Another Google redirect problem

Vince21 · 13-Jun-2010, 07:34 PM #1

Recently I started getting redirected to random sites when I click on search result links in Google. It doesn't happen every time. Also, occasionally a new tab will open on its own and a random site will load. This is while using Firefox.

I'm not sure if this is related, but I also noticed that not all of my hard drives are showing up in disk management.

I've tried various virus/malware programs, but haven't had any luck solving the problem.

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:33 PM, on 6/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\EzBackup\EZ-Backup Manager\ezbackupmanager.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\EzBackup\EZ-Backup Manager\EzBackup.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Vince V\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EzBackup Manager] C:\Program Files\EzBackup\EZ-Backup Manager\ezbackupmanager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Yloxiz] rundll32.exe "C:\WINDOWS\eceyibew.dll",Startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166838241621
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD3ACDA6-AEC0-41FC-94C7-BB0FA1EDB460}: NameServer = 24.92.226.9,24.92.226.102
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EZ-Backup Manager - Unknown owner - C:\Program Files\EzBackup\EZ-Backup Manager\EzBackup.exe
O23 - Service: Google Update Service (gupdate1c9b07ddd78ad26) (gupdate1c9b07ddd78ad26) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 10965 bytes

Thanks in advance for your help!

Vince21 · 14-Jun-2010, 10:00 PM #2

bump

Another problem I didn't mention is that I can't even post to these forums from the infected PC. I have to use my laptop.

**dvk01** · 15-Jun-2010, 08:40 AM #3

Run tdss killer from http://support.kaspersky.com/viruses...?qid=208280684

post back with its log and we can go from there

Vince21 · 15-Jun-2010, 07:39 PM #4

Here is the tdss killer log. I did not reboot after running the scan.

18:37:39:140 0620 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
18:37:39:140 0620 =========================================================================== =====
18:37:39:140 0620 SystemInfo:

