Solved Redirected when surfing
- Thread starter doda69
- Start date
LookinAround
Posts: 6,429 +186
step #2
Malwarebytes' Anti-Malware 1.51.2.1300
[]
Database version: 7622
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/27/2011 12:15:26 PM
mbam-log-2011-09-27 (12-15-25).txt
Scan type: Quick scan
Objects scanned: 225996
Time elapsed: 23 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.51.2.1300
[]
Database version: 7622
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/27/2011 12:15:26 PM
mbam-log-2011-09-27 (12-15-25).txt
Scan type: Quick scan
Objects scanned: 225996
Time elapsed: 23 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
LookinAround
Posts: 6,429 +186
doda69
To get proper attention for your problem, you should create a NEW thread in the Malware Forum HERE. The malware experts look at the malware forums for virus questions/help. Or maybe i'll ask the mods to move this current thread to the malware forum
You should be in the malware forum for malware help
To get proper attention for your problem, you should create a NEW thread in the Malware Forum HERE. The malware experts look at the malware forums for virus questions/help. Or maybe i'll ask the mods to move this current thread to the malware forum
You should be in the malware forum for malware help
Broni
Posts: 56,041 +516
Welcome aboard
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
steps 2-& 3
Malwarebytes' Anti-Malware 1.51.2.1300
Database version: 7622
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/27/2011 12:15:26 PM
mbam-log-2011-09-27 (12-15-25).txt
Scan type: Quick scan
Objects scanned: 225996
Time elapsed: 23 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-28 09:41:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1600BB-22GUC0 rev.08.02D08
Running: cvc7pmoe.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awxcqaoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Owner at 9:54:59 on 2011-09-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.227 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ca.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.internet-home-page.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: Loader Class: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi371a~1\datamngr\BROWSE~1.DLL
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [<NO NAME>]
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [USB Storage Toolbox] c:\program files\usb disk win98 driver\Res.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297374933125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 213.109.65.90 213.109.73.246 1.1.1.1
TCP: Interfaces\{354A64A7-4185-40C3-BF23-E824C5A1252B} : DhcpNameServer = 213.109.65.90 213.109.73.246 1.1.1.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\hx1qwkps.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-2 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110920.001\BHDrvx86.sys [2011-9-26 816760]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 NGS;Norman General Security Driver;c:\program files\norman\nvc\bin\ngs.sys [2011-5-3 25032]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-2 136312]
R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\norton utilities 15\tools\disk doctor\DiskDoctorSrv.exe [2011-4-3 1029480]
R2 FreemakeUtilsService;Freemake Service;c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2011-8-26 74240]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-8-25 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.8.13\ccSvcHst.exe [2011-8-25 126392]
R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\norton utilities 15\tools\speeddisk\SpeedDiskSrv.exe [2011-4-3 1037672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-28 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110927.030\IDSXpx86.sys [2011-9-27 356280]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-5-9 225856]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110927.033\NAVENG.SYS [2011-9-28 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110927.033\NAVEX15.SYS [2011-9-28 1576312]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-28 136176]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-28 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\33.tmp --> c:\windows\system32\33.tmp [?]
S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2011-4-3 128248]
S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2011-4-3 108800]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-27 21:03:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 15:49:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-26 17:25:31 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-26 17:25:31 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-09-26 13:47:44 -------- d-----w- c:\program files\Sophos
2011-09-26 13:23:59 -------- d-----w- c:\documents and settings\owner\application data\thecleaner
2011-09-26 13:04:44 -------- d-----w- c:\program files\Online TV Player 4
2011-09-08 04:42:03 -------- d-----w- c:\program files\iPod
2011-09-03 22:16:01 180224 ----a-r- c:\windows\system32\CNMIUA9.DLL
2011-08-30 13:00:43 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-08-30 13:00:43 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
.
==================== Find3M ====================
.
2011-08-27 10:27:00 107 ----a-w- c:\documents and settings\owner\application data\netstat.bat
2011-08-26 18:12:51 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-28 18:53:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 15:42:38 1409 ----a-w- c:\windows\QTFont.for
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 9:55:25.45 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/10/2011 4:44:36 PM
System Uptime: 9/27/2011 7:19:12 PM (14 hours ago)
.
Motherboard: First International Computer, Inc. | | K8MC51G
Processor: AMD Sempron(tm) Processor 3400+ | Socket 940 | 2009/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 145 GiB total, 104.553 GiB free.
D: is FIXED (FAT32) - 19 GiB total, 12.166 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.884 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP67: 6/30/2011 11:03:28 AM - Installed Java(TM) 6 Update 26
RP68: 6/30/2011 1:47:42 PM - Installed calibre
RP69: 7/1/2011 2:39:46 PM - System Checkpoint
RP70: 7/2/2011 2:58:33 PM - System Checkpoint
RP71: 7/3/2011 4:45:41 PM - System Checkpoint
RP72: 7/4/2011 4:58:32 PM - System Checkpoint
RP73: 7/5/2011 9:57:08 AM - Installed Windows XP -- Software Updates KB952011.
RP74: 7/6/2011 5:04:42 PM - System Checkpoint
RP75: 7/7/2011 5:53:49 PM - System Checkpoint
RP76: 7/8/2011 6:53:49 PM - System Checkpoint
RP77: 7/9/2011 7:53:49 PM - System Checkpoint
RP78: 7/10/2011 8:16:41 PM - System Checkpoint
RP79: 7/11/2011 8:33:41 PM - System Checkpoint
RP80: 7/12/2011 8:36:46 PM - System Checkpoint
RP81: 7/17/2011 9:48:06 PM - System Checkpoint
RP82: 7/18/2011 9:53:46 PM - System Checkpoint
RP83: 7/19/2011 9:58:41 PM - System Checkpoint
RP84: 7/22/2011 12:19:23 PM - System Checkpoint
RP85: 7/23/2011 4:24:47 PM - System Checkpoint
RP86: 7/27/2011 7:15:01 PM - System Checkpoint
RP87: 7/28/2011 8:24:23 PM - System Checkpoint
RP88: 7/29/2011 9:25:41 PM - System Checkpoint
RP89: 7/30/2011 9:33:25 PM - System Checkpoint
RP90: 8/1/2011 8:28:47 AM - System Checkpoint
RP91: 8/2/2011 8:33:27 AM - System Checkpoint
RP92: 8/2/2011 2:01:06 PM - Installed iTunes
RP93: 8/3/2011 4:07:43 PM - System Checkpoint
RP94: 8/4/2011 4:29:58 PM - System Checkpoint
RP95: 8/5/2011 5:29:55 PM - System Checkpoint
RP96: 8/7/2011 12:25:15 PM - System Checkpoint
RP97: 8/8/2011 1:17:26 PM - System Checkpoint
RP98: 8/9/2011 1:48:54 PM - System Checkpoint
RP99: 8/10/2011 2:42:49 PM - System Checkpoint
RP100: 8/11/2011 4:50:54 PM - System Checkpoint
RP101: 8/12/2011 5:42:47 PM - System Checkpoint
RP102: 8/13/2011 6:16:25 PM - System Checkpoint
RP103: 8/14/2011 6:41:47 PM - System Checkpoint
RP104: 8/15/2011 8:03:20 PM - System Checkpoint
RP105: 8/16/2011 8:05:33 PM - System Checkpoint
RP106: 8/17/2011 9:05:32 PM - System Checkpoint
RP107: 8/18/2011 10:04:34 PM - System Checkpoint
RP108: 8/19/2011 11:03:32 PM - System Checkpoint
RP109: 8/21/2011 12:03:32 AM - System Checkpoint
RP110: 8/22/2011 1:02:34 AM - System Checkpoint
RP111: 8/23/2011 1:23:34 AM - System Checkpoint
RP112: 8/24/2011 2:23:37 AM - System Checkpoint
RP113: 8/25/2011 2:23:44 AM - System Checkpoint
RP114: 8/25/2011 10:08:36 AM - Removed MSXML 4.0 SP2 (KB954430)
RP115: 8/25/2011 10:10:20 AM - Removed MSXML 4.0 SP2 (KB973688)
RP116: 8/25/2011 10:13:30 AM - Configured Digital Media Reader
RP117: 8/25/2011 1:40:50 PM - Installed CounterSpy.
RP118: 8/26/2011 3:05:41 PM - System Checkpoint
RP119: 8/27/2011 12:59:52 PM - Removed CounterSpy.
