[Solved] Infection caused C drive to appear empty

Evangelical · Jun 9, 2011

Hard dive contents are invisible.
Program list is empty.

have run TFC by oldtimer
Have run malware bytes.
Log is attached.

Have run GMER
This is the log:
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-09 13:54:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160815AS rev.4.ADA
Running: pr504oqg.exe; Driver: C:\DOCUME~1\jmiller\LOCALS~1\Temp\agtyiaow.sys

---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9DE80C0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9DE80D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9DE8100]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9DE8156]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9DE80AC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9DE8084]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9DE8098]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9DE80EA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9DE812C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9DE8116]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9DE8180]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9DE816C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9DE8140]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

Thanks for your help
Dave

Bobbye · Jun 9, 2011

Did you mark this thread Active?

Evangelical · Jun 9, 2011

Active??

Yes, I think I did mark it as Active.

Bobbye · Jun 11, 2011

My Guidelines: please read and follow:

Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.

Read my instructions carefully. If you don't understand or have a problem, ask me.

Follow the order of the tasks I give you. Order is crucial in cleaning process.

File sharing programs should be uninstalled or disabled during the cleaning process..

Observe these:
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.

Reminder to b patient

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Please follow the rest of the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

You don't need to run GMER again, but please update and rescan with Malwarebytes. Include the new log with the 2 logs from DDS:
========================================
You may get 'alerts' and 'error' messages with this malware. Do not act on any of them. They are rogue, just like the program.
========================================
Please note: This will not remove the malware entries- just the attribute used to hide you files and programs.. There is no log to leave.
Download Unhide.exe and save to the desktop.

Double-click on Unhide.exe icon to run the program.

This program will remove the +H, or hidden, attribute from all the files on your hard drives.

Please remove TFC from your system. We have pulled it temporarily as a glitch was found causing some processes to be removed that should not have been.

Evangelical · Jun 13, 2011

Unhide worked

dds log1:
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by JMiller at 9:59:28 on 2011-06-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1124 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\The Library Corporation\Library.Solution\TLCService\TLCService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee\VirusScan Enterprise\MCUPDATE.EXE
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080605
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080605
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110609124133.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214856050218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.1.7.254
TCP: Interfaces\{FAEAEE90-4D6D-4ED5-8257-848B44ABB6DC} : DhcpNameServer = 10.1.7.254
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jmiller\application data\mozilla\firefox\profiles\j92djc0l.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-6-9 436728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-6-9 88544]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-9 159320]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-9 145936]
R2 TLCService;TLC Automatic Client Update Service;c:\program files\the library corporation\library.solution\tlcservice\TLCService.exe [2008-9-4 69632]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-9 171296]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-9 58456]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-9 39984]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-9 85152]
.
=============== Created Last 30 ================
.
2011-06-09 17:08:57 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-09 17:08:52 -------- d-----w- c:\program files\Anti-Malware
2011-06-09 17:04:45 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-09 16:46:41 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-06-09 16:46:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-09 16:42:48 -------- d-----w- c:\documents and settings\jmiller\application data\McAfee
2011-06-09 16:41:37 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2011-06-09 16:41:33 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-06-09 16:41:30 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-06-09 16:41:30 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-06-09 16:41:30 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-06-09 16:41:30 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-06-09 16:41:30 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-06-09 16:41:28 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-06-09 16:41:17 88544 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-06-09 16:41:17 145936 ----a-w- c:\windows\system32\mfevtps.exe
2011-05-27 16:16:41 -------- d-----w- c:\documents and settings\jmiller\application data\Malwarebytes
.
==================== Find3M ====================
.
2011-06-09 16:39:39 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
2011-05-04 06:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 9:59:57.94 ===============