18:37:39:140 0620 OS Version: 5.1.2600 ServicePack: 3.0
18:37:39:140 0620 Product type: Workstation
18:37:39:140 0620 ComputerName: VINCE
18:37:39:140 0620 UserName: Vince V
18:37:39:140 0620 Windows directory: C:\WINDOWS
18:37:39:140 0620 Processor architecture: Intel x86
18:37:39:140 0620 Number of processors: 2
18:37:39:140 0620 Page size: 0x1000
18:37:39:140 0620 Boot type: Normal boot
18:37:39:140 0620 =========================================================================== =====
18:37:39:359 0620 Initialize success
18:37:39:359 0620
18:37:39:359 0620 Scanning Services ...
18:37:39:718 0620 Raw services enum returned 365 services
18:37:39:734 0620
18:37:39:734 0620 Scanning Drivers ...
18:37:40:390 0620 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:37:40:421 0620 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:37:40:453 0620 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:37:40:500 0620 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:37:40:546 0620 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
18:37:40:625 0620 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:37:40:671 0620 AsIO (19a1dac5bc607c212e8a94c05886ed52) C:\WINDOWS\system32\drivers\AsIO.sys
18:37:40:703 0620 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:37:40:718 0620 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:37:40:734 0620 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:37:40:781 0620 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:37:40:843 0620 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\WINDOWS\system32\Drivers\avgldx86.sys
18:37:40:890 0620 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
18:37:40:906 0620 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) C:\WINDOWS\system32\Drivers\avgtdix.sys
18:37:41:015 0620 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:37:41:062 0620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:37:41:093 0620 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:37:41:125 0620 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:37:41:187 0620 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
18:37:41:250 0620 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:37:41:328 0620 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
18:37:41:406 0620 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:37:41:531 0620 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:37:41:593 0620 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:37:41:625 0620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:37:41:671 0620 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:37:41:703 0620 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:37:41:734 0620 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
18:37:41:781 0620 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
18:37:41:812 0620 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:37:41:828 0620 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:37:41:859 0620 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:37:41:890 0620 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:37:41:921 0620 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:37:41:937 0620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:37:41:953 0620 Ftdisk (6eabb19abea0dd182819b40b5d651be2) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:37:41:953 0620 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: 6eabb19abea0dd182819b40b5d651be2, Fake md5: 6ac26732762483366c3969c9e4d2259d
18:37:41:953 0620 File "C:\WINDOWS\system32\DRIVERS\ftdisk.sys" infected by TDSS rootkit ... 18:37:44:218 0620 Backup copy found, using it..
18:37:44:234 0620 will be cured on next reboot
18:37:44:328 0620 fwdrv (1ff2eef447a177df2c544b80f8f7f879) C:\WINDOWS\system32\drivers\fwdrv.sys
18:37:44:359 0620 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:37:44:406 0620 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:37:44:453 0620 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:37:44:484 0620 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:37:44:593 0620 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:37:44:656 0620 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:37:44:703 0620 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:37:44:765 0620 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:37:44:796 0620 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:37:44:843 0620 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:37:44:984 0620 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:37:45:140 0620 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:37:45:187 0620 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:37:45:234 0620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:37:45:265 0620 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:37:45:312 0620 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:37:45:343 0620 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:37:45:375 0620 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:37:45:406 0620 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:37:45:453 0620 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
18:37:45:484 0620 JRAID (b90bc78c29108f7edf86aef4642a0382) C:\WINDOWS\system32\DRIVERS\jraid.sys
18:37:45:515 0620 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:37:45:546 0620 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:37:45:593 0620 khips (304ce9fb3d64caa07b940bef4f8c2dcd) C:\WINDOWS\system32\drivers\khips.sys
18:37:45:640 0620 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
18:37:45:687 0620 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:37:45:734 0620 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:37:45:781 0620 L8042mou (70674a18915b0125c54d49a3cef7e7ea) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
18:37:45:843 0620 LHidKe (daf45f0a91a508e24f0df886618e2a80) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
18:37:45:859 0620 LMouKE (695cad01ccdac6f8ddb80375ea80e4a6) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
18:37:45:921 0620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:37:45:953 0620 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:37:45:984 0620 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:37:46:000 0620 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:37:46:031 0620 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:37:46:078 0620 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:37:46:140 0620 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:37:46:171 0620 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:37:46:187 0620 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:37:46:234 0620 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:37:46:281 0620 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:37:46:312 0620 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:37:46:359 0620 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:37:46:390 0620 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
18:37:46:406 0620 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:37:46:437 0620 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:37:46:468 0620 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:37:46:500 0620 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:37:46:515 0620 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
18:37:46:531 0620 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:37:46:562 0620 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:37:46:593 0620 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:37:46:640 0620 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
18:37:46:703 0620 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
18:37:46:734 0620 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:37:46:796 0620 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
18:37:46:921 0620 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:37:46:968 0620 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:37:47:203 0620 nv (406ddab2b05d94d4818e97ff050d1bc6) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:37:47:421 0620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:37:47:437 0620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:37:47:453 0620 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:37:47:500 0620 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
18:37:47:562 0620 P17 (9a1c06e3888891757913ef08cb9f8a81) C:\WINDOWS\system32\drivers\P17.sys
18:37:47:625 0620 p17filt (71ddb3a663ddce1651cfe35993fb1c31) C:\WINDOWS\system32\drivers\p17filt.sys
18:37:47:734 0620 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:37:47:750 0620 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:37:47:765 0620 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:37:47:765 0620 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:37:47:828 0620 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:37:47:859 0620 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:37:47:906 0620 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
18:37:48:062 0620 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:37:48:093 0620 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:37:48:109 0620 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:37:48:125 0620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:37:48:171 0620 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:37:48:265 0620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:37:48:281 0620 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:37:48:312 0620 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:37:48:328 0620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:37:48:375 0620 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:37:48:390 0620 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:37:48:406 0620 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:37:48:453 0620 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:37:48:484 0620 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:37:48:546 0620 RTLWUSB (05552e37b5c0b53b7e4b95a850447e85) C:\WINDOWS\system32\DRIVERS\RTL8187.sys
18:37:48:593 0620 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:37:48:625 0620 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:37:48:656 0620 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:37:48:718 0620 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:37:48:765 0620 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:37:48:843 0620 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:37:48:859 0620 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:37:48:937 0620 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
18:37:48:968 0620 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:37:49:000 0620 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:37:49:062 0620 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:37:49:078 0620 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:37:49:125 0620 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:37:49:156 0620 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:37:49:203 0620 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:37:49:234 0620 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:37:49:578 0620 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:37:49:656 0620 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:37:50:078 0620 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:37:50:218 0620 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:37:50:359 0620 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:37:50:421 0620 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:37:50:437 0620 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:37:50:468 0620 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:37:50:468 0620 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:37:50:500 0620 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:37:50:500 0620 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:37:50:546 0620 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
18:37:50:578 0620 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:37:50:625 0620 WmBEnum (1abfd1399436e81c9d857f5fc76eaf98) C:\WINDOWS\system32\drivers\WmBEnum.sys
18:37:50:656 0620 WmFilter (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\WINDOWS\system32\drivers\WmFilter.sys
18:37:50:671 0620 WmVirHid (a40d2dd0f019423ef6c363f1295eb38d) C:\WINDOWS\system32\drivers\WmVirHid.sys
18:37:50:687 0620 WmXlCore (2bf505424f469155cd90d7b3301d7adc) C:\WINDOWS\system32\drivers\WmXlCore.sys
18:37:50:734 0620 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:37:50:734 0620 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:37:50:796 0620 yukonwxp (7d1def979b4e536e12882ee84f7c719a) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
18:37:50:796 0620 Reboot required for cure complete..
18:37:51:203 0620 Cure on reboot scheduled successfully
18:37:51:203 0620
18:37:51:203 0620 Completed
18:37:51:203 0620
18:37:51:203 0620 Results:
18:37:51:203 0620 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:37:51:203 0620 File objects infected / cured / cured on reboot: 1 / 0 / 1
18:37:51:203 0620
18:37:51:218 0620 KLMD(ARK) unloaded successfully

**dvk01** · 16-Jun-2010, 04:17 AM #5

you need to reboot & then

Delete any existing version of ComboFix you have sitting on your desktop

Please read and follow all these instructions very carefully

Download ComboFix from Here to your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again after combofix has finished

--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running

Double click on combofix.exe & follow the prompts.

If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Vince21 · 16-Jun-2010, 07:29 PM #6

combofix log:

ComboFix 10-06-16.02 - Vince V 06/16/2010 18:18:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1464 [GMT -4:00]
Running from: c:\documents and settings\Vince V\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Vince V\Application Data\chrtmp
c:\documents and settings\Vince V\Application Data\inst.exe
c:\documents and settings\Vince V\Local Settings\Application Data\{94DBD8C9-EF19-42EC-88C7-5379A9F5D2EA}
c:\documents and settings\Vince V\Local Settings\Application Data\{94DBD8C9-EF19-42EC-88C7-5379A9F5D2EA}\chrome.manifest
c:\documents and settings\Vince V\Local Settings\Application Data\{94DBD8C9-EF19-42EC-88C7-5379A9F5D2EA}\chrome\content\_cfg.js
c:\documents and settings\Vince V\Local Settings\Application Data\{94DBD8C9-EF19-42EC-88C7-5379A9F5D2EA}\chrome\content\overlay.xul
c:\documents and settings\Vince V\Local Settings\Application Data\{94DBD8C9-EF19-42EC-88C7-5379A9F5D2EA}\install.rdf
c:\documents and settings\Vince V\System
c:\documents and settings\Vince V\System\win_qs8.jqx
c:\windows\system32\Data

.
((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))
.