RP120: 8/28/2011 1:49:46 PM - System Checkpoint
RP121: 8/29/2011 2:10:11 PM - System Checkpoint
RP122: 8/30/2011 2:50:03 PM - System Checkpoint
RP123: 8/31/2011 3:25:58 PM - System Checkpoint
RP124: 9/1/2011 4:25:55 PM - System Checkpoint
RP125: 9/2/2011 6:47:28 PM - System Checkpoint
RP126: 9/3/2011 8:15:00 PM - System Checkpoint
RP127: 9/4/2011 8:25:59 PM - System Checkpoint
RP128: 9/5/2011 9:13:33 PM - System Checkpoint
RP129: 9/6/2011 9:13:54 PM - System Checkpoint
RP130: 9/7/2011 10:13:49 PM - System Checkpoint
RP131: 9/9/2011 7:13:00 AM - System Checkpoint
RP132: 9/10/2011 10:19:20 AM - System Checkpoint
RP133: 9/11/2011 10:30:39 AM - System Checkpoint
RP134: 9/12/2011 4:15:44 PM - System Checkpoint
RP135: 9/13/2011 5:04:19 PM - System Checkpoint
RP136: 9/14/2011 5:04:44 PM - System Checkpoint
RP137: 9/18/2011 11:39:11 PM - System Checkpoint
RP138: 9/20/2011 12:13:12 AM - System Checkpoint
RP139: 9/21/2011 12:43:05 AM - System Checkpoint
RP140: 9/22/2011 1:10:55 AM - System Checkpoint
RP141: 9/23/2011 1:29:38 AM - System Checkpoint
RP142: 9/24/2011 2:29:40 AM - System Checkpoint
RP143: 9/25/2011 3:29:42 AM - System Checkpoint
RP144: 9/26/2011 7:39:52 AM - System Checkpoint
RP145: 9/26/2011 9:13:19 AM - Removed Apple Mobile Device Support
RP146: 9/26/2011 9:14:07 AM - Removed Apple Software Update
RP147: 9/26/2011 9:14:36 AM - Removed Apple Application Support
RP148: 9/26/2011 9:16:24 AM - Removed Napster Burn Engine
RP149: 9/26/2011 9:16:36 AM - Removed Napster
RP150: 9/26/2011 12:35:43 PM - Removed iTunes
RP151: 9/26/2011 1:24:42 PM - Installed iTunes
RP152: 9/27/2011 1:53:59 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
calibre
Canon MP495 series MP Drivers
CCleaner
Conduit Engine
Digital Media Reader
Freemake Video Converter version 2.3.4
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows XP (KB2443685)
iTunes
J2SE Runtime Environment 5.0 Update 2
Java Auto Updater
Java(TM) 6 Update 26
KeyScrambler
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 5.0 (x86 en-US)
MSN
MyAshampoo Toolbar
Norton Internet Security
Norton PC Checkup
Norton Utilities 15
NVIDIA Drivers
Picasa 3
PowerDVD
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Recovery Software Suite eMachines
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SoftV92 Data Fax Modem with SmartCP
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB971029)
USB Disk Win98 Driver
VLC media player 1.1.7
WebFldrs XP
Windows Backup Utility
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows iLivid Toolbar
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Yahoo! Install Manager
.
==== Event Viewer Messages From Past Week ========
.
9/27/2011 7:20:21 PM, error: System Error [1003] - Error code 100000d1, parameter1 0000000c, parameter2 00000005, parameter3 00000001, parameter4 f73895f7.
9/27/2011 5:52:28 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
9/27/2011 5:51:44 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000000, parameter4 f7388876.
9/27/2011 1:07:43 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 00000400, parameter3 b80817a4, parameter4 00000000.
9/27/2011 1:06:10 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
9/27/2011 1:00:44 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
9/26/2011 8:37:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
9/26/2011 8:37:10 AM, error: Service Control Manager [7022] - The Freemake Service service hung on starting.
.
==== End Of File ===========================
was i to disconet the internet before download of dds?
Malwarebytes' Anti-Malware 1.51.2.1300
Database version: 7622
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/27/2011 12:15:26 PM
mbam-log-2011-09-27 (12-15-25).txt
Scan type: Quick scan
Objects scanned: 225996
Time elapsed: 23 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-28 09:41:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1600BB-22GUC0 rev.08.02D08
Running: cvc7pmoe.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awxcqaoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Owner at 9:54:59 on 2011-09-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.227 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ca.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.internet-home-page.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: Loader Class: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi371a~1\datamngr\BROWSE~1.DLL
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [<NO NAME>]
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [USB Storage Toolbox] c:\program files\usb disk win98 driver\Res.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297374933125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 213.109.65.90 213.109.73.246 1.1.1.1
TCP: Interfaces\{354A64A7-4185-40C3-BF23-E824C5A1252B} : DhcpNameServer = 213.109.65.90 213.109.73.246 1.1.1.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\hx1qwkps.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-2 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110920.001\BHDrvx86.sys [2011-9-26 816760]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 NGS;Norman General Security Driver;c:\program files\norman\nvc\bin\ngs.sys [2011-5-3 25032]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-2 136312]
R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\norton utilities 15\tools\disk doctor\DiskDoctorSrv.exe [2011-4-3 1029480]
R2 FreemakeUtilsService;Freemake Service;c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2011-8-26 74240]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-8-25 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.8.13\ccSvcHst.exe [2011-8-25 126392]
R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\norton utilities 15\tools\speeddisk\SpeedDiskSrv.exe [2011-4-3 1037672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-28 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110927.030\IDSXpx86.sys [2011-9-27 356280]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-5-9 225856]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110927.033\NAVENG.SYS [2011-9-28 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110927.033\NAVEX15.SYS [2011-9-28 1576312]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-28 136176]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-28 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\33.tmp --> c:\windows\system32\33.tmp [?]
S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2011-4-3 128248]
S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2011-4-3 108800]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-27 21:03:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 15:49:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-26 17:25:31 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-26 17:25:31 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-09-26 13:47:44 -------- d-----w- c:\program files\Sophos
2011-09-26 13:23:59 -------- d-----w- c:\documents and settings\owner\application data\thecleaner
2011-09-26 13:04:44 -------- d-----w- c:\program files\Online TV Player 4
2011-09-08 04:42:03 -------- d-----w- c:\program files\iPod
2011-09-03 22:16:01 180224 ----a-r- c:\windows\system32\CNMIUA9.DLL
2011-08-30 13:00:43 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-08-30 13:00:43 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
.
==================== Find3M ====================
.
2011-08-27 10:27:00 107 ----a-w- c:\documents and settings\owner\application data\netstat.bat
2011-08-26 18:12:51 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-28 18:53:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 15:42:38 1409 ----a-w- c:\windows\QTFont.for
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 9:55:25.45 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/10/2011 4:44:36 PM
System Uptime: 9/27/2011 7:19:12 PM (14 hours ago)
.
Motherboard: First International Computer, Inc. | | K8MC51G
Processor: AMD Sempron(tm) Processor 3400+ | Socket 940 | 2009/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 145 GiB total, 104.553 GiB free.
D: is FIXED (FAT32) - 19 GiB total, 12.166 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.884 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP67: 6/30/2011 11:03:28 AM - Installed Java(TM) 6 Update 26
RP68: 6/30/2011 1:47:42 PM - Installed calibre
RP69: 7/1/2011 2:39:46 PM - System Checkpoint
RP70: 7/2/2011 2:58:33 PM - System Checkpoint
RP71: 7/3/2011 4:45:41 PM - System Checkpoint
RP72: 7/4/2011 4:58:32 PM - System Checkpoint
RP73: 7/5/2011 9:57:08 AM - Installed Windows XP -- Software Updates KB952011.
