Framework.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\d66bc03eb7eae89b4dde2d09eda1414f\dfsvc.ni.exe
+ 2012-06-29 18:09 . 2012-06-29 18:09 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
+ 2012-06-29 05:24 . 2012-06-29 05:24 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-06-29 05:24 . 2012-06-29 05:24 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-06-29 05:24 . 2012-06-29 05:24 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-29 05:24 . 2012-06-29 05:24 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-29 05:15 . 2012-06-29 05:15 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-07 05:41 . 2010-10-07 05:41 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-06-29 05:24 . 2012-06-29 05:24 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-06-16 05:35 . 2011-06-16 05:35 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-06-16 05:35 . 2011-06-16 05:35 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-06-29 05:24 . 2012-06-29 05:24 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-04-06 06:13 . 2012-04-06 06:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
- 2004-08-04 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2004-08-04 12:00 . 2012-02-29 14:10 177664 c:\windows\system32\wintrust.dll
+ 2004-08-04 12:00 . 2011-11-25 21:57 293376 c:\windows\system32\winsrv.dll
- 2004-08-04 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2004-08-04 12:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
- 2004-08-04 12:00 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
- 2004-08-04 12:00 . 2009-03-08 11:34 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll
+ 2008-07-30 03:59 . 2011-09-26 18:41 611328 c:\windows\system32\uiautomationcore.dll
+ 2004-08-04 12:00 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
+ 2004-08-04 12:00 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
- 2004-08-04 12:00 . 2012-06-28 18:25 441552 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2012-06-29 16:57 441552 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2011-09-26 18:41 220160 c:\windows\system32\oleacc.dll
- 2004-08-04 12:00 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
+ 2007-08-14 02:54 . 2012-05-11 14:42 629760 c:\windows\system32\msfeeds.dll
+ 2008-02-23 20:42 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
- 2008-02-23 20:42 . 2011-05-02 15:31 692736 c:\windows\system32\inetcomm.dll
+ 2004-08-04 12:00 . 2012-02-29 14:10 148480 c:\windows\system32\imagehlp.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe
+ 2008-02-23 12:33 . 2012-06-29 16:52 136464 c:\windows\system32\FNTCACHE.DAT
- 2008-02-23 12:33 . 2011-05-04 17:03 136464 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll
- 2004-08-04 12:00 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll
- 2004-08-04 12:00 . 2011-04-29 16:19 456320 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-04 12:00 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
- 2004-08-04 12:00 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-04 12:00 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
+ 2008-02-23 20:43 . 2012-06-02 22:19 210968 c:\windows\system32\dllcache\wuweb.dll
+ 2008-02-23 20:43 . 2012-06-02 22:19 329240 c:\windows\system32\dllcache\wucltui.dll
+ 2008-02-23 20:43 . 2012-06-02 22:19 577048 c:\windows\system32\dllcache\wuapi.dll
+ 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2004-08-04 12:00 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 12:00 . 2009-03-08 11:34 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2004-08-04 12:00 . 2011-09-26 18:41 220160 c:\windows\system32\dllcache\oleacc.dll
- 2004-08-04 12:00 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-06-17 05:09 . 2012-05-11 14:42 629760 c:\windows\system32\dllcache\msfeeds.dll
- 2010-06-17 00:10 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-06-17 00:10 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-01-29 15:01 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2010-01-29 15:01 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
+ 2010-06-17 18:00 . 2012-05-11 14:42 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-06-17 18:00 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 12:00 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-17 18:00 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-17 18:00 . 2012-05-11 14:42 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2004-08-04 12:00 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-02-09 13:53 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
- 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
- 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