2010-06-13 21:36 . 2010-06-13 21:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-10 22:49 . 2010-06-10 22:49 503808 ----a-w- c:\documents and settings\Vince V\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-708cc835-n\msvcp71.dll
2010-06-10 22:49 . 2010-06-10 22:49 499712 ----a-w- c:\documents and settings\Vince V\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-708cc835-n\jmc.dll
2010-06-10 22:49 . 2010-06-10 22:49 348160 ----a-w- c:\documents and settings\Vince V\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-708cc835-n\msvcr71.dll
2010-06-10 22:49 . 2010-06-10 22:49 61440 ----a-w- c:\documents and settings\Vince V\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-434ed74e-n\decora-sse.dll
2010-06-10 22:49 . 2010-06-10 22:49 12800 ----a-w- c:\documents and settings\Vince V\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-434ed74e-n\decora-d3d.dll
2010-06-10 22:49 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-06 16:27 . 2010-06-06 16:27 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-06 16:27 . 2010-06-06 16:27 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-06 16:27 . 2010-06-06 16:27 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-06 16:27 . 2010-06-06 16:27 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-06 16:27 . 2010-06-06 16:27 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-06 16:27 . 2010-06-06 16:27 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-06 16:27 . 2010-06-06 16:27 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-06 16:27 . 2010-06-06 16:27 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-06 16:25 . 2010-06-06 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-06 15:27 . 2010-06-14 23:29 120 ----a-w- c:\windows\Bpigesonocesof.dat
2010-06-06 15:27 . 2010-06-14 21:12 0 ----a-w- c:\windows\Ojayum.bin
2010-06-03 21:51 . 2010-06-03 21:51 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 21:41 . 2002-06-25 19:06 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2010-06-16 00:21 . 2009-02-26 23:14 371776 ----a-w- c:\documents and settings\Vince V\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-06-16 00:21 . 2009-02-26 23:14 187456 ----a-w- c:\documents and settings\Vince V\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-06-15 23:24 . 2009-02-25 21:54 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-15 23:23 . 2009-02-25 21:54 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-15 23:23 . 2009-02-26 23:14 887448 ----a-w- c:\documents and settings\Vince V\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-06-15 23:23 . 2009-02-26 23:14 57344 ----a-w- c:\documents and settings\Vince V\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-06-15 23:23 . 2009-02-26 23:14 2436160 ----a-w- c:\documents and settings\Vince V\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-06-13 21:27 . 2009-03-29 18:27 1 ----a-w- c:\documents and settings\Vince V\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-10 23:22 . 2007-02-10 19:07 -------- d-----w- c:\program files\Google
2010-06-10 23:17 . 2007-03-08 01:28 -------- d-----w- c:\program files\Elaborate Bytes
2010-06-10 23:13 . 2010-03-13 17:23 -------- d-----w- c:\program files\Cheat Engine
2010-06-10 22:49 . 2006-12-22 18:56 -------- d-----w- c:\program files\Common Files\Java
2010-06-10 22:49 . 2006-12-22 18:57 -------- d-----w- c:\program files\Java
2010-06-10 21:49 . 2009-12-31 22:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-09 23:04 . 2007-01-15 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-07 22:26 . 2009-12-24 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 17:18 . 2007-01-20 15:45 -------- d-----w- c:\documents and settings\Vince V\Application Data\uTorrent
2010-06-06 16:29 . 2007-03-11 20:07 -------- d-----w- c:\program files\CCleaner
2010-06-05 00:50 . 2008-10-08 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-05 00:49 . 2010-02-14 17:07 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 21:32 . 2008-10-11 13:05 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 21:32 . 2006-12-23 04:04 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-19 21:11 . 2007-01-20 15:45 -------- d-----w- c:\program files\uTorrent
2010-04-29 19:39 . 2009-12-24 15:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-12-24 15:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 23:48 . 2009-02-25 21:54 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-04-27 23:48 . 2010-04-27 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2010-04-27 18:40 . 2007-01-26 22:21 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2007-01-20 21:09 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-04-27 18:40 . 2007-01-20 21:09 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2007-01-20 21:09 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-13 17:10 . 2010-04-13 17:10 629824 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
2010-04-13 17:03 . 2010-04-13 17:03 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
2010-04-03 18:09 . 2009-02-26 23:14 461888 ----a-w- c:\documents and settings\Vince V\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-03-22 02:25 . 2010-02-13 03:49 2512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-06-16_22.05.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-16 22:13 . 2010-06-16 22:13 16384 c:\windows\Temp\Perflib_Perfdata_d20.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Aim6"="" [BU]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="c:\windows\System32\JMRaidTool.exe" [2006-06-29 352256]
"Ai Quicker Help"="c:\program files\ASUS\ASUS DH Remote\AsRc.exe" [2006-07-19 3167744]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"EzBackup Manager"="c:\program files\EzBackup\EZ-Backup Manager\ezbackupmanager.exe" [2006-05-08 1901568]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 28160]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"P17Helper"="P17.dll" [2006-03-17 81408]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTXFIREG"="CTxfiReg.exe" [BU]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"nwiz"="nwiz.exe" [2009-05-01 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Yloxiz"="c:\windows\eceyibew.dll" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-7-19 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 15:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawser vice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/11/2008 9:05 AM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/11/2008 9:05 AM 242896]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [7/18/2006 1:02 PM 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [7/18/2006 1:02 PM 91672]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/13/2010 11:35 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/13/2010 11:35 AM 308064]
R3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [3/20/2006 7:34 PM 1452032]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [12/22/2006 9:10 PM 176128]
S2 EZ-Backup Manager;EZ-Backup Manager;c:\program files\EzBackup\EZ-Backup Manager\EzBackup.exe [12/23/2006 10:45 AM 1123840]
S2 gupdate1c9b07ddd78ad26;Google Update Service (gupdate1c9b07ddd78ad26);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2009 10:51 AM 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 14:51]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 14:51]

2010-06-16 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 02:18]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: {CD3ACDA6-AEC0-41FC-94C7-BB0FA1EDB460} = 24.92.226.9,24.92.226.102
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Vince V\Application Data\Mozilla\Firefox\Profiles\3285pk1g.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-16 18:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(592)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-16 18:26:35
ComboFix-quarantined-files.txt 2010-06-16 22:26

Pre-Run: 58,777,833,472 bytes free
Post-Run: 58,756,939,776 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 267154C3DD266AB0D21406FC9D11A496

**dvk01** · 17-Jun-2010, 03:29 AM #7

first you MUST disable spybot teatimer as shown here http://russelltexas.com/malware/teatimer.htm or uninstall spybot which as usual is blocking the fixes

then

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .

Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

Vince21 · 17-Jun-2010, 06:40 PM #8

ComboFix 10-06-17.02 - Vince V 06/17/2010 17:31:30.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1382 [GMT -4:00]
Running from: c:\documents and settings\Vince V\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Vince V\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}

FILE ::
"c:\windows\Bpigesonocesof.dat"
"c:\windows\Ojayum.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Bpigesonocesof.dat
c:\windows\Ojayum.bin
c:\windows\system32\win.com

.
((((((((((((((((((((((((( Files Created from 2010-05-17 to 2010-06-17 )))))))))))))))))))))))))))))))
.

2010-06-13 21:36 . 2010-06-13 21:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-10 22:49 . 2010-06-10 22:49 503808 ----a-w- c:\documents and settings\Vince V\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-708cc835-n\msvcp71.dll
2010-06-10 22:49 . 2010-06-10 22:49 499712 ----a-w- c:\documents and settings\Vince V\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-708cc835-n\jmc.dll
2010-06-10 22:49 . 2010-06-10 22:49 348160 ----a-w- c:\documents and settings\Vince V\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-708cc835-n\msvcr71.dll
2010-06-10 22:49 . 2010-06-10 22:49 61440 ----a-w- c:\documents and settings\Vince V\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-434ed74e-n\decora-sse.dll
2010-06-10 22:49 . 2010-06-10 22:49 12800 ----a-w- c:\documents and settings\Vince V\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-434ed74e-n\decora-d3d.dll
2010-06-10 22:49 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-06 16:27 . 2010-06-06 16:27 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-06 16:27 . 2010-06-06 16:27 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-06 16:27 . 2010-06-06 16:27 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-06 16:27 . 2010-06-06 16:27 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-06 16:27 . 2010-06-06 16:27 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-06 16:27 . 2010-06-06 16:27 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-06 16:27 . 2010-06-06 16:27 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-06 16:27 . 2010-06-06 16:27 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-06 16:25 . 2010-06-06 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-03 21:51 . 2010-06-03 21:51 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-17 21:18 . 2007-01-15 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-17 00:36 . 2009-02-26 23:14 371776 ----a-w- c:\documents and settings\Vince V\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-06-17 00:36 . 2009-02-26 23:14 187456 ----a-w- c:\documents and settings\Vince V\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-06-17 00:05 . 2009-02-25 21:54 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-17 00:05 . 2009-02-25 21:54 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-17 00:05 . 2009-02-26 23:14 887448 ----a-w- c:\documents and settings\Vince V\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-06-17 00:05 . 2009-02-26 23:14 57344 ----a-w- c:\documents and settings\Vince V\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-06-17 00:05 . 2009-02-26 23:14 2436160 ----a-w- c:\documents and settings\Vince V\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-06-16 21:41 . 2002-06-25 19:06 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2010-06-13 21:27 . 2009-03-29 18:27 1 ----a-w- c:\documents and settings\Vince V\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-10 23:22 . 2007-02-10 19:07 -------- d-----w- c:\program files\Google
2010-06-10 23:17 . 2007-03-08 01:28 -------- d-----w- c:\program files\Elaborate Bytes
2010-06-10 23:13 . 2010-03-13 17:23 -------- d-----w- c:\program files\Cheat Engine
2010-06-10 22:49 . 2006-12-22 18:56 -------- d-----w- c:\program files\Common Files\Java
2010-06-10 22:49 . 2006-12-22 18:57 -------- d-----w- c:\program files\Java
2010-06-10 21:49 . 2009-12-31 22:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-07 22:26 . 2009-12-24 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 17:18 . 2007-01-20 15:45 -------- d-----w- c:\documents and settings\Vince V\Application Data\uTorrent
2010-06-06 16:29 . 2007-03-11 20:07 -------- d-----w- c:\program files\CCleaner
2010-06-05 00:50 . 2008-10-08 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-05 00:49 . 2010-02-14 17:07 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 21:32 . 2008-10-11 13:05 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 21:32 . 2006-12-23 04:04 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-19 21:11 . 2007-01-20 15:45 -------- d-----w- c:\program files\uTorrent
2010-05-04 17:20 . 2004-01-08 20:23 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2002-06-25 19:03 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2002-06-25 19:32 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2009-12-24 15:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-12-24 15:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 23:48 . 2009-02-25 21:54 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-04-27 23:48 . 2010-04-27 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2010-04-27 18:40 . 2007-01-26 22:21 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2007-01-20 21:09 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-04-27 18:40 . 2007-01-20 21:09 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2007-01-20 21:09 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-20 05:30 . 2002-06-25 18:59 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-13 17:10 . 2010-04-13 17:10 629824 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
2010-04-13 17:03 . 2010-04-13 17:03 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
2010-04-03 18:09 . 2009-02-26 23:14 461888 ----a-w- c:\documents and settings\Vince V\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-16_22.05.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-17 21:24 . 2010-06-17 21:24 16384 c:\windows\Temp\Perflib_Perfdata_d30.dat
+ 2006-12-23 15:27 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2006-12-23 15:27 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
+ 2003-08-15 18:31 . 2010-05-04 17:20 44544 c:\windows\system32\pngfilt.dll
- 2003-08-15 18:31 . 2010-03-11 12:38 44544 c:\windows\system32\pngfilt.dll
+ 2002-06-25 19:21 . 2010-06-17 02:32 78566 c:\windows\system32\perfc009.dat
- 2002-06-25 19:21 . 2010-03-16 21:00 78566 c:\windows\system32\perfc009.dat
+ 2009-11-06 02:17 . 2009-11-06 02:17 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2006-11-08 02:03 . 2010-03-11 12:38 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2010-05-04 17:20 52224 c:\windows\system32\msfeedsbs.dll
- 2002-06-25 19:09 . 2010-03-11 12:38 27648 c:\windows\system32\jsproxy.dll
+ 2002-06-25 19:09 . 2010-05-04 17:20 27648 c:\windows\system32\jsproxy.dll
+ 2006-11-07 08:26 . 2010-05-04 12:39 13824 c:\windows\system32\ieudinit.exe
- 2006-11-07 08:26 . 2010-03-10 13:18 13824 c:\windows\system32\ieudinit.exe
+ 2002-06-25 19:08 . 2010-05-04 17:20 44544 c:\windows\system32\iernonce.dll
- 2002-06-25 19:08 . 2010-03-11 12:38 44544 c:\windows\system32\iernonce.dll
- 2002-06-25 19:08 . 2010-03-10 13:18 70656 c:\windows\system32\ie4uinit.exe
+ 2002-06-25 19:08 . 2010-05-04 12:39 70656 c:\windows\system32\ie4uinit.exe