RP74: 7/6/2011 5:04:42 PM - System Checkpoint
RP75: 7/7/2011 5:53:49 PM - System Checkpoint
RP76: 7/8/2011 6:53:49 PM - System Checkpoint
RP77: 7/9/2011 7:53:49 PM - System Checkpoint
RP78: 7/10/2011 8:16:41 PM - System Checkpoint
RP79: 7/11/2011 8:33:41 PM - System Checkpoint
RP80: 7/12/2011 8:36:46 PM - System Checkpoint
RP81: 7/17/2011 9:48:06 PM - System Checkpoint
RP82: 7/18/2011 9:53:46 PM - System Checkpoint
RP83: 7/19/2011 9:58:41 PM - System Checkpoint
RP84: 7/22/2011 12:19:23 PM - System Checkpoint
RP85: 7/23/2011 4:24:47 PM - System Checkpoint
RP86: 7/27/2011 7:15:01 PM - System Checkpoint
RP87: 7/28/2011 8:24:23 PM - System Checkpoint
RP88: 7/29/2011 9:25:41 PM - System Checkpoint
RP89: 7/30/2011 9:33:25 PM - System Checkpoint
RP90: 8/1/2011 8:28:47 AM - System Checkpoint
RP91: 8/2/2011 8:33:27 AM - System Checkpoint
RP92: 8/2/2011 2:01:06 PM - Installed iTunes
RP93: 8/3/2011 4:07:43 PM - System Checkpoint
RP94: 8/4/2011 4:29:58 PM - System Checkpoint
RP95: 8/5/2011 5:29:55 PM - System Checkpoint
RP96: 8/7/2011 12:25:15 PM - System Checkpoint
RP97: 8/8/2011 1:17:26 PM - System Checkpoint
RP98: 8/9/2011 1:48:54 PM - System Checkpoint
RP99: 8/10/2011 2:42:49 PM - System Checkpoint
RP100: 8/11/2011 4:50:54 PM - System Checkpoint
RP101: 8/12/2011 5:42:47 PM - System Checkpoint
RP102: 8/13/2011 6:16:25 PM - System Checkpoint
RP103: 8/14/2011 6:41:47 PM - System Checkpoint
RP104: 8/15/2011 8:03:20 PM - System Checkpoint
RP105: 8/16/2011 8:05:33 PM - System Checkpoint
RP106: 8/17/2011 9:05:32 PM - System Checkpoint
RP107: 8/18/2011 10:04:34 PM - System Checkpoint
RP108: 8/19/2011 11:03:32 PM - System Checkpoint
RP109: 8/21/2011 12:03:32 AM - System Checkpoint
RP110: 8/22/2011 1:02:34 AM - System Checkpoint
RP111: 8/23/2011 1:23:34 AM - System Checkpoint
RP112: 8/24/2011 2:23:37 AM - System Checkpoint
RP113: 8/25/2011 2:23:44 AM - System Checkpoint
RP114: 8/25/2011 10:08:36 AM - Removed MSXML 4.0 SP2 (KB954430)
RP115: 8/25/2011 10:10:20 AM - Removed MSXML 4.0 SP2 (KB973688)
RP116: 8/25/2011 10:13:30 AM - Configured Digital Media Reader
RP117: 8/25/2011 1:40:50 PM - Installed CounterSpy.
RP118: 8/26/2011 3:05:41 PM - System Checkpoint
RP119: 8/27/2011 12:59:52 PM - Removed CounterSpy.
RP120: 8/28/2011 1:49:46 PM - System Checkpoint
RP121: 8/29/2011 2:10:11 PM - System Checkpoint
RP122: 8/30/2011 2:50:03 PM - System Checkpoint
RP123: 8/31/2011 3:25:58 PM - System Checkpoint
RP124: 9/1/2011 4:25:55 PM - System Checkpoint
RP125: 9/2/2011 6:47:28 PM - System Checkpoint
RP126: 9/3/2011 8:15:00 PM - System Checkpoint
RP127: 9/4/2011 8:25:59 PM - System Checkpoint
RP128: 9/5/2011 9:13:33 PM - System Checkpoint
RP129: 9/6/2011 9:13:54 PM - System Checkpoint
RP130: 9/7/2011 10:13:49 PM - System Checkpoint
RP131: 9/9/2011 7:13:00 AM - System Checkpoint
RP132: 9/10/2011 10:19:20 AM - System Checkpoint
RP133: 9/11/2011 10:30:39 AM - System Checkpoint
RP134: 9/12/2011 4:15:44 PM - System Checkpoint
RP135: 9/13/2011 5:04:19 PM - System Checkpoint
RP136: 9/14/2011 5:04:44 PM - System Checkpoint
RP137: 9/18/2011 11:39:11 PM - System Checkpoint
RP138: 9/20/2011 12:13:12 AM - System Checkpoint
RP139: 9/21/2011 12:43:05 AM - System Checkpoint
RP140: 9/22/2011 1:10:55 AM - System Checkpoint
RP141: 9/23/2011 1:29:38 AM - System Checkpoint
RP142: 9/24/2011 2:29:40 AM - System Checkpoint
RP143: 9/25/2011 3:29:42 AM - System Checkpoint
RP144: 9/26/2011 7:39:52 AM - System Checkpoint
RP145: 9/26/2011 9:13:19 AM - Removed Apple Mobile Device Support
RP146: 9/26/2011 9:14:07 AM - Removed Apple Software Update
RP147: 9/26/2011 9:14:36 AM - Removed Apple Application Support
RP148: 9/26/2011 9:16:24 AM - Removed Napster Burn Engine
RP149: 9/26/2011 9:16:36 AM - Removed Napster
RP150: 9/26/2011 12:35:43 PM - Removed iTunes
RP151: 9/26/2011 1:24:42 PM - Installed iTunes
RP152: 9/27/2011 1:53:59 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
calibre
Canon MP495 series MP Drivers
CCleaner
Conduit Engine
Digital Media Reader
Freemake Video Converter version 2.3.4
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows XP (KB2443685)
iTunes
J2SE Runtime Environment 5.0 Update 2
Java Auto Updater
Java(TM) 6 Update 26
KeyScrambler
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 5.0 (x86 en-US)
MSN
MyAshampoo Toolbar
Norton Internet Security
Norton PC Checkup
Norton Utilities 15
NVIDIA Drivers
Picasa 3
PowerDVD
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Recovery Software Suite eMachines
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SoftV92 Data Fax Modem with SmartCP
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB971029)
USB Disk Win98 Driver
VLC media player 1.1.7
WebFldrs XP
Windows Backup Utility
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows iLivid Toolbar
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Yahoo! Install Manager
.
==== Event Viewer Messages From Past Week ========
.
9/27/2011 7:20:21 PM, error: System Error [1003] - Error code 100000d1, parameter1 0000000c, parameter2 00000005, parameter3 00000001, parameter4 f73895f7.
9/27/2011 5:52:28 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
9/27/2011 5:51:44 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000000, parameter4 f7388876.
9/27/2011 1:07:43 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 00000400, parameter3 b80817a4, parameter4 00000000.
9/27/2011 1:06:10 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
9/27/2011 1:00:44 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
9/26/2011 8:37:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
9/26/2011 8:37:10 AM, error: Service Control Manager [7022] - The Freemake Service service hung on starting.
.
==== End Of File ===========================
was i to disconet the internet before download of dds?
Broni
Posts: 56,041 +516
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:
On completion of the scan click "Save log", save it to your desktop and post in your next reply:
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
=============================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:
On completion of the scan click "Save log", save it to your desktop and post in your next reply:
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
=============================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE 2. If Combofix asks you to update the program, always do so.- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-28 09:41:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1600BB-22GUC0 rev.08.02D08
Running: cvc7pmoe.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awxcqaoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
it will not open mbr file dat file
Rootkit quick scan 2011-09-28 09:41:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1600BB-22GUC0 rev.08.02D08
Running: cvc7pmoe.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awxcqaoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
it will not open mbr file dat file
i ran the scan again this time i haComboFix 11-09-28.06 - Owner 09/28/2011 23:31:14.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.395 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Start Menu\Programs\System Recovery
c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk
c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk
c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\System Recovery.lnk
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\LocalService\Application Data\PriceGong
c:\documents and settings\LocalService\Application Data\PriceGong\Data\1.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\a.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\b.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\c.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\d.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\e.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\f.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\g.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\h.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\i.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\J.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\k.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\l.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\m.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\n.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\o.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\p.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\q.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\r.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\s.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\t.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\u.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\v.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\w.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\x.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\y.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner\Application Data\Adobe\plugs
c:\documents and settings\Owner\Application Data\Adobe\shed
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\10.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\1707.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\2782.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\3620.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\4436.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\450.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\83.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\mmc.exe.959a7e97.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\SL387.tmp.61a543c3.ini
c:\documents and settings\Owner\Start Menu\Programs\System Recovery
c:\documents and settings\Owner\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk
c:\documents and settings\Owner\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk
c:\documents and settings\Owner\Start Menu\Programs\System Recovery\System Recovery.lnk
c:\documents and settings\Owner\WINDOWS
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\program files\Shared
c:\program files\Shared\shared.sig
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\d3d9caps.dat
E:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-28 19:39 . 2011-09-28 19:39 -------- d-----w- c:\program files\File Type Assistant
2011-09-27 21:03 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 15:49 . 2011-09-27 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-26 17:25 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-26 17:25 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-09-26 17:23 . 2011-09-26 17:23 -------- d-----w- c:\program files\Apple Software Update
2011-09-26 13:47 . 2011-09-26 16:38 -------- d-----w- c:\program files\Sophos
2011-09-26 13:23 . 2011-09-26 13:23 -------- d-----w- c:\documents and settings\Owner\Application Data\thecleaner
2011-09-26 13:04 . 2011-09-26 13:12 -------- d-----w- c:\program files\Online TV Player 4
2011-09-08 04:42 . 2011-09-08 04:42 -------- d-----w- c:\program files\iPod
2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2011-09-03 22:16 . 2010-03-11 08:56 180224 ----a-r- c:\windows\system32\CNMIUA9.DLL
2011-08-30 13:00 . 2011-08-30 13:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-30 13:00 . 2011-08-30 13:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-27 10:27 . 2011-08-27 10:20 107 ----a-w- c:\documents and settings\Owner\Application Data\netstat.bat
2011-08-26 18:12 . 2011-06-03 15:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-28 18:53 . 2011-07-06 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 15:42 . 2011-07-19 15:42 1409 ----a-w- c:\windows\QTFont.for
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-08-30 13:00 . 2011-04-17 01:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-15 65536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [5/2/2011 6:17 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [5/2/2011 6:17 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110920.001\BHDrvx86.sys [9/26/2011 6:11 PM 816760]
R1 NGS;Norman General Security Driver;c:\program files\Norman\nvc\bin\ngs.sys [5/3/2011 1:42 PM 25032]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [5/2/2011 6:17 PM 136312]
R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [4/3/2011 1:29 PM 1029480]
R2 FreemakeUtilsService;Freemake Service;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [8/26/2011 2:20 PM 74240]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 6:16 PM 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [8/25/2011 9:30 AM 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [8/25/2011 9:30 AM 126392]
R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [4/3/2011 1:29 PM 1037672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2011 2:18 PM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110928.030\IDSXpx86.sys [9/28/2011 6:18 PM 356280]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [5/9/2011 12:17 PM 225856]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2011 1:50 PM 136176]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 5:33 AM 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 5:33 AM 30432]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2011 1:50 PM 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\33.tmp --> c:\windows\system32\33.tmp [?]