+ 2012-04-06 06:52 . 2012-04-06 06:52 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2011-12-25 10:49 . 2011-12-25 10:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-04-21 14:15 . 2012-04-21 14:15 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 989968 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-04-26 00:45 . 2012-04-26 00:45 471040 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-25 05:53 . 2011-12-25 05:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-09-23 09:25 . 2010-09-23 09:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2011-12-25 06:49 . 2011-12-25 06:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2010-09-23 10:17 . 2010-09-23 10:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-12-22 23:50 . 2011-12-22 23:50 256000 c:\windows\Installer\196ed1f.msp
+ 2012-04-22 04:55 . 2012-04-22 04:55 980480 c:\windows\Installer\196ed17.msp
+ 2011-12-25 12:40 . 2011-12-25 12:40 819200 c:\windows\Installer\196ed02.msp
+ 2012-06-29 05:11 . 2011-04-25 16:11 916480 c:\windows\ie8updates\KB2699988-IE8\wininet.dll
+ 2012-06-29 05:11 . 2009-03-08 11:34 105984 c:\windows\ie8updates\KB2699988-IE8\url.dll
+ 2012-06-29 05:11 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2699988-IE8\spuninst\updspapi.dll
+ 2012-06-29 05:11 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2699988-IE8\spuninst\spuninst.exe
+ 2012-06-29 05:11 . 2011-04-25 16:11 206848 c:\windows\ie8updates\KB2699988-IE8\occache.dll
+ 2012-06-29 05:11 . 2011-04-25 16:11 611840 c:\windows\ie8updates\KB2699988-IE8\mstime.dll
+ 2012-06-29 05:11 . 2011-04-25 16:11 602112 c:\windows\ie8updates\KB2699988-IE8\msfeeds.dll
+ 2012-06-29 05:11 . 2009-03-08 11:35 521216 c:\windows\ie8updates\KB2699988-IE8\jsdbgui.dll
+ 2012-06-29 05:11 . 2011-04-25 16:11 247808 c:\windows\ie8updates\KB2699988-IE8\ieproxy.dll
+ 2012-06-29 05:11 . 2011-04-25 16:11 184320 c:\windows\ie8updates\KB2699988-IE8\iepeers.dll
+ 2012-06-29 05:11 . 2011-04-25 16:11 743424 c:\windows\ie8updates\KB2699988-IE8\iedvtool.dll
+ 2012-06-29 05:11 . 2011-04-25 16:11 387584 c:\windows\ie8updates\KB2699988-IE8\iedkcs32.dll
+ 2012-06-29 05:11 . 2011-04-25 12:01 173568 c:\windows\ie8updates\KB2699988-IE8\ie4uinit.exe
- 2010-06-17 00:10 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-06-17 00:10 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2012-06-29 05:15 . 2012-06-29 05:15 843776 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_35219d03\System.Drawing.dll
+ 2012-06-29 05:15 . 2012-06-29 05:15 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ced9c054\System.Drawing.Design.dll
+ 2012-06-29 05:15 . 2012-06-29 05:15 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_a80db8df\CustomMarshalers.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ac4fc3032c19946f9b2729468888206d\WsatConfig.ni.exe
+ 2012-06-29 16:54 . 2012-06-29 16:54 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\86e11a59f02b2dda27ec2e7cba351744\WindowsFormsIntegration.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\be27ab5913cec2b292a019c2a13ec701\UIAutomationTypes.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\04e5e2be34a70ee7f4c87550238095a0\UIAutomationClient.ni.dll
+ 2012-06-29 18:11 . 2012-06-29 18:11 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll
+ 2012-06-29 18:11 . 2012-06-29 18:11 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c7765c10516d375e9ddedad2dbab848\System.Web.RegularExpressions.ni.dll
+ 2012-06-29 18:11 . 2012-06-29 18:11 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll
+ 2012-06-29 18:11 . 2012-06-29 18:11 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll
+ 2012-06-29 18:11 . 2012-06-29 18:11 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll
+ 2012-06-29 18:11 . 2012-06-29 18:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4a9eb43005a041959ddc5c7e586ab746\System.Net.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\3182a049ba953010dec649cf290a9e90\System.Management.Instrumentation.ni.dll
+ 2012-06-29 18:08 . 2012-06-29 18:08 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8991f21d4b3676bf6f779110db8d4ac9\System.IO.Log.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\96a3fc1f74a00b618b70bd1701600408\System.Drawing.Design.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ca484772955bc4db03b5dcb611c09423\System.DirectoryServices.Protocols.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ba5e68dddfd3279a8469d39eded48f3\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a0109fce606a3110a5e7f9a4773f517e\System.Data.Services.Design.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3a68d0441f509ffa6f8f0fb9cfcc5780\System.Data.Services.Client.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04440b3dd5d822da4973a525ee04b05d\System.Data.Entity.Design.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\7bbb5d9e3b161b4d4b968e590442d3ae\System.Data.DataSetExtensions.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6762f1ee780fa9c0b4ef66b285c64844\SMSvcHost.ni.exe
+ 2012-06-29 18:09 . 2012-06-29 18:09 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\47ed5bc9f42ea0054ce9acfde5e640b8\ServiceModelReg.ni.exe