- 2006-10-17 16:58 . 2010-03-11 12:38 63488 c:\windows\system32\icardie.dll
+ 2006-10-17 16:58 . 2010-05-04 17:20 63488 c:\windows\system32\icardie.dll
+ 2006-10-17 16:58 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2006-10-17 16:58 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-05-09 20:42 . 2010-03-11 12:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 20:42 . 2010-05-04 17:20 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-11-08 02:03 . 2010-05-04 17:20 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2006-11-08 02:03 . 2010-03-11 12:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-05-09 20:42 . 2010-05-04 12:39 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-05-09 20:42 . 2010-03-10 13:18 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2006-11-07 08:26 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\iernonce.dll
- 2006-11-07 08:26 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2010-05-04 17:20 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 18:09 . 2010-03-11 12:38 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2006-11-07 08:26 . 2010-05-04 12:39 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-11-07 08:26 . 2010-03-10 13:18 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-20 10:04 . 2010-03-11 12:38 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-20 10:04 . 2010-05-04 17:20 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-06-29 16:12 . 2010-03-11 12:38 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 17408 c:\windows\system32\dllcache\corpol.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2002-06-25 18:59 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-29 23:16 . 2008-07-29 23:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-04-01 15:42 . 2010-04-01 15:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 19:32 . 2010-03-31 19:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 00:19 . 2003-02-21 00:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-03-31 19:32 . 2010-03-31 19:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-04-14 02:02 . 2010-04-14 02:02 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2010-06-17 02:35 . 2010-06-17 02:35 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2007-11-22 15:53 . 2010-06-17 02:37 40960 c:\windows\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
- 2007-11-22 15:53 . 2010-02-17 03:31 40960 c:\windows\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
+ 2010-06-17 02:28 . 2010-03-11 12:38 44544 c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 52224 c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 27648 c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
+ 2010-06-17 02:28 . 2010-03-10 13:18 13824 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
+ 2010-06-17 02:28 . 2010-03-11 12:38 44544 c:\windows\ie7updates\KB982381-IE7\iernonce.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 78336 c:\windows\ie7updates\KB982381-IE7\ieencode.dll
+ 2010-06-17 02:28 . 2010-03-10 13:18 70656 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
+ 2010-06-17 02:28 . 2010-03-11 12:38 63488 c:\windows\ie7updates\KB982381-IE7\icardie.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 17408 c:\windows\ie7updates\KB982381-IE7\corpol.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000. 0__b03f5f7f11d50a3a_7c18d3a2\System.Drawing.Design.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b0 3f5f7f11d50a3a_1b320dde\CustomMarshalers.dll
+ 2010-06-17 02:33 . 2010-06-17 02:33 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e679926 26a30603458b0df22841c2423\PresentationFontCache.ni.exe
+ 2010-06-17 02:32 . 2010-06-17 02:32 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d7 44e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7 f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7 f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-24 02:16 . 2009-08-24 02:16 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c 561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c 561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3 a\System.Drawing.Design.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3 a\System.Drawing.Design.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f 11d50a3a\System.Configuration.Install.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f 11d50a3a\System.Configuration.Install.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Micros oft.Vsa.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Micros oft.Vsa.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03 f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03 f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d 50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d 50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Utilities.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Framework.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Framework.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd. dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd. dll
- 2009-10-14 21:41 . 2009-10-14 21:41 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Access ibility.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Access ibility.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrappe r.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrappe r.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\Custo mMarshalers.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\Custo mMarshalers.dll
+ 2010-06-17 02:36 . 2010-06-17 02:36 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System .Security.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Micr osoft_VsaVb.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Micr osoft_VsaVb.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.VisualC.Dll
- 2009-10-14 21:41 . 2009-10-14 21:41 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.VisualC.Dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecR emote.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecR emote.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2002-06-25 19:32 . 2010-03-11 12:38 233472 c:\windows\system32\webcheck.dll
+ 2002-06-25 19:32 . 2010-05-04 17:20 233472 c:\windows\system32\webcheck.dll
- 2002-03-05 23:15 . 2010-03-11 12:38 105984 c:\windows\system32\url.dll
+ 2002-03-05 23:15 . 2010-05-04 17:20 105984 c:\windows\system32\url.dll
+ 2002-06-25 19:21 . 2010-06-17 02:32 466282 c:\windows\system32\perfh009.dat
- 2002-06-25 19:21 . 2010-03-16 21:00 466282 c:\windows\system32\perfh009.dat
- 2002-06-25 19:20 . 2010-03-11 12:38 102912 c:\windows\system32\occache.dll
+ 2002-06-25 19:20 . 2010-05-04 17:20 102912 c:\windows\system32\occache.dll
+ 2002-06-25 19:16 . 2010-05-04 17:20 671232 c:\windows\system32\mstime.dll
- 2002-06-25 19:16 . 2010-03-11 12:38 671232 c:\windows\system32\mstime.dll
+ 2002-06-25 19:16 . 2010-05-04 17:20 193024 c:\windows\system32\msrating.dll
- 2002-06-25 19:16 . 2010-03-11 12:38 193024 c:\windows\system32\msrating.dll
- 2002-06-25 19:15 . 2010-03-11 12:38 477696 c:\windows\system32\mshtmled.dll
+ 2002-06-25 19:15 . 2010-05-04 17:20 477696 c:\windows\system32\mshtmled.dll
+ 2006-11-08 02:03 . 2010-05-04 17:20 459264 c:\windows\system32\msfeeds.dll
- 2006-11-08 02:03 . 2010-03-11 12:38 459264 c:\windows\system32\msfeeds.dll