S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [4/3/2011 1:29 PM 128248]
S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [4/3/2011 1:29 PM 108800]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:50]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:50]
.
2011-09-29 c:\windows\Tasks\NUSchedule.job
- c:\program files\Norton Utilities 15\nu.exe [2011-04-03 06:23]
.
2011-09-29 c:\windows\Tasks\strvm.job
- c:\windows\system32\mstext40H.dll [2011-04-01 19:03]
.
2011-09-29 c:\windows\Tasks\User_Feed_Synchronization-{8C583C3F-9553-4E6C-977F-A39374FB4BAD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 213.109.65.90 213.109.73.246 1.1.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hx1qwkps.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-29 00:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\33.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3264)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-09-29 00:06:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-29 04:06
.
Pre-Run: 112,048,529,408 bytes free
Post-Run: 112,878,432,256 bytes free
.
- - End Of File - - 672FD8E6DDCE4BA132772242F4AA87CA
ve a log
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.395 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Start Menu\Programs\System Recovery
c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk
c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk
c:\documents and settings\Administrator\Start Menu\Programs\System Recovery\System Recovery.lnk
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\LocalService\Application Data\PriceGong
c:\documents and settings\LocalService\Application Data\PriceGong\Data\1.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\a.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\b.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\c.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\d.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\e.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\f.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\g.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\h.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\i.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\J.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\k.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\l.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\m.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\n.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\o.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\p.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\q.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\r.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\s.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\t.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\u.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\v.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\w.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\x.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\y.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner\Application Data\Adobe\plugs
c:\documents and settings\Owner\Application Data\Adobe\shed
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\10.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\1707.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\2782.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\3620.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\4436.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\450.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\83.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\mmc.exe.959a7e97.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\SL387.tmp.61a543c3.ini
c:\documents and settings\Owner\Start Menu\Programs\System Recovery
c:\documents and settings\Owner\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk
c:\documents and settings\Owner\Start Menu\Programs\System Recovery\Create my Drivers-Applications CD(s).lnk
c:\documents and settings\Owner\Start Menu\Programs\System Recovery\System Recovery.lnk
c:\documents and settings\Owner\WINDOWS
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\program files\Shared
c:\program files\Shared\shared.sig
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\d3d9caps.dat
E:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-28 19:39 . 2011-09-28 19:39 -------- d-----w- c:\program files\File Type Assistant
2011-09-27 21:03 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 15:49 . 2011-09-27 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-26 17:25 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-26 17:25 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-09-26 17:23 . 2011-09-26 17:23 -------- d-----w- c:\program files\Apple Software Update
2011-09-26 13:47 . 2011-09-26 16:38 -------- d-----w- c:\program files\Sophos
2011-09-26 13:23 . 2011-09-26 13:23 -------- d-----w- c:\documents and settings\Owner\Application Data\thecleaner
2011-09-26 13:04 . 2011-09-26 13:12 -------- d-----w- c:\program files\Online TV Player 4
2011-09-08 04:42 . 2011-09-08 04:42 -------- d-----w- c:\program files\iPod
2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2011-09-03 22:16 . 2010-03-11 08:56 180224 ----a-r- c:\windows\system32\CNMIUA9.DLL
2011-08-30 13:00 . 2011-08-30 13:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-30 13:00 . 2011-08-30 13:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-27 10:27 . 2011-08-27 10:20 107 ----a-w- c:\documents and settings\Owner\Application Data\netstat.bat
2011-08-26 18:12 . 2011-06-03 15:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-28 18:53 . 2011-07-06 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 15:42 . 2011-07-19 15:42 1409 ----a-w- c:\windows\QTFont.for
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-08-30 13:00 . 2011-04-17 01:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-15 65536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [5/2/2011 6:17 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [5/2/2011 6:17 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110920.001\BHDrvx86.sys [9/26/2011 6:11 PM 816760]
R1 NGS;Norman General Security Driver;c:\program files\Norman\nvc\bin\ngs.sys [5/3/2011 1:42 PM 25032]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [5/2/2011 6:17 PM 136312]
R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [4/3/2011 1:29 PM 1029480]
R2 FreemakeUtilsService;Freemake Service;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [8/26/2011 2:20 PM 74240]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 6:16 PM 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [8/25/2011 9:30 AM 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [8/25/2011 9:30 AM 126392]
R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [4/3/2011 1:29 PM 1037672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2011 2:18 PM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110928.030\IDSXpx86.sys [9/28/2011 6:18 PM 356280]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [5/9/2011 12:17 PM 225856]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2011 1:50 PM 136176]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 5:33 AM 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 5:33 AM 30432]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2011 1:50 PM 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\33.tmp --> c:\windows\system32\33.tmp [?]
S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [4/3/2011 1:29 PM 128248]
S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [4/3/2011 1:29 PM 108800]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:50]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:50]
.
2011-09-29 c:\windows\Tasks\NUSchedule.job
- c:\program files\Norton Utilities 15\nu.exe [2011-04-03 06:23]
.
2011-09-29 c:\windows\Tasks\strvm.job
- c:\windows\system32\mstext40H.dll [2011-04-01 19:03]
.
2011-09-29 c:\windows\Tasks\User_Feed_Synchronization-{8C583C3F-9553-4E6C-977F-A39374FB4BAD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 213.109.65.90 213.109.73.246 1.1.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hx1qwkps.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-29 00:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\33.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3264)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-09-29 00:06:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-29 04:06
.
Pre-Run: 112,048,529,408 bytes free
Post-Run: 112,878,432,256 bytes free
.
- - End Of File - - 672FD8E6DDCE4BA132772242F4AA87CA
ve a log
I have just norten running the firewall and anti virus i don't know where avg came from and what is mse?
A pop up comes up when I start saying Internet explorer is currently not my default Browser would I like it to be ? i have said no for now but what is my browser then? some strange sites still come up that I did not ask for .
thank you so much for spending this time with me and helping me out.
A pop up comes up when I start saying Internet explorer is currently not my default Browser would I like it to be ? i have said no for now but what is my browser then? some strange sites still come up that I did not ask for .
thank you so much for spending this time with me and helping me out.
Broni
Posts: 56,041 +516
I can see Microsoft Security Essentials (MSE) listed in Add\Remove.
Since you're using Norton, you must uninstall MSE.
Your Internet Explorer will be fine.
To remove AVG leftovers, please run AVG Remover: http://www.avg.com/us-en/utilities
When you're done with the above post fresh Combofix log.
Since you're using Norton, you must uninstall MSE.
Your Internet Explorer will be fine.
To remove AVG leftovers, please run AVG Remover: http://www.avg.com/us-en/utilities
When you're done with the above post fresh Combofix log.