+ 2012-06-29 05:27 . 2012-06-29 05:27 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a4706b850df9a3483f2fc439b6abe616\PresentationFramework.Royale.ni.dll
+ 2012-06-29 05:27 . 2012-06-29 05:27 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
+ 2012-06-29 05:27 . 2012-06-29 05:27 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
+ 2012-06-29 05:27 . 2012-06-29 05:27 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\186c27fbd7b38b5551889274f6fa2ccd\PresentationFramework.Aero.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5a121969a115d11b6256eb960c145686\MSBuild.ni.exe
+ 2012-06-29 18:09 . 2012-06-29 18:09 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\97c613d3899b320a6765793bdf490272\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dec22fb7d6b8929a41380e5359741a07\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1009b31c86a1b798fffa9e0127cec29c\Microsoft.Build.Utilities.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\21d88631ef629715d3eecdd08e62e0b8\Microsoft.Build.Engine.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a0f38c6478cca8297fb160291346c1c9\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
+ 2012-06-29 18:08 . 2012-06-29 18:08 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\9869c02d18825fdd32e64135a3e7246b\ComSvcConfig.ni.exe
+ 2012-06-29 18:09 . 2012-06-29 18:09 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c0045c1c7c29c7e7cc7bd60001b729a7\AspNetMMCExt.ni.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-29 05:24 . 2012-06-29 05:24 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-29 05:24 . 2012-06-29 05:24 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-29 05:24 . 2012-06-29 05:24 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-29 05:26 . 2012-06-29 05:26 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2010-02-22 11:20 . 2010-02-22 11:20 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-29 05:10 . 2012-06-29 05:10 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-06-29 05:24 . 2012-06-29 05:24 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-29 05:10 . 2012-06-29 05:10 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2010-02-22 11:16 . 2010-02-22 11:16 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-06-29 05:09 . 2012-06-29 05:09 471040 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-28 22:59 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2004-08-04 12:00 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll
+ 2004-08-04 12:00 . 2012-05-11 14:42 6007808 c:\windows\system32\mshtml.dll
+ 2007-08-14 02:34 . 2012-05-11 14:42 2000384 c:\windows\system32\iertutil.dll
+ 2008-02-23 20:43 . 2012-06-02 22:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-05-02 05:22 . 2012-05-15 13:20 1863168 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 12:00 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2010-02-05 18:27 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
+ 2010-06-17 00:09 . 2012-05-04 13:12 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-06-17 00:09 . 2012-05-04 12:32 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 02:02 . 2012-05-04 12:32 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2010-06-17 00:09 . 2012-05-04 13:16 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-04 12:00 . 2012-05-11 14:42 6007808 c:\windows\system32\dllcache\mshtml.dll
+ 2010-06-17 05:09 . 2012-05-11 14:42 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-03-20 12:23 . 2012-03-20 12:23 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2011-03-25 13:15 . 2011-03-25 13:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-03-20 12:23 . 2012-03-20 12:23 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2008-07-25 19:17 . 2008-07-25 19:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 5913360 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-03-25 13:15 . 2011-03-25 13:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-04-26 09:32 . 2012-04-26 09:32 6385664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp
+ 2011-12-25 18:07 . 2011-12-25 18:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 18:06 . 2011-12-25 18:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-09-23 22:55 . 2010-09-23 22:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 18:06 . 2011-12-25 18:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 05:54 . 2011-12-25 05:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 05:53 . 2011-12-25 05:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2011-12-25 18:06 . 2011-12-25 18:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2010-09-23 22:55 . 2010-09-23 22:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-12-26 16:59 . 2011-12-26 16:59 4368896 c:\windows\Installer\196ece1.msp
+ 2012-04-26 02:32 . 2012-04-26 02:32 7069184 c:\windows\Installer\196ecca.msp
+ 2012-03-21 06:57 . 2012-03-21 06:57 6188544 c:\windows\Installer\196ecc1.msp