dds log2:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/30/2008 1:54:04 PM
System Uptime: 6/13/2011 9:51:12 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0CU409
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | Socket 775 | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 129.452 GiB free.
D: is CDROM ()
M: is NetworkDisk (NTFS) - 847 GiB total, 729.385 GiB free.
P: is NetworkDisk (NTFS) - 847 GiB total, 729.385 GiB free.
S: is NetworkDisk (NTFS) - 847 GiB total, 729.385 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP531: 3/14/2011 11:52:32 AM - System Checkpoint
RP532: 3/16/2011 9:29:28 AM - System Checkpoint
RP533: 3/16/2011 12:25:25 PM - Software Distribution Service 3.0
RP534: 3/18/2011 8:56:23 AM - System Checkpoint
RP535: 3/22/2011 8:42:26 AM - System Checkpoint
RP536: 3/24/2011 10:03:33 AM - System Checkpoint
RP537: 3/24/2011 12:01:57 PM - Software Distribution Service 3.0
RP538: 3/28/2011 10:08:31 AM - System Checkpoint
RP539: 3/29/2011 11:34:00 AM - System Checkpoint
RP540: 3/31/2011 10:05:23 AM - System Checkpoint
RP541: 4/1/2011 10:47:59 AM - System Checkpoint
RP542: 4/4/2011 10:14:06 AM - System Checkpoint
RP543: 4/5/2011 10:16:25 AM - System Checkpoint
RP544: 4/6/2011 11:06:30 AM - System Checkpoint
RP545: 4/8/2011 9:00:17 AM - System Checkpoint
RP546: 4/11/2011 9:01:43 AM - System Checkpoint
RP547: 4/12/2011 11:26:59 AM - System Checkpoint
RP548: 4/14/2011 8:35:53 AM - System Checkpoint
RP549: 4/18/2011 11:55:14 AM - System Checkpoint
RP550: 4/18/2011 12:04:33 PM - Software Distribution Service 3.0
RP551: 4/20/2011 10:45:00 AM - System Checkpoint
RP552: 4/21/2011 11:24:15 AM - System Checkpoint
RP553: 4/26/2011 10:00:23 AM - System Checkpoint
RP554: 4/27/2011 12:07:59 PM - Software Distribution Service 3.0
RP555: 5/3/2011 8:49:32 AM - System Checkpoint
RP556: 5/4/2011 9:00:24 AM - System Checkpoint
RP557: 5/5/2011 12:06:14 PM - System Checkpoint
RP558: 5/9/2011 9:15:00 AM - System Checkpoint
RP559: 5/11/2011 9:00:17 AM - System Checkpoint
RP560: 5/11/2011 12:12:48 PM - Software Distribution Service 3.0
RP561: 5/13/2011 10:05:46 AM - System Checkpoint
RP562: 5/16/2011 8:49:13 AM - System Checkpoint
RP563: 5/17/2011 11:24:53 AM - System Checkpoint
RP564: 5/19/2011 9:40:20 AM - System Checkpoint
RP565: 5/20/2011 11:23:13 AM - System Checkpoint
RP566: 5/23/2011 10:34:30 AM - System Checkpoint
RP567: 5/24/2011 11:13:03 AM - System Checkpoint
RP568: 5/26/2011 10:00:31 AM - System Checkpoint
RP569: 5/27/2011 11:18:08 AM - System Checkpoint
RP570: 5/27/2011 12:23:10 PM - Removed Ad-Aware
RP571: 5/31/2011 12:00:58 PM - System Checkpoint
RP572: 6/2/2011 9:22:54 AM - System Checkpoint
RP573: 6/8/2011 11:36:18 AM - System Checkpoint
RP574: 6/9/2011 12:40:22 PM - Removed McAfee VirusScan Enterprise
RP575: 6/9/2011 12:40:51 PM - Installed McAfee VirusScan Enterprise.
RP576: 6/9/2011 12:43:54 PM - Installed Java(TM) 6 Update 26
.
==== Installed Programs ======================
.
Library.Solution Client
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Brother HL-5340D
Browser Address Error Redirector
CCleaner
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.7
Dell Driver Reset Tool
Dell Support Center
Foxit Reader
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.8.0
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Mozilla Firefox (3.6.10)
Mozilla Thunderbird (3.1.10)
MSXML 6 Service Pack 2 (KB954459)
NETGEAR Print Server Software
NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1)
OGA Notifier 2.0.0048.0
PowerDVD
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic CinePlayer Decoder Pack
UltimateDefrag V1 FREE Public Domain Version
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
6/9/2011 12:51:29 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/9/2011 12:51:27 PM, error: Service Control Manager [7034] - The TLC Automatic Client Update Service service terminated unexpectedly. It has done this 1 time(s).
6/9/2011 12:41:30 PM, error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: The system cannot find the file specified.
6/6/2011 8:27:45 AM, error: NETLOGON [5776] - Failed to create/open file \system32\config\netlogon.ftl with the following error: Access is denied.
.
==== End Of File ===========================

Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6850

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/13/2011 5:26:12 PM
mbam-log-2011-06-13 (17-26-12).txt

Scan type: Quick scan
Objects scanned: 179508
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Bobbye · Jun 14, 2011

So for, I'm not seeing malware entries. But I will have you run 2 more scans that will help identify them.
====================================
Some Housekeeping first:
1. Outdated Java. Unfortunately, Java doesn't overwrite the previous versions and they are vulnerabilities on the system. You do have the current v6u26, but you also have v6u5, v6u6 and v6u7 on the operating system. The easiest way to remove all of them and any related files is to run the following: Do not leave this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***

Double-click on JavaRa.exe to start the program.

From the drop-down menu, choose English and click on Select.

JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.

Click Yes when prompted. When JavaRa is done, a notice will appear that
a logfile has been produced. Click OK.

A logfile will pop up. Please save it to a convenient location.

I do not want this log!
Then download and install then most current version and update of Java Runtime
Environment (JRE) HERE.
You will have to reinstall v6u26 using the link above.