ComboFix 11-09-29.02 - Owner 09/29/2011 8:58.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.440 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Version.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\version.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-28 19:39 . 2011-09-28 19:39 -------- d-----w- c:\program files\File Type Assistant
2011-09-28 19:28 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-28 19:28 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-09-28 19:24 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-27 21:03 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 15:49 . 2011-09-27 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-26 17:25 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-26 17:25 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-09-26 17:23 . 2011-09-26 17:23 -------- d-----w- c:\program files\Apple Software Update
2011-09-26 13:47 . 2011-09-26 16:38 -------- d-----w- c:\program files\Sophos
2011-09-26 13:23 . 2011-09-26 13:23 -------- d-----w- c:\documents and settings\Owner\Application Data\thecleaner
2011-09-26 13:04 . 2011-09-26 13:12 -------- d-----w- c:\program files\Online TV Player 4
2011-09-09 09:12 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-08 04:42 . 2011-09-08 04:42 -------- d-----w- c:\program files\iPod
2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2011-09-03 22:16 . 2010-03-11 08:56 180224 ----a-r- c:\windows\system32\CNMIUA9.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-27 10:27 . 2011-08-27 10:20 107 ----a-w- c:\documents and settings\Owner\Application Data\netstat.bat
2011-08-26 18:12 . 2011-06-03 15:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-28 18:53 . 2011-07-06 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 15:42 . 2011-07-19 15:42 1409 ----a-w- c:\windows\QTFont.for
2011-07-15 13:29 . 2004-08-26 16:12 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-26 16:12 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-08-30 13:00 . 2011-04-17 01:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-29_04.01.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-14 00:17 . 2011-05-14 00:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2011-09-29 12:46 . 2011-09-29 12:46 16384 c:\windows\Temp\Perflib_Perfdata_650.dat
+ 2011-09-29 13:14 . 2011-09-29 13:14 16384 c:\windows\Temp\Perflib_Perfdata_62c.dat
+ 2011-02-10 22:19 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2011-02-10 22:19 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2004-08-26 16:12 . 2011-03-20 19:49 61974 c:\windows\system32\perfc009.dat
+ 2004-08-26 16:12 . 2011-09-29 05:03 61974 c:\windows\system32\perfc009.dat
- 2004-08-26 16:12 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-26 16:12 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 09:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 09:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-26 16:11 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
- 2004-08-26 16:11 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
- 2011-02-10 20:29 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-02-10 20:29 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-26 16:12 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-26 16:12 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-02-10 20:29 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2011-02-10 20:29 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-26 16:11 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
- 2004-08-26 16:11 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 37240 c:\
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.440 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Version.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\version.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-28 19:39 . 2011-09-28 19:39 -------- d-----w- c:\program files\File Type Assistant
2011-09-28 19:28 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-28 19:28 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-09-28 19:24 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-27 21:03 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 15:49 . 2011-09-27 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-26 17:25 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-26 17:25 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-09-26 17:23 . 2011-09-26 17:23 -------- d-----w- c:\program files\Apple Software Update
2011-09-26 13:47 . 2011-09-26 16:38 -------- d-----w- c:\program files\Sophos
2011-09-26 13:23 . 2011-09-26 13:23 -------- d-----w- c:\documents and settings\Owner\Application Data\thecleaner
2011-09-26 13:04 . 2011-09-26 13:12 -------- d-----w- c:\program files\Online TV Player 4
2011-09-09 09:12 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-08 04:42 . 2011-09-08 04:42 -------- d-----w- c:\program files\iPod
2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2011-09-03 22:16 . 2010-03-11 08:56 180224 ----a-r- c:\windows\system32\CNMIUA9.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-27 10:27 . 2011-08-27 10:20 107 ----a-w- c:\documents and settings\Owner\Application Data\netstat.bat
2011-08-26 18:12 . 2011-06-03 15:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-28 18:53 . 2011-07-06 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 15:42 . 2011-07-19 15:42 1409 ----a-w- c:\windows\QTFont.for
2011-07-15 13:29 . 2004-08-26 16:12 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-26 16:12 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-08-30 13:00 . 2011-04-17 01:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-29_04.01.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-14 00:17 . 2011-05-14 00:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2011-09-29 12:46 . 2011-09-29 12:46 16384 c:\windows\Temp\Perflib_Perfdata_650.dat
+ 2011-09-29 13:14 . 2011-09-29 13:14 16384 c:\windows\Temp\Perflib_Perfdata_62c.dat
+ 2011-02-10 22:19 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2011-02-10 22:19 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2004-08-26 16:12 . 2011-03-20 19:49 61974 c:\windows\system32\perfc009.dat
+ 2004-08-26 16:12 . 2011-09-29 05:03 61974 c:\windows\system32\perfc009.dat
- 2004-08-26 16:12 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-26 16:12 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 09:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 09:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-26 16:11 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
- 2004-08-26 16:11 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
- 2011-02-10 20:29 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-02-10 20:29 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-26 16:12 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-26 16:12 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-02-10 20:29 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2011-02-10 20:29 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-26 16:11 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
- 2004-08-26 16:11 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 37240 c:\
ComboFix 11-09-29.02 - Owner 09/29/2011 8:58.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.440 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Version.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\version.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-28 19:39 . 2011-09-28 19:39 -------- d-----w- c:\program files\File Type Assistant
2011-09-28 19:28 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-28 19:28 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-09-28 19:24 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-27 21:03 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 15:49 . 2011-09-27 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-26 17:25 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-26 17:25 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-09-26 17:23 . 2011-09-26 17:23 -------- d-----w- c:\program files\Apple Software Update
2011-09-26 13:47 . 2011-09-26 16:38 -------- d-----w- c:\program files\Sophos
2011-09-26 13:23 . 2011-09-26 13:23 -------- d-----w- c:\documents and settings\Owner\Application Data\thecleaner
2011-09-26 13:04 . 2011-09-26 13:12 -------- d-----w- c:\program files\Online TV Player 4
2011-09-09 09:12 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-08 04:42 . 2011-09-08 04:42 -------- d-----w- c:\program files\iPod
2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2011-09-03 22:16 . 2010-03-11 08:56 180224 ----a-r- c:\windows\system32\CNMIUA9.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-27 10:27 . 2011-08-27 10:20 107 ----a-w- c:\documents and settings\Owner\Application Data\netstat.bat
2011-08-26 18:12 . 2011-06-03 15:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-28 18:53 . 2011-07-06 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 15:42 . 2011-07-19 15:42 1409 ----a-w- c:\windows\QTFont.for
2011-07-15 13:29 . 2004-08-26 16:12 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-26 16:12 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-08-30 13:00 . 2011-04-17 01:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-29_04.01.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-14 00:17 . 2011-05-14 00:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2011-09-29 12:46 . 2011-09-29 12:46 16384 c:\windows\Temp\Perflib_Perfdata_650.dat
+ 2011-09-29 13:14 . 2011-09-29 13:14 16384 c:\windows\Temp\Perflib_Perfdata_62c.dat
+ 2011-02-10 22:19 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2011-02-10 22:19 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2004-08-26 16:12 . 2011-03-20 19:49 61974 c:\windows\system32\perfc009.dat
+ 2004-08-26 16:12 . 2011-09-29 05:03 61974 c:\windows\system32\perfc009.dat
- 2004-08-26 16:12 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-26 16:12 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 09:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 09:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-26 16:11 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
- 2004-08-26 16:11 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
- 2011-02-10 20:29 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-02-10 20:29 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-26 16:12 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-26 16:12 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-02-10 20:29 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2011-02-10 20:29 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-26 16:11 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
- 2004-08-26 16:11 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.440 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Version.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\version.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-28 19:39 . 2011-09-28 19:39 -------- d-----w- c:\program files\File Type Assistant
2011-09-28 19:28 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-28 19:28 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-09-28 19:24 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-27 21:03 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 15:49 . 2011-09-27 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-26 17:25 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-26 17:25 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-09-26 17:23 . 2011-09-26 17:23 -------- d-----w- c:\program files\Apple Software Update