+ 2012-06-29 05:11 . 2011-04-25 16:11 1211904 c:\windows\ie8updates\KB2699988-IE8\urlmon.dll
+ 2012-06-29 05:11 . 2011-05-30 22:19 5964800 c:\windows\ie8updates\KB2699988-IE8\mshtml.dll
+ 2012-06-29 05:11 . 2011-04-25 16:11 1991680 c:\windows\ie8updates\KB2699988-IE8\iertutil.dll
+ 2010-06-17 00:09 . 2012-05-04 13:12 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-06-17 00:09 . 2012-05-04 12:32 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 02:02 . 2012-05-04 12:32 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-06-17 00:09 . 2012-05-04 13:16 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-06-29 05:15 . 2012-06-29 05:15 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f209073e\System.dll
+ 2012-06-29 05:15 . 2012-06-29 05:15 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_388c4dcc\System.dll
+ 2012-06-29 05:15 . 2012-06-29 05:15 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_9d772f4a\System.Xml.dll
+ 2012-06-29 05:16 . 2012-06-29 05:16 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_383b4f14\System.Xml.dll
+ 2012-06-29 05:15 . 2012-06-29 05:15 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_ad615456\System.Windows.Forms.dll
+ 2012-06-29 05:16 . 2012-06-29 05:16 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_0772d152\System.Windows.Forms.dll
+ 2012-06-29 05:16 . 2012-06-29 05:16 2252800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_75633615\System.Drawing.dll
+ 2012-06-29 05:16 . 2012-06-29 05:16 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b2e1adf0\System.Design.dll
+ 2012-06-29 05:15 . 2012-06-29 05:15 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_4326791f\System.Design.dll
+ 2012-06-29 05:15 . 2012-06-29 05:15 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7b47600c\mscorlib.dll
+ 2012-06-29 05:16 . 2012-06-29 05:16 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_110d0302\mscorlib.dll
+ 2012-06-29 05:23 . 2012-06-29 05:23 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41a81b97625c113b591ed082c95276e2\UIAutomationClientsideProviders.ni.dll
+ 2012-06-29 05:23 . 2012-06-29 05:23 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
+ 2012-06-29 18:11 . 2012-06-29 18:11 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll
+ 2012-06-29 18:11 . 2012-06-29 18:11 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll
+ 2012-06-29 18:11 . 2012-06-29 18:11 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll
+ 2012-06-29 18:11 . 2012-06-29 18:11 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll
+ 2012-06-29 18:11 . 2012-06-29 18:11 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
+ 2012-06-29 18:11 . 2012-06-29 18:11 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll
+ 2012-06-29 18:11 . 2012-06-29 18:11 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5efb50c91f3c5e49be2079f625d933b7\System.Speech.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
+ 2012-06-29 18:08 . 2012-06-29 18:08 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d380f1813e27c2a086e62f0218669d67\System.Printing.ni.dll
+ 2012-06-29 18:08 . 2012-06-29 18:08 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54 1592320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b55887436d2cfbe1fb32dd18d554185b\System.DirectoryServices.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de7666b1cd0a1bc363726c9553dc39c\System.Data.Services.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\772c94f595cd87b7fa187d592ef46fcf\System.Data.Entity.ni.dll
+ 2012-06-29 16:53 . 2012-06-29 16:53 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
+ 2012-06-29 16:53 . 2012-06-29 16:53 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\443dd7f0b84c3de54b1a72be655e307c\ReachFramework.ni.dll
+ 2012-06-29 16:53 . 2012-06-29 16:53 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\48ddcafff1a5603fb3289e90330275c0\PresentationUI.ni.dll
+ 2012-06-29 05:23 . 2012-06-29 05:23 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\8c509044eea2ab22689ea43926b30108\PresentationBuildTasks.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42145ebf75f77cabad442f0801a81c64\Microsoft.Transactions.Bridge.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\cfe15312373b4668398404b5822bab7d\Microsoft.JScript.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4e463dcf2a03c71913a61b44c32e2389\Microsoft.Build.Tasks.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\395b4a85c7941ac4dd9d1c6f5eb444c7\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-29 18:09 . 2012-06-29 18:09 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5aa63a1cb41e3a5e1e8ed17072e60ec3\Microsoft.Build.Engine.ni.dll