You have more versions of Java in Firefox: You do not need to add a separate extension for Java in Firefox. The update to the OS covers Firefox also:

Remove outdated Java plugin files from the Firefox plugins folder:
Note: It is recommended that you do not copy Java plugins from other locations to the Firefox plugins folder. Outdated Java plugins can cause Java not to work if you update Java and then uninstall the older Java version, if plugins from the old Java version are still in the Firefox plugins folder.
1. Open Firefox> Tools> Add-ons. The Add-ons window will open.
2. In the Add-ons window> select the Plugins panel, to display a list of installed plugins.
3. Select each Java plugin listed to make sure that all are enabled.
4. Check if the Java plugins are correctly detected. All Java plugins listed in the Add-ons window should match the version number of the currently installed JRE. There should be no plugins for earlier versions of Java.
5. Java plugin files that do not match your current version means that the Firefox plugins folder contains outdated Java plugin files which should be removed. This folder is typically in the following location: Use Windows Explorer to access> My Computer> Local Drive> Programs>>>
C:\Program Files\Mozilla Firefox\plugins
Java files from older versions in the Firefox plugins folder can prevent Java from working correctly.
The following Java versions are in Firefox: v6u7,u11,u13,u15,u17,u26 (u26 is the current version but it does not need to be in Firefox.) Usually, Java Ra does not remove the Java in Firefox
=================================
When you have finished the removals and update, check Add/Remove Programs for Java- the only entry should be for Java v6u26
==================================
I'd like you to do the following 2 scans. We need to see if malware has caused the 'disappearance' of the contents of the C Drive.

Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HERE and save to the desktop

Double click combofix.exe & follow the prompts.

ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

.Click on Yes, to continue scanning for malware

.If Combofix asks you to update the program, allow

.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

.Close any open browsers.

.Double click combofix.exe & follow the prompts to run.

When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=================================

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
[o] Double click on the on your desktop.

Check 'Yes I accept terms of use.'

Click Start button

Accept any security warnings from your browser.

Uncheck 'Remove found threats'

Check 'Scan archives/

Leave remaining settings as is.

Press the Start button.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.

When the scan completes, press List of found threats

Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.

Push the Back button

Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Evangelical · Jun 14, 2011

One issue I became aware of: Entries in Programs that are nested within folders are "empty" Unhide did not make these visible. Note- I ran Unhide with the virus scanner disabled (McAfee) Example - Microsoft Office.

I am out of the area until Monday. I will run your recommended processes on Monday.

Thanks.

Bobbye · Jun 14, 2011

I have been having members run unhide.exe early on because it is very upsetting to wonder where all these files and folders have gone.

But until all of the malware has been found and removed, all of these issues may not have been resolved. We'll look into this if it is still and issue when the system is clean.

Thank you for letting me know you will be gone for a bit. I will leave a note for myself here:

Leave open- out of town. will continue next week.

Evangelical · Jun 21, 2011

Ran ComboFix. Running ESETOnlineScan overnight.

Here is ComboFix log:

ComboFix 11-06-21.05 - JMiller 06/21/2011 16:23:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1472 [GMT -4:00]
Running from: C:\Documents and Settings\jmiller\Desktop\ComboFix.exe

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\jmiller\Start Menu\Programs\Windows XP Recovery
C:\Documents and Settings\jmiller\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk
C:\Documents and Settings\jmiller\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk
C:\WINDOWS\kill.exe

((((((((((((((((((((((((( Files Created from 2011-05-21 to 2011-06-21 )))))))))))))))))))))))))))))))