+ 2006-10-17 16:57 . 2010-05-04 17:20 268288 c:\windows\system32\iertutil.dll
- 2006-10-17 16:57 . 2010-03-11 12:38 268288 c:\windows\system32\iertutil.dll
- 2002-06-25 19:08 . 2010-03-11 12:38 192512 c:\windows\system32\iepeers.dll
+ 2002-06-25 19:08 . 2010-05-04 17:20 192512 c:\windows\system32\iepeers.dll
+ 2002-06-25 19:08 . 2010-05-04 17:20 385024 c:\windows\system32\iedkcs32.dll
- 2002-06-25 19:08 . 2010-03-11 12:38 385024 c:\windows\system32\iedkcs32.dll
- 2006-10-17 16:27 . 2010-03-11 12:38 380928 c:\windows\system32\ieapfltr.dll
+ 2006-10-17 16:27 . 2010-05-04 17:20 380928 c:\windows\system32\ieapfltr.dll
+ 2002-06-25 19:08 . 2010-04-16 11:43 161792 c:\windows\system32\ieakui.dll
- 2002-06-25 19:08 . 2010-02-23 05:18 161792 c:\windows\system32\ieakui.dll
+ 2002-06-25 19:08 . 2010-05-04 17:20 230400 c:\windows\system32\ieaksie.dll
- 2002-06-25 19:08 . 2010-03-11 12:38 230400 c:\windows\system32\ieaksie.dll
- 2002-06-25 19:08 . 2010-03-11 12:38 153088 c:\windows\system32\ieakeng.dll
+ 2002-06-25 19:08 . 2010-05-04 17:20 153088 c:\windows\system32\ieakeng.dll
- 2006-12-22 19:39 . 2009-11-11 17:25 150792 c:\windows\system32\FNTCACHE.DAT
+ 2006-12-22 19:39 . 2010-06-17 21:09 150792 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 07:56 . 2010-03-11 12:38 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 07:56 . 2010-05-04 17:20 133120 c:\windows\system32\extmgr.dll
- 2002-06-25 19:05 . 2010-03-11 12:38 214528 c:\windows\system32\dxtrans.dll
+ 2002-06-25 19:05 . 2010-05-04 17:20 214528 c:\windows\system32\dxtrans.dll
+ 2002-06-25 19:05 . 2010-05-04 17:20 347136 c:\windows\system32\dxtmsft.dll
- 2002-06-25 19:05 . 2010-03-11 12:38 347136 c:\windows\system32\dxtmsft.dll
+ 2006-11-08 02:03 . 2010-05-04 17:20 832512 c:\windows\system32\dllcache\wininet.dll
- 2006-11-08 02:03 . 2010-03-11 12:38 832512 c:\windows\system32\dllcache\wininet.dll
+ 2006-11-08 02:03 . 2010-05-04 17:20 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-11-08 02:03 . 2010-03-11 12:38 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-10-17 17:05 . 2010-03-11 12:38 105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 17:05 . 2010-05-04 17:20 105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 17:04 . 2010-05-04 17:20 102912 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 17:04 . 2010-03-11 12:38 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-11-08 02:03 . 2010-05-04 17:20 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-11-08 02:03 . 2010-03-11 12:38 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-10-17 17:05 . 2010-03-11 12:38 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-10-17 17:05 . 2010-05-04 17:20 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-11-08 02:03 . 2010-03-11 12:38 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-11-08 02:03 . 2010-05-04 17:20 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-09 20:42 . 2010-03-11 12:38 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-09 20:42 . 2010-05-04 17:20 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2006-10-17 17:04 . 2010-04-16 11:43 634656 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-09 20:42 . 2010-05-04 17:20 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-05-09 20:42 . 2010-03-11 12:38 268288 c:\windows\system32\dllcache\iertutil.dll
- 2006-11-08 02:03 . 2010-03-11 12:38 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2006-11-08 02:03 . 2010-05-04 17:20 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2006-11-07 08:27 . 2010-05-04 17:20 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 08:27 . 2010-03-11 12:38 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-05-09 20:42 . 2010-03-11 12:38 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-05-09 20:42 . 2010-05-04 17:20 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2002-06-25 19:08 . 2010-02-23 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2002-06-25 19:08 . 2010-04-16 11:43 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 08:27 . 2010-05-04 17:20 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-11-07 08:27 . 2010-03-11 12:38 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 08:26 . 2010-05-04 17:20 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-11-07 08:26 . 2010-03-11 12:38 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-11-08 02:03 . 2010-03-11 12:38 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-11-08 02:03 . 2010-05-04 17:20 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-10-17 16:57 . 2010-03-11 12:38 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-10-17 16:57 . 2010-05-04 17:20 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-10-17 16:58 . 2010-03-11 12:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-10-17 16:58 . 2010-05-04 17:20 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2010-04-20 05:30 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
- 2006-11-07 08:26 . 2010-03-11 12:38 124928 c:\windows\system32\dllcache\advpack.dll
+ 2006-11-07 08:26 . 2010-05-04 17:20 124928 c:\windows\system32\dllcache\advpack.dll
- 2002-06-25 18:58 . 2010-03-11 12:38 124928 c:\windows\system32\advpack.dll
+ 2002-06-25 18:58 . 2010-05-04 17:20 124928 c:\windows\system32\advpack.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-29 23:16 . 2008-07-29 23:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-02-09 16:22 . 2010-02-09 16:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 18:49 . 2010-03-31 18:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-03-31 19:32 . 2010-03-31 19:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-02-25 04:14 . 2010-02-25 04:14 543232 c:\windows\Installer\ebb462.msp
- 2007-11-22 15:53 . 2010-02-17 03:31 135168 c:\windows\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-11-22 15:53 . 2010-06-17 02:37 135168 c:\windows\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-06-17 02:28 . 2010-03-11 12:38 832512 c:\windows\ie7updates\KB982381-IE7\wininet.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 233472 c:\windows\ie7updates\KB982381-IE7\webcheck.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 105984 c:\windows\ie7updates\KB982381-IE7\url.dll
+ 2010-06-17 02:28 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll
+ 2010-06-17 02:28 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
+ 2010-06-17 02:28 . 2010-03-11 12:38 102912 c:\windows\ie7updates\KB982381-IE7\occache.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 671232 c:\windows\ie7updates\KB982381-IE7\mstime.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 193024 c:\windows\ie7updates\KB982381-IE7\msrating.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 477696 c:\windows\ie7updates\KB982381-IE7\mshtmled.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 459264 c:\windows\ie7updates\KB982381-IE7\msfeeds.dll
+ 2010-06-17 02:28 . 2010-02-23 05:20 634648 c:\windows\ie7updates\KB982381-IE7\iexplore.exe
+ 2010-06-17 02:28 . 2010-03-11 12:38 268288 c:\windows\ie7updates\KB982381-IE7\iertutil.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 192512 c:\windows\ie7updates\KB982381-IE7\iepeers.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 385024 c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 380928 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll
+ 2010-06-17 02:28 . 2010-02-23 05:18 161792 c:\windows\ie7updates\KB982381-IE7\ieakui.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 230400 c:\windows\ie7updates\KB982381-IE7\ieaksie.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 153088 c:\windows\ie7updates\KB982381-IE7\ieakeng.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 133120 c:\windows\ie7updates\KB982381-IE7\extmgr.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 214528 c:\windows\ie7updates\KB982381-IE7\dxtrans.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 347136 c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 124928 c:\windows\ie7updates\KB982381-IE7\advpack.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f 5f7f11d50a3a_6ea6f0b6\System.Drawing.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000. 0__b03f5f7f11d50a3a_f1e31ae8\System.Drawing.Design.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b0 3f5f7f11d50a3a_ddf866d1\CustomMarshalers.dll
+ 2010-06-17 02:36 . 2010-06-17 02:36 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f32 0c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-06-17 02:34 . 2010-06-17 02:34 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7c702f 75d47bf841b9587e582c2d0b2\WindowsFormsIntegration.ni.dll
+ 2010-06-17 02:34 . 2010-06-17 02:34 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\3a78043c8 5333d5af49a0d958912ae4a\UIAutomationClient.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9 611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c 88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f8 9d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594db d5652a576a0dce28722c\System.Security.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473 e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.d ll
+ 2010-06-17 02:37 . 2010-06-17 02:37 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce6 9bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604 c9a66f57c37c026\System.Net.ni.dll
+ 2010-06-17 02:36 . 2010-06-17 02:36 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c 80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-17 02:36 . 2010-06-17 02:36 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa4893 6affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5c d12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5c d12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-17 02:34 . 2010-06-17 02:34 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba682 0f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef7007 9beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eb a1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a 276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-17 02:36 . 2010-06-17 02:36 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dc b2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-17 02:36 . 2010-06-17 02:36 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c22 4e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-17 02:36 . 2010-06-17 02:36 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498 f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-17 02:33 . 2010-06-17 02:33 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4 062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll
+ 2010-06-17 02:33 . 2010-06-17 02:33 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad52 4016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll
+ 2010-06-17 02:33 . 2010-06-17 02:33 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d 038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll
+ 2010-06-17 02:33 . 2010-06-17 02:33 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87c a8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll
+ 2010-06-17 02:36 . 2010-06-17 02:36 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c6 9c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 657408 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\733383a e026a579af80d326120b6874d\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2010-06-17 02:36 . 2010-06-17 02:36 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974 f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-06-17 02:36 . 2010-06-17 02:36 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d1 5bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\ System.Web.Services.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\ System.Web.Services.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Web.Mobile.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Web.Mobile.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3 a\System.ServiceProcess.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3 a\System.ServiceProcess.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\Syst em.Security.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\Syst em.Security.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c56 1934e089\System.Runtime.Serialization.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2 .0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2 .0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e 089\System.Runtime.Remoting.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e 089\System.Runtime.Remoting.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\Sys tem.Messaging.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\Sys tem.Messaging.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Management.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Management.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089 \System.IdentityModel.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d5 0a3a\System.DirectoryServices.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d5 0a3a\System.DirectoryServices.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b0 3f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b0 3f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Deployment.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Deployment.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\S ystem.Data.SqlXml.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\S ystem.Data.SqlXml.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.configuration.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.configuration.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dl l
- 2009-10-14 21:41 . 2009-10-14 21:41 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dl l
+ 2010-06-17 02:32 . 2010-06-17 02:32 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiag nostics.dll
- 2009-08-24 02:15 . 2009-08-24 02:15 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiag nostics.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3 a\Microsoft.VisualBasic.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3 a\Microsoft.VisualBasic.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b 03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b 03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0 .0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0 .0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.JScript.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.JScript.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3 a\Microsoft.Build.Tasks.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3 a\Microsoft.Build.Tasks.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a 3a\Microsoft.Build.Engine.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a 3a\Microsoft.Build.Engine.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetM MCExt.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetM MCExt.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\Sy stem.Transactions.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\Sy stem.Transactions.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e0 89\System.Data.OracleClient.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e0 89\System.Data.OracleClient.dll