+ 2012-06-29 05:10 . 2012-06-29 05:10 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2010-06-23 16:31 . 2010-06-23 16:31 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-29 05:24 . 2012-06-29 05:24 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-08 10:00 . 2010-10-08 10:00 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-06-29 05:15 . 2012-06-29 05:15 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-29 05:24 . 2012-06-29 05:24 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-29 05:10 . 2012-06-29 05:10 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-29 05:24 . 2012-06-29 05:24 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-29 05:10 . 2012-06-29 05:10 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-29 05:25 . 2012-06-29 05:25 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-16 05:35 . 2011-06-16 05:35 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-10-07 05:41 . 2010-10-07 05:41 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-06-29 05:15 . 2012-06-29 05:15 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-06-29 05:15 . 2012-06-29 05:15 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-29 05:15 . 2012-06-29 05:15 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-02-26 05:18 . 2012-06-04 06:35 56731752 c:\windows\system32\MRT.exe
+ 2007-08-14 02:54 . 2012-05-12 03:12 11111424 c:\windows\system32\ieframe.dll
+ 2010-06-17 05:09 . 2012-05-12 03:12 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2011-12-27 00:02 . 2011-12-27 00:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
+ 2012-04-06 09:12 . 2012-04-06 09:12 15709696 c:\windows\Installer\196ed27.msp
+ 2012-01-04 09:25 . 2012-01-04 09:25 17751552 c:\windows\Installer\196ed0f.msp
+ 2011-12-26 16:02 . 2011-12-26 16:02 19677184 c:\windows\Installer\196ecfb.msp
+ 2012-04-06 10:13 . 2012-04-06 10:13 16527872 c:\windows\Installer\196ecd6.msp
+ 2012-06-29 05:11 . 2011-04-26 17:11 11081728 c:\windows\ie8updates\KB2699988-IE8\ieframe.dll
+ 2012-06-29 05:24 . 2012-06-29 05:24 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP52B.tmp\PresentationFramework.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
+ 2012-06-29 18:10 . 2012-06-29 18:10 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
+ 2012-06-29 18:08 . 2012-06-29 18:08 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
+ 2012-06-29 16:54 . 2012-06-29 16:54 10682368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f73a8455f384e90f6925309336fece24\System.Design.ni.dll
+ 2012-06-29 05:27 . 2012-06-29 05:27 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
+ 2012-06-29 05:26 . 2012-06-29 05:26 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
+ 2012-06-29 05:22 . 2012-06-29 05:22 11492352 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-06-07 07:46 . 2005-06-07 07:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe
.
2005-08-12 21:43 . 2005-08-12 21:43 45056 c:\program files\ATI Technologies\ATI.ACE\bak\cli.exe
.
2003-08-19 09:01 . 2003-08-19 09:01 110592 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe
.
2004-08-13 20:17 . 2006-04-13 20:20 59040 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe
2004-08-13 20:17 . 2004-08-13 20:17 58488 c:\program files\Common Files\Symantec Shared\ccApp.exe
.
2005-02-17 06:11 . 2005-02-17 06:11 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
.
2003-12-22 16:38 . 2003-12-22 16:38 241664 c:\program files\HP\hpcoretech\bak\hpcmpmgr.exe
2003-12-22 16:38 . 2003-12-22 16:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"POINTER"="point32.exe" [N/A]
"SoundMan"="SOUNDMAN.EXE" [2004-09-24 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-25 2559488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-25 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584]
Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2009-9-28 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Aptana\\Aptana Studio 2.0\\AptanaStudio.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
.
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2008-02-23 24971]
R2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-09-28 24645]
R2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2008-02-24 267333]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 113120]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
incdrec
CSDriver
NWADI
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 19:15]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 19:15]
.
2012-06-29 c:\windows\Tasks\WebReg 20080224111322.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 09:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: Interfaces\{EC0925F8-53A3-4E3F-B416-3395D3D5AE57}: NameServer = 64.59.160.13,64.59.160.16
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-29 21:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.22.08]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-06-29 21:06:25
ComboFix-quarantined-files.txt 2012-06-30 04:06
ComboFix2.txt 2012-06-28 18:28
.
Pre-Run: 435,845,238,784 bytes free
Post-Run: 436,197,961,728 bytes free
.
- - End Of File - - 8BDD182429E4EF5142B7109716C5A7E1