2011-06-20 14:03:06 . 2011-06-20 14:02:49 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2011-06-20 12:24:23 . 2011-04-21 13:37:43 105472 ------w- C:\WINDOWS\system32\dllcache\mup.sys
2011-06-09 17:08:57 . 2011-05-29 13:11:30 39984 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-06-09 17:08:52 . 2011-06-09 17:08:37 -------- d-----w- C:\Program Files\Anti-Malware
2011-06-09 17:04:45 . 2011-05-29 13:11:20 22712 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-06-09 16:46:41 . 2011-06-20 14:02:51 476904 ----a-w- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-09 16:46:40 . 2011-06-20 14:02:49 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2011-06-09 16:42:48 . 2011-06-09 16:42:48 -------- d-----w- C:\Documents and Settings\jmiller\Application Data\McAfee
2011-06-09 16:41:37 . 2011-06-09 16:39:40 74848 ----a-w- C:\WINDOWS\system32\MfeOtlkAddin.dll
2011-06-09 16:41:33 . 2011-06-09 16:39:42 24376 ----a-w- C:\Program Files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-06-09 16:41:30 . 2011-06-09 16:39:40 85152 ----a-w- C:\WINDOWS\system32\drivers\mferkdet.sys
2011-06-09 16:41:30 . 2011-06-09 16:39:38 9344 ----a-w- C:\WINDOWS\system32\drivers\mfeclnk.sys
2011-06-09 16:41:30 . 2011-06-09 16:39:38 58456 ----a-w- C:\WINDOWS\system32\drivers\mfebopk.sys
2011-06-09 16:41:30 . 2011-06-09 16:39:37 171296 ----a-w- C:\WINDOWS\system32\drivers\mfeavfk.sys
2011-06-09 16:41:30 . 2011-06-09 16:39:37 116104 ----a-w- C:\WINDOWS\system32\drivers\mfeapfk.sys
2011-06-09 16:41:28 . 2011-06-09 16:39:39 436728 ----a-w- C:\WINDOWS\system32\drivers\mfehidk.sys
2011-06-09 16:41:17 . 2011-06-09 16:39:41 145936 ----a-w- C:\WINDOWS\system32\mfevtps.exe
2011-06-09 16:41:17 . 2011-06-09 16:39:40 88544 ----a-w- C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011-05-27 16:16:41 . 2011-05-27 16:16:41 -------- d-----w- C:\Documents and Settings\jmiller\Application Data\Malwarebytes
2011-05-27 16:02:35 . 2011-05-27 16:02:35 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2011-05-27 15:53:07 . 2011-05-27 15:53:07 -------- d-sh--w- C:\Documents and Settings\Administrator\IECompatCache
2011-05-27 15:52:17 . 2011-05-27 15:52:17 -------- d-sh--w- C:\Documents and Settings\Administrator\PrivacIE
2011-05-27 15:32:44 . 2011-05-27 15:32:44 -------- d-sh--w- C:\Documents and Settings\Administrator\IETldCache
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-06-09 16:39:39 . 2008-09-29 13:07:00 22816 ----a-w- C:\WINDOWS\system32\MFEOtlk.dll
2011-05-02 15:31:52 . 2004-08-11 22:12:51 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-04-29 16:19:43 . 2004-08-11 22:00:20 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 . 2004-08-11 22:00:37 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-04-25 16:11:11 . 2004-08-11 22:00:18 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-04-25 16:11:11 . 2004-08-11 22:00:17 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-04-25 12:01:22 . 2004-08-11 22:00:16 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-04-21 13:37:43 . 2004-08-11 22:00:23 105472 ----a-w- C:\WINDOWS\system32\drivers\mup.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 09:40:32 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-14 00:21:12 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-14 00:21:02 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-14 00:21:04 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 01:41:42 16132608]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-05 05:02:31 29744]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 17:44:42 16384]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 15:57:28 128296]
"BrStsWnd"="C:\Program Files\Brownie\BrstsWnd.exe" [2009-08-19 19:41:26 3618104]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\udaterui.exe" [2011-01-12 20:05:00 161088]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-13 00:52:12 215360]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 16:59:52 254696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 00:12:29 53760]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;C:\WINDOWS\system32\drivers\mfetdi2k.sys [6/9/2011 12:41:17 PM 88544]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\system32\mfevtps.exe [6/9/2011 12:41:17 PM 145936]
R2 TLCService;TLC Automatic Client Update Service;C:\Program Files\The Library Corporation\Library.Solution\TLCService\TLCService.exe [9/4/2008 4:19:28 PM 69632]
S3 mferkdet;McAfee Inc. mferkdet;C:\WINDOWS\system32\drivers\mferkdet.sys [6/9/2011 12:41:30 PM 85152]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

Contents of the 'Scheduled Tasks' folder

2011-06-06 C:\WINDOWS\Tasks\CleanXP.job
- C:\Utilities\CleanXP.bat [2008-06-30 19:07:46 . 2008-06-30 19:08:11]

2011-06-21 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AC1055A1-7369-44E5-AD00-B0D94A46520C}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 22:36:40 . 2009-03-08 08:31:54]

------- Supplementary Scan -------

uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080605
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.7.254
FF - ProfilePath - C:\Documents and Settings\jmiller\Application Data\Mozilla\Firefox\Profiles\j92djc0l.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

Evangelical · Jun 21, 2011

Did not mention it but I did the Java removal and updates as you directed.

Bobbye · Jun 21, 2011

Welcome back! Please find the Combofix log and look for the following:

In the header, there should be entries between these:
Running from: C:\Documents and Settings\jmiller\Desktop\ComboFix.exe

Information on status of the security programs is missing. Also possible section of 'Deletions' before 'other deletions.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

At the end of Combofix there are several sections missing after this section> ------- Supplementary Scan ------- and the last line in it: FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

Please find this and re-post in it's entirety: C:\ComboFix.txt in next reply.

Evangelical · Jun 22, 2011

rescanned with Combofix. Entire log follows.