2011-09-26 13:47 . 2011-09-26 16:38 -------- d-----w- c:\program files\Sophos
2011-09-26 13:23 . 2011-09-26 13:23 -------- d-----w- c:\documents and settings\Owner\Application Data\thecleaner
2011-09-26 13:04 . 2011-09-26 13:12 -------- d-----w- c:\program files\Online TV Player 4
2011-09-09 09:12 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-08 04:42 . 2011-09-08 04:42 -------- d-----w- c:\program files\iPod
2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-09-03 22:16 . 2011-09-03 22:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2011-09-03 22:16 . 2010-03-11 08:56 180224 ----a-r- c:\windows\system32\CNMIUA9.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-27 10:27 . 2011-08-27 10:20 107 ----a-w- c:\documents and settings\Owner\Application Data\netstat.bat
2011-08-26 18:12 . 2011-06-03 15:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-28 18:53 . 2011-07-06 02:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 15:42 . 2011-07-19 15:42 1409 ----a-w- c:\windows\QTFont.for
2011-07-15 13:29 . 2004-08-26 16:12 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-26 16:12 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-08-30 13:00 . 2011-04-17 01:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-29_04.01.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-14 00:17 . 2011-05-14 00:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2011-09-29 12:46 . 2011-09-29 12:46 16384 c:\windows\Temp\Perflib_Perfdata_650.dat
+ 2011-09-29 13:14 . 2011-09-29 13:14 16384 c:\windows\Temp\Perflib_Perfdata_62c.dat
+ 2011-02-10 22:19 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2011-02-10 22:19 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2004-08-26 16:12 . 2011-03-20 19:49 61974 c:\windows\system32\perfc009.dat
+ 2004-08-26 16:12 . 2011-09-29 05:03 61974 c:\windows\system32\perfc009.dat
- 2004-08-26 16:12 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-26 16:12 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 09:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 09:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-26 16:11 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
- 2004-08-26 16:11 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
- 2011-02-10 20:29 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-02-10 20:29 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-26 16:12 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-26 16:12 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-02-10 20:29 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2011-02-10 20:29 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-26 16:11 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-26 16:11 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-26 16:11 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
- 2004-08-26 16:11 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 223744 c:\windows\Installer\304053.msi
+ 2011-09-29 04:53 . 2011-09-29 04:53 467456 c:\windows\Installer\304028.msi
+ 2011-09-29 04:51 . 2010-12-20 23:59 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-09-29 04:51 . 2009-03-08 09:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-09-29 04:51 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-09-29 04:51 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-09-29 04:51 . 2010-12-20 23:59 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-09-29 04:51 . 2010-12-20 12:55 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
+ 2011-09-29 04:52 . 2009-03-08 09:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2011-09-29 04:52 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2011-09-29 04:52 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2011-09-29 04:52 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-09-29 04:52 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-09-29 04:52 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-09-29 04:52 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-02-10 22:18 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-03-20 19:45 . 2011-03-20 19:45 746336 c:\windows\assembly\temp\KYM6STFZLQ\Microsoft.JScript.dll
+ 2011-03-20 19:45 . 2011-03-20 19:45 409448 c:\windows\assembly\temp\DSTN3VLFBX\System.configuration.dll
+ 2011-09-29 11:40 . 2011-09-29 11:40 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\97a1f8a5a83114e0cea11549602e8e72\WindowsFormsIntegration.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\7297158168dfc68b1b96bf6b0f56b093\UIAutomationTypes.ni.dll
+ 2011-09-29 11:40 . 2011-09-29 11:40 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\acc81364b5b1d54918a55f0ae0fbc043\UIAutomationClient.ni.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ff20e15edfa14ce628b0502173347062\System.Xml.Linq.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\40e165d670da20b9911cf7f15db916d2\System.Windows.Input.Manipulations.ni.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\0df91adfb9c0e51b7b967d61e8151b78\System.Transactions.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\840f9b4d51622f9f29888aae168a196c\System.ServiceProcess.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8e99e3e3b47a1b63e678271947a72e22\System.ServiceModel.Routing.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\cbb93497a3dddc9ab32316cc54dfb16a\System.Security.ni.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a31a4045963913a3228777af311f4428\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 762368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8985ef7c12df01b25c53bd80f7103819\System.Runtime.Remoting.ni.dll
+ 2011-09-29 04:58 . 2011-09-29 04:58 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\6bff4a4db9703b01e7495f5f9e0f2baf\System.Numerics.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\ce945fe046c7c152d4785fe24c22eee9\System.Net.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\f07d8a06ff89e9c2db9f2ad73e88d421\System.Messaging.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\ec65b7f29e6d9c27cad0bb4f6199701f\System.Management.Instrumentation.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\5e1621afee65228e6dc7fbc9fb35f091\System.IO.Log.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\1f10456671d393187b6e2511155b8cd6\System.IdentityModel.Selectors.ni.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.Wrapper.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\c87031ba66d6a1809ac68142397eeddf\System.Dynamic.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\f75ffd1a51b56e5171335277ca7d2ead\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\448b1912c09fe3be836533e1c04332ce\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\a8f34f6b7fc87869ea63c0a5a45e4106\System.Device.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\8e8d0552f18365e5f57fe20cf3aebcbb\System.Data.DataSetExtensions.ni.dll
+ 2011-09-29 05:06 . 2011-09-29 05:06 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\618e6d3cd8824d6d72ae1767acaa1078\System.Configuration.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\1f12624743789147c54a5c70b34e47b7\System.Configuration.Install.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4ce4ff836715d7e822200dd340ce8c32\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-29 05:06 . 2011-09-29 05:06 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\15f169fe8bb8f4cf564093b812c46959\System.ComponentModel.Composition.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\285ebbd21d182235113a348c951afd12\System.AddIn.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\4a37977779bc648b11b8c333bfc1c2b8\System.Activities.DurableInstancing.ni.dll
+ 2011-09-29 05:09 . 2011-09-29 05:09 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\7190f7e40c8095e13f45e40b1709671f\SMSvcHost.ni.exe
+ 2011-09-29 11:35 . 2011-09-29 11:35 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b028b6680f5a3b315320a5bf7b659518\SMDiagnostics.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b61b31d1f518e9663fc204e7de21215a\PresentationFramework.Aero.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a348b36756a7be813df69750717dd563\PresentationFramework.Luna.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9c37ac442a730e335146d5a82c52ed39\PresentationFramework.Royale.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7da6438d5b963b85283a2b793e60aadf\PresentationFramework.Classic.ni.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a26d5665e589bdc7f46544a94cf49338\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-09-29 05:09 . 2011-09-29 05:09 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\23c48b3a578d71fd90e8d8db8e7d6b37\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-29 05:02 . 2011-09-29 05:02 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\dcc2883f0bbf0909874059fe9768016b\CustomMarshalers.ni.dll
+ 2011-09-28 19:28 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2011-05-14 00:04 . 2011-05-14 00:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 00:04 . 2011-05-14 00:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2004-08-26 16:12 . 2011-06-02 14:02 1858944 c:\windows\system32\win32k.sys
+ 2004-08-26 16:12 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-26 16:12 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll
+ 2009-03-08 09:32 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll
- 2009-03-08 09:32 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
+ 2010-05-02 05:22 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-26 16:12 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-26 16:12 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll
- 2011-02-10 20:29 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-02-10 20:29 . 2011-06-23 18:36 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 5028200 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2011-03-23 02:01 . 2011-03-23 02:01 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 1142104 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-03-25 13:03 . 2011-03-25 13:03 5079552 c:\windows\Installer\30403f.msp
+ 2011-09-29 04:51 . 2010-12-20 23:59 1210880 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 5961216 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-03-20 19:45 . 2011-03-20 19:45 3481928 c:\windows\assembly\temp\O1G10E02HD\System.dll
+ 2011-03-20 19:46 . 2011-03-20 19:46 2207568 c:\windows\assembly\temp\G3LZLGSD91\System.XML.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3154b66d01dcd674b256e03d5f359fac\WindowsBase.ni.dll
+ 2011-09-29 11:40 . 2011-09-29 11:40 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\2b22ef03091f893f5b381514149a472b\UIAutomationClientsideProviders.ni.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 9085440 c:\windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll
+ 2011-09-29 04:56 . 2011-09-29 04:56 9060352 c:\windows\assembly\NativeImages_v4.0.30319_32\System\3e6310122b78fa46230e670128eb9956\System.ni.dll