Problems?
- Well I wasted a bunch of time on the PNG_Fix page, downloading their toolbar (It's the one that had a BIG ad up with a DOWNLOAD button) and then uninstalling it. Mea culpa.
- The solution itself ran fine and had the desired effect however! I can now see all the various little control buttons that I'm used to seeing.

How are things now?
- The Audio Ads are still gone (I suppose; it hasn't been very long since ComboFix ran).
- The PNG (as I now understand they must have been) images are displaying again.
- I'm not aware of any outstanding malware problems.

BIO/BozoT

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:20 PM

Posted 29 June 2012 - 11:43 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 8.3.1
Java™ 6 Update 23
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 BozoT

BozoT
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 30 June 2012 - 03:08 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.30.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
BIO :: INGEMAR-5D5DCFC [administrator]

2012-06-30 12:23:18
mbam-log-2012-06-30 (12-23-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 358026
Time elapsed: 9 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:49:03, on 2012-06-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\BIO\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203806884234
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab102118.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC0925F8-53A3-4E3F-B416-3395D3D5AE57}: NameServer = 64.59.160.13,64.59.160.16
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5441 bytes


Problems?
- There seemed to be a snag with installing the Adobe reader. I got a screen up that said it did not install successfully, and gave me some options. One of the options was to re-do it, which I did. The re-install pretty much immediately came up with a message that it was already installed, however, and then gave me a "successful installation" message. So I guess all is well with that.
- I did not find an installer for HijackThis. Instead it seems it just has the link to download the .exe file, which I chose and ran. Perhaps they've changed their procedures? and you need to modify your instructions? Your call.
- I have chosen to NOT remove uTorrent. I read the articles you posted and I understand that there could be a vulnerability, but that's a risk I'm going to take. My call.