ComboFix 11-06-21.08 - jmiller 06/22/2011 8:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1426 [GMT -4:00]
Running from: c:\documents and settings\jmiller\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\jmiller\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk
c:\documents and settings\jmiller\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk
c:\windows\kill.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-22 to 2011-06-22 )))))))))))))))))))))))))))))))
.
.
2011-06-22 12:50 . 2011-06-22 12:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 12:49 . 2011-06-09 16:39 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-06-22 12:49 . 2011-06-16 04:17 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-22 12:49 . 2011-06-16 04:17 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-06-22 12:49 . 2011-06-16 04:17 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-22 12:49 . 2011-06-16 04:17 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-22 12:49 . 2011-06-16 04:17 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-06-22 12:49 . 2011-06-16 04:17 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-06-22 12:49 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-22 12:49 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-21 20:38 . 2011-06-21 20:38 -------- d-----w- c:\program files\ESET
2011-06-20 14:03 . 2011-06-20 14:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-20 12:24 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-09 17:08 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-09 17:08 . 2011-06-09 17:08 -------- d-----w- c:\program files\Anti-Malware
2011-06-09 17:04 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-09 16:46 . 2011-06-20 14:02 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-09 16:46 . 2011-06-20 14:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-09 16:42 . 2011-06-09 16:42 -------- d-----w- c:\documents and settings\jmiller\Application Data\McAfee
2011-06-09 16:41 . 2011-06-09 16:39 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2011-06-09 16:41 . 2011-06-09 16:39 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-06-09 16:41 . 2011-06-09 16:39 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-06-09 16:41 . 2011-06-09 16:39 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-06-09 16:41 . 2011-06-09 16:39 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-06-09 16:41 . 2011-06-09 16:39 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-06-09 16:41 . 2011-06-09 16:39 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-06-09 16:41 . 2011-06-09 16:39 145936 ----a-w- c:\windows\system32\mfevtps.exe
2011-06-09 16:41 . 2011-06-09 16:39 88544 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-05-27 16:16 . 2011-05-27 16:16 -------- d-----w- c:\documents and settings\jmiller\Application Data\Malwarebytes
2011-05-27 16:02 . 2011-05-27 16:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-05-27 15:53 . 2011-05-27 15:53 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-05-27 15:52 . 2011-05-27 15:52 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-05-27 15:32 . 2011-05-27 15:32 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-09 16:39 . 2008-09-29 13:07 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
2011-05-02 15:31 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-11 22:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-11 22:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-16 04:17 . 2011-06-22 12:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-21_20.28.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-21 20:55 . 2011-06-21 20:55 16384 c:\windows\Temp\Perflib_Perfdata_6e8.dat
+ 2011-06-22 12:50 . 2011-06-22 12:50 240288 c:\windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe
+ 2008-10-05 03:24 . 2011-06-22 12:50 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-05 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-08-19 3618104]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-13 215360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [6/9/2011 12:41 PM 88544]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/9/2011 12:41 PM 145936]
S2 TLCService;TLC Automatic Client Update Service;c:\program files\The Library Corporation\Library.Solution\TLCService\TLCService.exe [9/4/2008 4:19 PM 69632]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/9/2011 12:41 PM 85152]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-06 c:\windows\Tasks\CleanXP.job
- c:\utilities\CleanXP.bat [2008-06-30 19:08]
.
2011-06-22 c:\windows\Tasks\User_Feed_Synchronization-{AC1055A1-7369-44E5-AD00-B0D94A46520C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080605
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.7.254
FF - ProfilePath - c:\documents and settings\jmiller\Application Data\Mozilla\Firefox\Profiles\j92djc0l.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-22 08:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(708)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-06-22 09:01:03
ComboFix-quarantined-files.txt 2011-06-22 13:01
.
Pre-Run: 138,530,906,112 bytes free
Post-Run: 138,516,209,664 bytes free
.
- - End Of File - - 1A90FA842123E5B19CF23B8835CCE326

Bobbye · Jun 23, 2011

Please advise me of the lines in the Combofix header which tell me if the security was disabled,

Running from: C:\Documents and Settings\jmiller\Desktop\ComboFix.exe

**************Missing Security information*******************
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

Evangelical · Jun 27, 2011

Entire ComboFix log follows:
If sections are missing, I do not know what to do to get ComboFix log to display them.