+ 2011-09-29 05:06 . 2011-09-29 05:06 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\19f85a4f6faaeb87a9055ccf23a9f8b7\System.Xaml.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\de9ec945d6cdd90010c824320e8bc332\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 1859584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\3e5c07211446b947b1ecb6963946320a\System.Web.Services.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\11a89b103320d603c0bfa48179c3fe1d\System.Speech.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e492bb75168cc53d57c2dd5e32e9911c\System.ServiceModel.Activities.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b66a8b2c0b8c12540831b41c92bede12\System.ServiceModel.Discovery.ni.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ce480f313eb8be9a3a4dd6d7902325\System.Runtime.Serialization.ni.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\b9f7f5b0b28dd57cb5400c437c388545\System.Runtime.DurableInstancing.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\39c3d706f0fbc21443c7747f203b0b34\System.Printing.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\76d7e84f5dca7908b45edba58bd12f48\System.Management.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\02c1363d5beb2ae5c5722bc8f6c5b77a\System.IdentityModel.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\66c88143bc4b9f4a744b6d65e2c3629a\System.DirectoryServices.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\03ca38b342903b50623336b29aa507c9\System.Deployment.ni.dll
+ 2011-09-29 05:06 . 2011-09-29 05:06 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6e6f321459aa81611031cfb582e77cc6\System.Data.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\dcdaf1644fb3aabdbea894f05d55e1ba\System.Data.SqlXml.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\0e629bbc4ccd76e072189ccbc9d7903f\System.Data.Services.Client.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\b11b842599889fe730da493d0c5e1857\System.Data.Linq.ni.dll
+ 2011-09-29 04:57 . 2011-09-29 04:57 7049216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\295e5058841ce043c8eb5a659e5ed291\System.Core.ni.dll
+ 2011-09-29 05:05 . 2011-09-29 05:05 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\0d4cdd1b911d6e28b4fd5c43ab39f7ea\System.Core.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\4d3a20f0598b5da0ebf9e505b51886b9\System.Activities.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\e4566f552e3bda84571e04a7e5d1c41f\System.Activities.Presentation.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\236373716dcb48f5687dd6997559a425\System.Activities.Core.Presentation.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\48530a5ad6ec27254cde667e02d3f198\ReachFramework.ni.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\5dcab8576a5e02d7264bfeed28ce69b9\PresentationUI.ni.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e8c36043a5faedc93716717fc5bcdb05\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\b4879bc20d7a718dcb51f0419721e5e5\Microsoft.VisualBasic.ni.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\aff7d215dd130cd94c54784c2df60e95\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-09-29 05:09 . 2011-09-29 05:09 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\156733cb276aff562e0c39d8b4fde1c6\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\2f83c7b63b1443a26f40b9f66bec3e2a\Microsoft.JScript.ni.dll
+ 2011-09-29 05:06 . 2011-09-29 05:06 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\fcccb5e4d4bd338c678efcfa2b3e1058\Microsoft.CSharp.ni.dll
+ 2011-02-10 20:27 . 2011-09-16 14:38 47369160 c:\windows\system32\MRT.exe
+ 2009-03-08 09:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
+ 2011-02-10 20:29 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-09-29 05:08 . 2011-09-29 05:08 20333056 c:\windows\Installer\30404b.msp
+ 2011-04-13 15:37 . 2011-04-13 15:37 19201024 c:\windows\Installer\304037.msp
+ 2011-09-29 04:51 . 2010-12-21 10:29 11080704 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dc31b22f78cb510bf470f0ab5ef65816\System.ServiceModel.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\978e8514751373383f79c3fdd667aa2b\System.Data.Entity.ni.dll
+ 2011-09-29 05:05 . 2011-09-29 05:05 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2250ddb1626087da27fb00f46a679ff5\PresentationFramework.ni.dll
+ 2011-09-29 05:05 . 2011-09-29 05:05 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ca8307311e87b234b2faa5ee08332722\PresentationCore.ni.dll
+ 2011-09-29 04:56 . 2011-09-29 04:56 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
- 2010-03-18 17:16 . 2010-03-18 17:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 223744 c:\windows\Installer\304053.msi
+ 2011-09-29 04:53 . 2011-09-29 04:53 467456 c:\windows\Installer\304028.msi
+ 2011-09-29 04:51 . 2010-12-20 23:59 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-09-29 04:51 . 2009-03-08 09:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-09-29 04:51 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-09-29 04:51 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-09-29 04:51 . 2010-12-20 23:59 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-09-29 04:51 . 2010-12-20 12:55 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
+ 2011-09-29 04:52 . 2009-03-08 09:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2011-09-29 04:52 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2011-09-29 04:52 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2011-09-29 04:52 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-09-29 04:52 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-09-29 04:52 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-09-29 04:52 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-02-10 22:18 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-03-20 19:45 . 2011-03-20 19:45 746336 c:\windows\assembly\temp\KYM6STFZLQ\Microsoft.JScript.dll
+ 2011-03-20 19:45 . 2011-03-20 19:45 409448 c:\windows\assembly\temp\DSTN3VLFBX\System.configuration.dll
+ 2011-09-29 11:40 . 2011-09-29 11:40 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\97a1f8a5a83114e0cea11549602e8e72\WindowsFormsIntegration.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\7297158168dfc68b1b96bf6b0f56b093\UIAutomationTypes.ni.dll
+ 2011-09-29 11:40 . 2011-09-29 11:40 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\acc81364b5b1d54918a55f0ae0fbc043\UIAutomationClient.ni.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ff20e15edfa14ce628b0502173347062\System.Xml.Linq.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\40e165d670da20b9911cf7f15db916d2\System.Windows.Input.Manipulations.ni.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\0df91adfb9c0e51b7b967d61e8151b78\System.Transactions.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\840f9b4d51622f9f29888aae168a196c\System.ServiceProcess.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8e99e3e3b47a1b63e678271947a72e22\System.ServiceModel.Routing.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\cbb93497a3dddc9ab32316cc54dfb16a\System.Security.ni.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a31a4045963913a3228777af311f4428\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 762368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8985ef7c12df01b25c53bd80f7103819\System.Runtime.Remoting.ni.dll
+ 2011-09-29 04:58 . 2011-09-29 04:58 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\6bff4a4db9703b01e7495f5f9e0f2baf\System.Numerics.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\ce945fe046c7c152d4785fe24c22eee9\System.Net.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\f07d8a06ff89e9c2db9f2ad73e88d421\System.Messaging.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\ec65b7f29e6d9c27cad0bb4f6199701f\System.Management.Instrumentation.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\5e1621afee65228e6dc7fbc9fb35f091\System.IO.Log.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\1f10456671d393187b6e2511155b8cd6\System.IdentityModel.Selectors.ni.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.Wrapper.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\c87031ba66d6a1809ac68142397eeddf\System.Dynamic.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\f75ffd1a51b56e5171335277ca7d2ead\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\448b1912c09fe3be836533e1c04332ce\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\a8f34f6b7fc87869ea63c0a5a45e4106\System.Device.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\8e8d0552f18365e5f57fe20cf3aebcbb\System.Data.DataSetExtensions.ni.dll
+ 2011-09-29 05:06 . 2011-09-29 05:06 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\618e6d3cd8824d6d72ae1767acaa1078\System.Configuration.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\1f12624743789147c54a5c70b34e47b7\System.Configuration.Install.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4ce4ff836715d7e822200dd340ce8c32\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-29 05:06 . 2011-09-29 05:06 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\15f169fe8bb8f4cf564093b812c46959\System.ComponentModel.Composition.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\285ebbd21d182235113a348c951afd12\System.AddIn.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\4a37977779bc648b11b8c333bfc1c2b8\System.Activities.DurableInstancing.ni.dll
+ 2011-09-29 05:09 . 2011-09-29 05:09 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\7190f7e40c8095e13f45e40b1709671f\SMSvcHost.ni.exe
+ 2011-09-29 11:35 . 2011-09-29 11:35 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b028b6680f5a3b315320a5bf7b659518\SMDiagnostics.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b61b31d1f518e9663fc204e7de21215a\PresentationFramework.Aero.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a348b36756a7be813df69750717dd563\PresentationFramework.Luna.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9c37ac442a730e335146d5a82c52ed39\PresentationFramework.Royale.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7da6438d5b963b85283a2b793e60aadf\PresentationFramework.Classic.ni.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a26d5665e589bdc7f46544a94cf49338\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-09-29 05:09 . 2011-09-29 05:09 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\23c48b3a578d71fd90e8d8db8e7d6b37\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-29 05:02 . 2011-09-29 05:02 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\dcc2883f0bbf0909874059fe9768016b\CustomMarshalers.ni.dll
+ 2011-09-28 19:28 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2011-05-14 00:04 . 2011-05-14 00:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 00:04 . 2011-05-14 00:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2004-08-26 16:12 . 2011-06-02 14:02 1858944 c:\windows\system32\win32k.sys
+ 2004-08-26 16:12 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-26 16:12 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll
+ 2009-03-08 09:32 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll
- 2009-03-08 09:32 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
+ 2010-05-02 05:22 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-26 16:12 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-26 16:12 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll
- 2011-02-10 20:29 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-02-10 20:29 . 2011-06-23 18:36 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 5028200 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2011-03-23 02:01 . 2011-03-23 02:01 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 1142104 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-03-20 19:45 . 2011-03-20 19:45 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-29 05:03 . 2011-09-29 05:03 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-03-20 19:46 . 2011-03-20 19:46 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-03-25 13:03 . 2011-03-25 13:03 5079552 c:\windows\Installer\30403f.msp
+ 2011-09-29 04:51 . 2010-12-20 23:59 1210880 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 5961216 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-09-29 04:51 . 2010-12-20 23:59 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-03-20 19:45 . 2011-03-20 19:45 3481928 c:\windows\assembly\temp\O1G10E02HD\System.dll