How is my computer now?
- The Audio Ads are still gone and there are no unexplained iexplore.exe's.
- Other than having to log in again with my id and password at a bunch of sites (like this one) all seems to be well. I guess, heck I know, CCleaner cleaned them "for" me. Hope I remember all the various login details. :)
- Oh yeah. I had to re-learn how to get "My Recent Documents" to display. Not a biggie either, but some of these "helper" programs are perhaps just a bit too enthusiastic about what they clean up. ;)

BIO/BozoT

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:20 PM

Posted 30 June 2012 - 03:47 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:20 PM

Posted 30 June 2012 - 03:48 PM

double post sorry - see above


gringo

Edited by gringo_pr, 30 June 2012 - 03:49 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 BozoT

BozoT
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 01 July 2012 - 11:57 AM

The ESET log:
Drive D: is where I have my Cobian9 backups, btw.

C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP541\A0085682.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP541\A0085713.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP541\A0085730.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP541\A0085740.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP542\A0085760.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP542\A0085775.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP543\A0085795.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP543\A0085822.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP543\A0085846.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP543\A0085863.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP543\A0085877.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP543\A0085884.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP543\A0085893.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP543\A0085894.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP585\A0089389.exe Win32/TrojanClicker.Agent.NEB trojan
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP585\A0089433.exe Win32/PrcView application
C:\System Volume Information\_restore{7C7A99AE-6CA1-4C69-B50D-4588EA6B1D7A}\RP585\A0089436.exe Win32/PrcView application
D:\Documents and Settings 2007-01-05 00;54;29\Irene\Local Settings\Temporary Internet Files\Content.IE5\XZFJ9PKE\top4_flash_sb[1].htm HTML/ScrInject.B.Gen virus
D:\Documents and Settings 2011-04-03 19;58;31\BIO\Application Data\Sun\Java\Deployment\cache\6.0\2\4811cb02-27b588e9 a variant of Win32/Injector.FQG trojan
D:\Documents and Settings 2011-04-03 19;58;31\BIO\Application Data\Sun\Java\Deployment\cache\6.0\9\63d2ecc9-44aa56dd multiple threats
D:\Documents and Settings 2012-01-26 23;00;35\BIO\Application Data\Sun\Java\Deployment\cache\6.0\12\1187ad0c-1bf7569c a variant of Java/TrojanDownloader.Agent.ME trojan
D:\Documents and Settings 2012-01-26 23;00;35\BIO\Local Settings\Temporary Internet Files\Content.IE5\DHP6FE43\fgyd[1].js HTML/Iframe.B.Gen virus
D:\Documents and Settings 2012-03-17 23;11;32\BIO\Application Data\Sun\Java\Deployment\cache\6.0\12\1187ad0c-1bf7569c a variant of Java/TrojanDownloader.Agent.ME trojan
D:\Documents and Settings 2012-03-17 23;11;32\BIO\Application Data\Sun\Java\Deployment\cache\6.0\2\4811cb02-27b588e9 a variant of Win32/Injector.FQG trojan
D:\Documents and Settings 2012-03-17 23;11;32\BIO\Application Data\Sun\Java\Deployment\cache\6.0\9\63d2ecc9-44aa56dd multiple threats
D:\Documents and Settings 2012-04-29 22;24;28\BIO\Application Data\Sun\Java\Deployment\cache\6.0\3\23747503-65fe4a6e multiple threats
D:\Documents and Settings 2012-06-03 22;32;25\BIO\Local Settings\Temporary Internet Files\Content.IE5\ID989SCP\setup[1].exe Win32/Adware.Bundlore application
D:\Documents and Settings 2012-06-20 22;18;51\BIO\Application Data\Sun\Java\Deployment\cache\6.0\3\6d974d03-61adef11 Java/Exploit.CVE-2012-0507.BR trojan
D:\Documents and Settings 2012-06-20 22;18;51\BIO\Application Data\Sun\Java\Deployment\cache\6.0\34\4ac841a2-48e96289 Java/Exploit.CVE-2012-0507.BR trojan
D:\Documents and Settings 2012-06-20 22;18;51\BIO\Application Data\Sun\Java\Deployment\cache\6.0\36\5be70a64-348b36e7 Java/Exploit.CVE-2012-0507.BR trojan
D:\WINDOWS 2012-04-29 22;55;17\system32\drivers\netbt.sys Win32/Sirefef.DA trojan
D:\WINDOWS 2012-04-29 22;55;17\Temp\evntca\setup.exe Win32/TrojanClicker.Agent.NEB trojan