ComboFix 11-06-26.02 - jmiller 06/27/2011 9:47.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1527 [GMT -4:00]
Running from: c:\documents and settings\All Users\Desktop\Malware\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-05-27 to 2011-06-27 )))))))))))))))))))))))))))))))
.
.
2011-06-22 12:50 . 2011-06-22 12:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 12:49 . 2011-06-09 16:39 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-06-22 12:49 . 2011-06-16 04:17 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-22 12:49 . 2011-06-16 04:17 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-06-22 12:49 . 2011-06-16 04:17 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-22 12:49 . 2011-06-16 04:17 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-22 12:49 . 2011-06-16 04:17 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-06-22 12:49 . 2011-06-16 04:17 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-06-22 12:49 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-22 12:49 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-20 14:03 . 2011-06-20 14:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-20 12:24 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-09 17:08 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-09 17:08 . 2011-06-09 17:08 -------- d-----w- c:\program files\Anti-Malware
2011-06-09 17:04 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-09 16:46 . 2011-06-20 14:02 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-09 16:46 . 2011-06-20 14:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-09 16:42 . 2011-06-09 16:42 -------- d-----w- c:\documents and settings\jmiller\Application Data\McAfee
2011-06-09 16:41 . 2011-06-09 16:39 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2011-06-09 16:41 . 2011-06-09 16:39 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-06-09 16:41 . 2011-06-09 16:39 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-06-09 16:41 . 2011-06-09 16:39 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-06-09 16:41 . 2011-06-09 16:39 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-06-09 16:41 . 2011-06-09 16:39 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-06-09 16:41 . 2011-06-09 16:39 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-06-09 16:41 . 2011-06-09 16:39 145936 ----a-w- c:\windows\system32\mfevtps.exe
2011-06-09 16:41 . 2011-06-09 16:39 88544 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-09 16:39 . 2008-09-29 13:07 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
2011-05-02 15:31 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-11 22:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-11 22:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-16 04:17 . 2011-06-22 12:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-21_20.28.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-27 12:13 . 2011-06-27 12:13 16384 c:\windows\Temp\Perflib_Perfdata_6d4.dat
+ 2004-08-11 22:00 . 2011-06-22 15:53 72280 c:\windows\system32\perfc009.dat
+ 2011-06-23 12:19 . 2011-06-23 12:19 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\61c3b1e170de97a8d418b610bd9b0c77\System.Windows.Presentation.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a4173f12a0fea30f95bc56ab04f64cae\System.Web.DynamicData.Design.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ab5802527ce15dbcc25e301dbbb4d666\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
+ 2011-06-23 12:17 . 2011-06-23 12:17 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e9bb32c656a2f80b629f129d738c392b\PresentationFontCache.ni.exe
+ 2011-06-23 12:17 . 2011-06-23 12:17 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\d54d318ae1eb0667badea576d0534f9d\PresentationCFFRasterizer.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\87fe1d01b568b3bc9c750b7cf7802516\Microsoft.Vsa.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
+ 2011-06-23 13:16 . 2011-06-23 13:16 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
+ 2011-06-22 15:52 . 2011-06-22 15:52 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-06-22 15:52 . 2011-06-22 15:52 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-18 16:10 . 2011-04-18 16:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-18 16:10 . 2011-04-18 16:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-08-11 22:00 . 2011-06-22 15:53 443140 c:\windows\system32\perfh009.dat
+ 2011-06-22 12:50 . 2011-06-22 12:50 240288 c:\windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe
+ 2011-03-25 10:15 . 2011-03-25 10:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\8ba27eaa0f7d987f92319c64aefd2e98\WsatConfig.ni.exe
+ 2011-06-23 12:19 . 2011-06-23 12:19 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\431d5dc1cfcc0c0530e813f370931670\WindowsFormsIntegration.ni.dll
+ 2011-06-23 12:19 . 2011-06-23 12:19 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
+ 2011-06-23 12:19 . 2011-06-23 12:19 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\00dfe5563886a1f69c96b3acb839107b\UIAutomationClient.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\80187a9cfed4fd0ec82746495be76764\System.Xml.Linq.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\58c421c537b1c3f3878458ad306b2a42\System.Web.Routing.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\dc26fff00ce95d24fd190f38904bb2b3\System.Web.RegularExpressions.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4e3dd4d7f9aeda74a2fcefee036e5070\System.Web.Extensions.Design.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4fb1c0c07f40248b463f2e33444b9477\System.Web.Entity.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4dfcffc6e6d02bdcdc185d5527a8097e\System.Web.Entity.Design.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b921d1cffcd5e80ea14c51db967edd6\System.Web.DynamicData.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\702b506e56d3a7051aea7822cd915c7f\System.Web.Abstractions.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\503ccbb50e9c06c2f0b02ad8c3f2d100\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\ac53723e41898bc0e8a591c2e4f6f39b\System.Net.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\4a3a674008d8102c1aa5b3fc18251ef7\System.Management.Instrumentation.ni.dll
+ 2011-06-23 13:16 . 2011-06-23 13:16 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7f5f5bfd5f8d6587c96870751a6eb44d\System.IO.Log.ni.dll
+ 2011-06-23 13:16 . 2011-06-23 13:16 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\de1bf796614ca11afd9fab95edb1b4e2\System.IdentityModel.Selectors.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.Wrapper.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll
+ 2011-06-23 12:19 . 2011-06-23 12:19 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\1af8683e05c42eb32f46578fe5a8f83f\System.Drawing.Design.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\791a6643b70542b148d977ff42f2f2ef\System.DirectoryServices.Protocols.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\31759ad8be21735f0a369c37514c2efc\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\df507a4500e73fa4cfc13f65a1c9055e\System.Data.Services.Client.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d1778fffc09d783bc90512b65d35be66\System.Data.Services.Design.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a47a8bf16370c93b3c6a471e48cc67a\System.Data.Entity.Design.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\50492d147392c238edc5a614beccb91b\System.Data.DataSetExtensions.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\77015cc1e6d9e7d20e63903777afd6df\System.AddIn.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6ca41c7917119c3a9de0bcdca525001d\SMSvcHost.ni.exe
+ 2011-06-23 13:17 . 2011-06-23 13:17 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8ff6d395f8861384bc9bfbe34cafb64e\SMDiagnostics.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\67dc00c24e551003f6dacb73fe9cf881\ServiceModelReg.ni.exe
+ 2011-06-23 12:18 . 2011-06-23 12:18 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e468e9265c844f74577530e4df71f120\PresentationFramework.Aero.ni.dll
+ 2011-06-23 12:18 . 2011-06-23 12:18 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\959709491c71caef88fb41b0eb159714\PresentationFramework.Classic.ni.dll