+ 2011-03-20 19:46 . 2011-03-20 19:46 2207568 c:\windows\assembly\temp\G3LZLGSD91\System.XML.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3154b66d01dcd674b256e03d5f359fac\WindowsBase.ni.dll
+ 2011-09-29 11:40 . 2011-09-29 11:40 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\2b22ef03091f893f5b381514149a472b\UIAutomationClientsideProviders.ni.dll
+ 2011-09-29 05:04 . 2011-09-29 05:04 9085440 c:\windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll
+ 2011-09-29 04:56 . 2011-09-29 04:56 9060352 c:\windows\assembly\NativeImages_v4.0.30319_32\System\3e6310122b78fa46230e670128eb9956\System.ni.dll
+ 2011-09-29 05:06 . 2011-09-29 05:06 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\19f85a4f6faaeb87a9055ccf23a9f8b7\System.Xaml.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\de9ec945d6cdd90010c824320e8bc332\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 1859584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\3e5c07211446b947b1ecb6963946320a\System.Web.Services.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\11a89b103320d603c0bfa48179c3fe1d\System.Speech.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e492bb75168cc53d57c2dd5e32e9911c\System.ServiceModel.Activities.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b66a8b2c0b8c12540831b41c92bede12\System.ServiceModel.Discovery.ni.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ce480f313eb8be9a3a4dd6d7902325\System.Runtime.Serialization.ni.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\b9f7f5b0b28dd57cb5400c437c388545\System.Runtime.DurableInstancing.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\39c3d706f0fbc21443c7747f203b0b34\System.Printing.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\76d7e84f5dca7908b45edba58bd12f48\System.Management.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\02c1363d5beb2ae5c5722bc8f6c5b77a\System.IdentityModel.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll
+ 2011-09-29 11:35 . 2011-09-29 11:35 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\66c88143bc4b9f4a744b6d65e2c3629a\System.DirectoryServices.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\03ca38b342903b50623336b29aa507c9\System.Deployment.ni.dll
+ 2011-09-29 05:06 . 2011-09-29 05:06 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6e6f321459aa81611031cfb582e77cc6\System.Data.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\dcdaf1644fb3aabdbea894f05d55e1ba\System.Data.SqlXml.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\0e629bbc4ccd76e072189ccbc9d7903f\System.Data.Services.Client.ni.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\b11b842599889fe730da493d0c5e1857\System.Data.Linq.ni.dll
+ 2011-09-29 04:57 . 2011-09-29 04:57 7049216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\295e5058841ce043c8eb5a659e5ed291\System.Core.ni.dll
+ 2011-09-29 05:05 . 2011-09-29 05:05 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\0d4cdd1b911d6e28b4fd5c43ab39f7ea\System.Core.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\4d3a20f0598b5da0ebf9e505b51886b9\System.Activities.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\e4566f552e3bda84571e04a7e5d1c41f\System.Activities.Presentation.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\236373716dcb48f5687dd6997559a425\System.Activities.Core.Presentation.ni.dll
+ 2011-09-29 11:36 . 2011-09-29 11:36 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\48530a5ad6ec27254cde667e02d3f198\ReachFramework.ni.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\5dcab8576a5e02d7264bfeed28ce69b9\PresentationUI.ni.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e8c36043a5faedc93716717fc5bcdb05\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\b4879bc20d7a718dcb51f0419721e5e5\Microsoft.VisualBasic.ni.dll
+ 2011-09-29 05:10 . 2011-09-29 05:10 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\aff7d215dd130cd94c54784c2df60e95\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-09-29 05:09 . 2011-09-29 05:09 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\156733cb276aff562e0c39d8b4fde1c6\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\2f83c7b63b1443a26f40b9f66bec3e2a\Microsoft.JScript.ni.dll
+ 2011-09-29 05:06 . 2011-09-29 05:06 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\fcccb5e4d4bd338c678efcfa2b3e1058\Microsoft.CSharp.ni.dll
+ 2011-02-10 20:27 . 2011-09-16 14:38 47369160 c:\windows\system32\MRT.exe
+ 2009-03-08 09:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
+ 2011-02-10 20:29 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-09-29 05:08 . 2011-09-29 05:08 20333056 c:\windows\Installer\30404b.msp
+ 2011-04-13 15:37 . 2011-04-13 15:37 19201024 c:\windows\Installer\304037.msp
+ 2011-09-29 04:51 . 2010-12-21 10:29 11080704 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
+ 2011-09-29 05:07 . 2011-09-29 05:07 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll
+ 2011-09-29 11:39 . 2011-09-29 11:39 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dc31b22f78cb510bf470f0ab5ef65816\System.ServiceModel.ni.dll
+ 2011-09-29 11:38 . 2011-09-29 11:38 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\978e8514751373383f79c3fdd667aa2b\System.Data.Entity.ni.dll
+ 2011-09-29 05:05 . 2011-09-29 05:05 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2250ddb1626087da27fb00f46a679ff5\PresentationFramework.ni.dll
+ 2011-09-29 05:05 . 2011-09-29 05:05 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ca8307311e87b234b2faa5ee08332722\PresentationCore.ni.dll
+ 2011-09-29 04:56 . 2011-09-29 04:56 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-15 65536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
R?2 FreemakeUtilsService;Freemake Service;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [8/26/2011 2:20 PM 74240]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [5/2/2011 6:17 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [5/2/2011 6:17 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110920.001\BHDrvx86.sys [9/26/2011 6:11 PM 816760]
R1 NGS;Norman General Security Driver;c:\program files\Norman\nvc\bin\ngs.sys [5/3/2011 1:42 PM 25032]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [5/2/2011 6:17 PM 136312]
R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [4/3/2011 1:29 PM 1029480]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 6:16 PM 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [8/25/2011 9:30 AM 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [8/25/2011 9:30 AM 126392]
R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [4/3/2011 1:29 PM 1037672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2011 2:18 PM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110928.030\IDSXpx86.sys [9/28/2011 6:18 PM 356280]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [5/9/2011 12:17 PM 225856]
S?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S?2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2011 1:50 PM 136176]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2011 1:50 PM 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\33.tmp --> c:\windows\system32\33.tmp [?]
S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [4/3/2011 1:29 PM 128248]
S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [4/3/2011 1:29 PM 108800]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:50]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:50]
.
2011-09-29 c:\windows\Tasks\NUSchedule.job
- c:\program files\Norton Utilities 15\nu.exe [2011-04-03 06:23]
.
2011-09-29 c:\windows\Tasks\strvm.job
- c:\windows\system32\mstext40H.dll [2011-04-01 19:03]
.
2011-09-29 c:\windows\Tasks\User_Feed_Synchronization-{8C583C3F-9553-4E6C-977F-A39374FB4BAD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 213.109.65.90 213.109.73.246 1.1.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hx1qwkps.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-29 09:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\33.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\windows\system32\imapi.exe
c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
.
**************************************************************************
.
Completion time: 2011-09-29 09:17:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-29 13:17
ComboFix2.txt 2011-09-29 04:06
.
Pre-Run: 112,169,508,864 bytes free
Post-Run: 112,173,047,808 bytes free
.
- - End Of File - - 325095EE8AF4B2286F967819CA7C0ACB
sorry about the 3 parts .. be back on monday
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-15 65536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
R?2 FreemakeUtilsService;Freemake Service;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [8/26/2011 2:20 PM 74240]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [5/2/2011 6:17 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [5/2/2011 6:17 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110920.001\BHDrvx86.sys [9/26/2011 6:11 PM 816760]
R1 NGS;Norman General Security Driver;c:\program files\Norman\nvc\bin\ngs.sys [5/3/2011 1:42 PM 25032]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [5/2/2011 6:17 PM 136312]
R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [4/3/2011 1:29 PM 1029480]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 6:16 PM 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [8/25/2011 9:30 AM 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [8/25/2011 9:30 AM 126392]
R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [4/3/2011 1:29 PM 1037672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2011 2:18 PM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110928.030\IDSXpx86.sys [9/28/2011 6:18 PM 356280]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [5/9/2011 12:17 PM 225856]
S?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S?2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2011 1:50 PM 136176]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2011 1:50 PM 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\33.tmp --> c:\windows\system32\33.tmp [?]
S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [4/3/2011 1:29 PM 128248]
S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [4/3/2011 1:29 PM 108800]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:50]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:50]
.
2011-09-29 c:\windows\Tasks\NUSchedule.job
- c:\program files\Norton Utilities 15\nu.exe [2011-04-03 06:23]
.
2011-09-29 c:\windows\Tasks\strvm.job
- c:\windows\system32\mstext40H.dll [2011-04-01 19:03]
.
2011-09-29 c:\windows\Tasks\User_Feed_Synchronization-{8C583C3F-9553-4E6C-977F-A39374FB4BAD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 213.109.65.90 213.109.73.246 1.1.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hx1qwkps.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-29 09:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\33.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\windows\system32\imapi.exe
c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
.
**************************************************************************
.
Completion time: 2011-09-29 09:17:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-29 13:17
ComboFix2.txt 2011-09-29 04:06
.
Pre-Run: 112,169,508,864 bytes free
Post-Run: 112,173,047,808 bytes free
.
- - End Of File - - 325095EE8AF4B2286F967819CA7C0ACB
sorry about the 3 parts .. be back on monday
Latest posts
-
Generative AI could soon decimate the call center industry, says CEO- pcnthuziast replied