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:20 PM

Posted 01 July 2012 - 01:48 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "D:\Documents and Settings 2007-01-05 00;54;29\Irene\Local Settings\Temporary Internet Files\Content.IE5\XZFJ9PKE\top4_flash_sb[1].htm"
    del /f /s /q "D:\Documents and Settings 2011-04-03 19;58;31\BIO\Application Data\Sun\Java\Deployment\cache\6.0\2\4811cb02-27b588e9"
    del /f /s /q "D:\Documents and Settings 2011-04-03 19;58;31\BIO\Application Data\Sun\Java\Deployment\cache\6.0\9\63d2ecc9-44aa56dd"
    del /f /s /q "D:\Documents and Settings 2012-01-26 23;00;35\BIO\Application Data\Sun\Java\Deployment\cache\6.0\12\1187ad0c-1bf7569c"
    del /f /s /q "D:\Documents and Settings 2012-01-26 23;00;35\BIO\Local Settings\Temporary Internet Files\Content.IE5\DHP6FE43\fgyd[1].js"
    del /f /s /q "D:\Documents and Settings 2012-03-17 23;11;32\BIO\Application Data\Sun\Java\Deployment\cache\6.0\12\1187ad0c-1bf7569c"
    del /f /s /q "D:\Documents and Settings 2012-03-17 23;11;32\BIO\Application Data\Sun\Java\Deployment\cache\6.0\2\4811cb02-27b588e9"
    del /f /s /q "D:\Documents and Settings 2012-03-17 23;11;32\BIO\Application Data\Sun\Java\Deployment\cache\6.0\9\63d2ecc9-44aa56dd"
    del /f /s /q "D:\Documents and Settings 2012-04-29 22;24;28\BIO\Application Data\Sun\Java\Deployment\cache\6.0\3\23747503-65fe4a6e"
    del /f /s /q "D:\Documents and Settings 2012-06-03 22;32;25\BIO\Local Settings\Temporary Internet Files\Content.IE5\ID989SCP\setup[1].exe"
    del /f /s /q "D:\Documents and Settings 2012-06-20 22;18;51\BIO\Application Data\Sun\Java\Deployment\cache\6.0\3\6d974d03-61adef11"
    del /f /s /q "D:\Documents and Settings 2012-06-20 22;18;51\BIO\Application Data\Sun\Java\Deployment\cache\6.0\34\4ac841a2-48e96289"
    del /f /s /q "D:\Documents and Settings 2012-06-20 22;18;51\BIO\Application Data\Sun\Java\Deployment\cache\6.0\36\5be70a64-348b36e7"
    del /f /s /q "D:\WINDOWS 2012-04-29 22;55;17\system32\drivers\netbt.sys"
    del /f /s /q "D:\WINDOWS 2012-04-29 22;55;17\Temp\evntca\setup.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 BozoT

BozoT
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 01 July 2012 - 06:14 PM

Ok.

"Uninstall"ing ComboFix failed of course, since it was never "installed" in the first place - just copied to the desktop. I have deleted it, but are there other associated files anywhere (that would have been removed by an uninstall) that may now still be here?

ESET also spent a long time downloading definitions to somewhere. Hopefully those are also now gone?

I also still have, in addition to what you mentioned, SecurityCheck.exe and HijackThis.exe. Are these of any value to me (given that I probably would not know what to do with their results)?

BIO/BozoT

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:20 PM

Posted 01 July 2012 - 08:56 PM

Greetings


this will remove any leftovers of combofix

http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE



anything after that that is left on the desktop just delete them or send over to the recycle bin




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users