+ 2011-06-23 12:18 . 2011-06-23 12:18 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\807b62468c2893ee943dffff63a34d8d\PresentationFramework.Royale.ni.dll
+ 2011-06-23 12:18 . 2011-06-23 12:18 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6cf82f370413a2cd1e6bc54060334753\PresentationFramework.Luna.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\0add35a0fbe0c381c998b651c5979902\MSBuild.ni.exe
+ 2011-06-23 13:17 . 2011-06-23 13:17 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\667dc256d9eb3577f2514c89c5974aff\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d5561a4ad04c22f0eb5acf4736c7936e\Microsoft.Build.Utilities.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1a0623063225521aa43044314cc5e721\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\530f98922474a31636c34fa3db9a63ba\Microsoft.Build.Engine.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\7e75fca3ca1f36df8ac624190d9cd283\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\c0f5f3c318a92212bbe3b413eeb2b374\ComSvcConfig.ni.exe
+ 2011-06-23 13:16 . 2011-06-23 13:16 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\0524928cbd0a686db3960ef688d0d37e\AspNetMMCExt.ni.dll
+ 2011-06-22 15:52 . 2011-06-22 15:52 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-06-22 15:52 . 2011-06-22 15:52 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-06-22 15:52 . 2011-06-22 15:52 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-10-05 03:24 . 2011-06-22 12:50 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-01-19 03:36 . 2011-01-19 03:36 2687488 c:\windows\Installer\40e1895.msp
+ 2011-06-23 12:17 . 2011-06-23 12:17 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsBase.ni.dll
+ 2011-06-23 12:19 . 2011-06-23 12:19 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\901c3796073853746fecd8979c679494\UIAutomationClientsideProviders.ni.dll
+ 2011-06-23 12:17 . 2011-06-23 12:17 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
+ 2011-06-23 12:19 . 2011-06-23 12:19 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\2877dda3e0f0faeba527b4bf1efe9cb5\System.WorkflowServices.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d7cb3697989fe6fa3a08d2821d38aa5e\System.Workflow.Runtime.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\4ac04107c35485d415f9e1bebfd155dd\System.Workflow.ComponentModel.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\2169feb8bd57d96e621fa26d9391d463\System.Workflow.Activities.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\bdad1c0f4eb846543b234353fd2b926f\System.Web.Mobile.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\647bfe6da40e8160b967c41424901dc8\System.Web.Extensions.ni.dll
+ 2011-06-23 12:19 . 2011-06-23 12:19 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2047e63293e067b351b8f0e038253f33\System.Speech.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ead07662976fb7094811461c568643d5\System.ServiceModel.Web.ni.dll
+ 2011-06-23 13:16 . 2011-06-23 13:16 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c889a45c82004537f1620dd3b211af66\System.Runtime.Serialization.ni.dll
+ 2011-06-23 12:19 . 2011-06-23 12:19 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\c64aa916251a45206a805ab6488b9255\System.Printing.ni.dll
+ 2011-06-23 13:16 . 2011-06-23 13:16 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a8039af85f459c19c041313f9fe0d7e8\System.IdentityModel.ni.dll
+ 2011-06-23 12:19 . 2011-06-23 12:19 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\55211bc8f4fcff47c05bfc3020d97148\System.DirectoryServices.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f9ff2fb342cd5102e2d95883b3433a5d\System.Deployment.ni.dll
+ 2011-06-23 12:18 . 2011-06-23 12:18 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef31ab37b0d7c3c1a6d72646966c8911\System.Data.SqlXml.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f945e9c32c775bb604ab83d8933f1b2c\System.Data.Services.ni.dll
+ 2011-06-23 12:18 . 2011-06-23 12:18 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\283e9bf48e17bdb34acdc93bd5721be0\System.Data.Linq.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\368c85cccea8a1206be5c849fd6614e3\System.Data.Entity.ni.dll
+ 2011-06-23 12:18 . 2011-06-23 12:18 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd2e04dfab2993479ae17ea3fa4f6222\System.Core.ni.dll
+ 2011-06-23 12:18 . 2011-06-23 12:18 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4f82a0a1b4405ef61dfa088d11161e35\ReachFramework.ni.dll
+ 2011-06-23 12:18 . 2011-06-23 12:18 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\148505f5b0307230de5d355f10d30a20\PresentationUI.ni.dll
+ 2011-06-23 12:17 . 2011-06-23 12:17 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\1fab86af683c04bdb0aaf65ce7fcd9e5\PresentationBuildTasks.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7292ca9d793cb71cf3d41ae663e7139b\Microsoft.VisualBasic.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\abaf7a180354ed5ec099fb69339b538a\Microsoft.Transactions.Bridge.ni.dll
+ 2011-06-23 13:18 . 2011-06-23 13:18 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b41db9f2897f538203911026bb0abd5d\Microsoft.JScript.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a91940f9033c7910f3f64c061571cec9\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\5195a94327ccef45d202776e932e847b\Microsoft.Build.Tasks.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3efbca53acdd34586bd7f6f87e71ed62\Microsoft.Build.Engine.ni.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-06-22 15:52 . 2011-06-22 15:52 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-06-22 15:52 . 2011-06-22 15:52 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-06-22 15:52 . 2011-06-22 15:52 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-04-18 16:10 . 2011-04-18 16:10 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-06-22 15:53 . 2011-06-22 15:53 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-03-28 07:27 . 2011-03-28 07:27 15456256 c:\windows\Installer\40e18a1.msp
+ 2011-06-23 12:19 . 2011-06-23 12:19 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll
+ 2011-06-23 13:19 . 2011-06-23 13:19 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.Web.ni.dll
+ 2011-06-23 13:17 . 2011-06-23 13:17 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll
+ 2011-06-23 12:19 . 2011-06-23 12:19 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\ee914f59ad8211e0b6734dccffd9986e\System.Design.ni.dll
+ 2011-06-23 12:18 . 2011-06-23 12:18 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\999df2b262da53356dda514512bb7bb8\PresentationFramework.ni.dll
+ 2011-06-23 12:17 . 2011-06-23 12:17 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\caafa254739e326b0cf55eed815b4333\PresentationCore.ni.dll
+ 2011-06-23 12:16 . 2011-06-23 12:16 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-05 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-08-19 3618104]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-13 215360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [6/9/2011 12:41 PM 88544]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/9/2011 12:41 PM 145936]
S2 TLCService;TLC Automatic Client Update Service;c:\program files\The Library Corporation\Library.Solution\TLCService\TLCService.exe [9/4/2008 4:19 PM 69632]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/9/2011 12:41 PM 85152]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-06 c:\windows\Tasks\CleanXP.job
- c:\utilities\CleanXP.bat [2008-06-30 19:08]
.
2011-06-27 c:\windows\Tasks\User_Feed_Synchronization-{AC1055A1-7369-44E5-AD00-B0D94A46520C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080605
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.7.254
FF - ProfilePath - c:\documents and settings\jmiller\Application Data\Mozilla\Firefox\Profiles\j92djc0l.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-27 09:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3748)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-06-27 09:56:29
ComboFix-quarantined-files.txt 2011-06-27 13:56
.
Pre-Run: 138,016,137,216 bytes free
Post-Run: 138,135,531,520 bytes free
.
- - End Of File - - BCE09EDD3F48F1DAD816020211C5FEBA

Bobbye · Jun 28, 2011

When you began the thread, you said: "Hard dive contents are invisible. Program list is empty."

After I had you run unhide.exe you said "Unhide worked."

You now tell me that the contents of Programs are "empty- unhide did not make them visable."
1.) What did Unhide restore when you ran it previously.
=============================================
Windows XP Recovery shows removed from jmiller\Start Menu\Programs in Combofix 6/21 and it also removed kill.exe The Description of this File is > it shuts down all background processes that you can't normally close due to an error reading "access denied. the file is in use by another application.."
2.) Did you run one of the 'kill' programs? Which one? When? Are you jmiller?
=============================================
Scheduled tasks:
2011-06-06 C:\WINDOWS\Tasks\CleanXP.job
- C:\Utilities\CleanXP.bat [2008-06-30 19:07:46 . 2008-06-30 19:08:11]
3.) What has been set up in this?
==================================
The registry entry for authorized applications in the firewall is not showing correctly. The only apps listed are:

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= (this is the Files and Settings Transfer Wizard)

4.) Please check the firewall settings exceptions setting and make sure you haven't blocked necessary processes.
=====================================
This scheduled tasks concerns me: 2011-06-06 c:\windows\Tasks\CleanXP.job
- c:\utilities\CleanXP.bat [2008-06-30 19:08]
5.) What has been set up in this?
=============================================
I just noticed this from 2008:
R2 TLCService;TLC Automatic Client Update Service;c:\program files\the library corporation\library.solution\tlcservice\TLCService.exe [2008-9-4 69632]

"The Lively Computer, a full service computer dealer for the animator and professional videographer."
6.) Are you still using this?
=============================================
Regarding this entry:
2011-06-09 16:41:33 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
7.) Is this what it is?

============================================
8.) I'd like you to do a search in the system for any one of the programs whose folder is 'empty.' When the program entries are found, look to the right for the location. If you programs does not come up at all in the search:
Control Panel> Folder Options> View tab> Check 'show hidden files and folders'> Uncheck 'hide system files (Recommended). Then search again.

If you do have to view the hidden files and folders, be sure to go back and rehide them.

Let me know.

Evangelical · Jun 29, 2011

I am not jmiller - but am working on her problem.
I will not be able to get to the computer until early next week.

Thanks for your help.

Bobbye · Jun 29, 2011

Did you want to continue with this next week?

Evangelical · Jul 17, 2011

The user is satisfied with the current condition of the computer. I will not be spending more time on it.
Thank you for your assistance.

Bobbye · Jul 17, 2011

Thank you for the update.

TechSpot

[Solved] Infection caused C drive to appear empty

Evangelical Newcomer, in training

Attached Files:

mbam-log-2011-06-09 (13-26-13).txt

Bobbye Helper on the Fringe

Evangelical Newcomer, in training

Bobbye Helper on the Fringe

Evangelical Newcomer, in training

Bobbye Helper on the Fringe

Evangelical Newcomer, in training

Bobbye Helper on the Fringe

Evangelical Newcomer, in training

Evangelical Newcomer, in training

Bobbye Helper on the Fringe

Evangelical Newcomer, in training

Bobbye Helper on the Fringe

Evangelical Newcomer, in training

Bobbye Helper on the Fringe

Evangelical Newcomer, in training

Bobbye Helper on the Fringe

Evangelical Newcomer, in training

Bobbye Helper on the Fringe