+ 2002-06-25 19:34 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll
+ 2004-09-23 21:07 . 2010-05-04 17:20 1168384 c:\windows\system32\urlmon.dll
- 2004-09-23 21:07 . 2010-03-11 12:38 1168384 c:\windows\system32\urlmon.dll
- 2002-06-25 19:22 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2002-06-25 19:22 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
+ 2004-09-29 06:45 . 2010-05-04 17:20 3600384 c:\windows\system32\mshtml.dll
- 2006-11-08 02:03 . 2010-03-11 12:38 6067200 c:\windows\system32\ieframe.dll
+ 2006-11-08 02:03 . 2010-05-04 17:20 6067200 c:\windows\system32\ieframe.dll
+ 2002-06-25 19:34 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-10-14 21:59 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
+ 2006-11-08 02:03 . 2010-05-04 17:20 1168384 c:\windows\system32\dllcache\urlmon.dll
- 2006-11-08 02:03 . 2010-03-11 12:38 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2006-11-08 02:03 . 2010-05-04 17:20 3600384 c:\windows\system32\dllcache\mshtml.dll
- 2007-05-09 20:42 . 2010-03-11 12:38 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-09 20:42 . 2010-05-04 17:20 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2008-11-25 08:59 . 2008-11-25 08:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 18:50 . 2010-03-31 18:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 18:50 . 2010-03-31 18:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-04-12 02:17 . 2010-04-12 02:17 2607104 c:\windows\Installer\ebb470.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 4210688 c:\windows\Installer\ebb46f.msp
+ 2010-06-17 02:28 . 2010-03-11 12:38 1168384 c:\windows\ie7updates\KB982381-IE7\urlmon.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 3599872 c:\windows\ie7updates\KB982381-IE7\mshtml.dll
+ 2010-06-17 02:28 . 2010-03-11 12:38 6067200 c:\windows\ie7updates\KB982381-IE7\ieframe.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934 e089_9e5fb0bd\System.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934 e089_1fa993cd\System.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c56 1934e089_e6f53766\System.Xml.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c56 1934e089_bc6f9b96\System.Xml.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0 __b77a5c561934e089_7ec5f46a\System.Windows.Forms.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0 __b77a5c561934e089_67305610\System.Windows.Forms.dll
+ 2010-06-17 21:11 . 2010-06-17 21:11 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f 5f7f11d50a3a_d4008cb9\System.Drawing.dll
+ 2010-06-17 21:11 . 2010-06-17 21:11 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5 f7f11d50a3a_ff178d44\System.Design.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5 f7f11d50a3a_662a344c\System.Design.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c5619 34e089_d9899da8\mscorlib.dll
+ 2010-06-17 21:11 . 2010-06-17 21:11 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c5619 34e089_23e15000\mscorlib.dll
+ 2010-06-17 02:33 . 2010-06-17 02:33 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922 a040002dddfb7b12\WindowsBase.ni.dll
+ 2010-06-17 02:34 . 2010-06-17 02:34 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\48b6687 6f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 4161024 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\3551c5d1cf0c5fce6ad0c25 1d12d48c5\ttax.ni.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba2 51860f4c79e\System.ni.dll
+ 2010-06-17 02:34 . 2010-06-17 02:34 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae 862974042298348\System.Xml.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556 899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-17 02:34 . 2010-06-17 02:34 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506b f643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-17 02:36 . 2010-06-17 02:36 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a 63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-17 02:34 . 2010-06-17 02:34 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\161b423dc4e8 6e569af019e838d39de5\System.Printing.ni.dll
+ 2010-06-17 02:35 . 2010-06-17 02:35 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86 064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-17 02:34 . 2010-06-17 02:34 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c 40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab24 94d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee 7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-17 02:34 . 2010-06-17 02:34 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a 11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392 c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f249a2d bc8dcb91860d0997c163c73ff\System.Data.OracleClient.ni.dll
+ 2010-06-17 02:34 . 2010-06-17 02:34 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03 779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-17 02:33 . 2010-06-17 02:33 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935e c0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-17 02:33 . 2010-06-17 02:33 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\fc373f0a8dbd1 73c63b6b95551b1c673\ReachFramework.ni.dll
+ 2010-06-17 02:33 . 2010-06-17 02:33 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ead93b6a4f010 1cb99d09f3e3fc6491c\PresentationUI.ni.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773 b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-17 02:36 . 2010-06-17 02:36 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de 493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XM L.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XM L.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\ System.ServiceModel.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System .Design.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System .Design.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web. dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web. dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll
- 2009-10-14 21:41 . 2009-10-14 21:41 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-17 02:32 . 2010-06-17 02:32 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-10-14 21:36 . 2009-10-14 21:36 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-06-17 02:36 . 2010-06-17 02:36 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-14 21:35 . 2009-10-14 21:35 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web. dll
+ 2010-06-17 02:36 . 2010-06-17 02:36 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web. dll
+ 2006-12-23 02:02 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe
+ 2010-04-02 23:29 . 2010-04-02 23:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninsta ll.msp
+ 2010-05-11 15:30 . 2010-05-11 15:30 11194880 c:\windows\Installer\ebb4b5.msp
+ 2010-04-02 16:30 . 2010-04-02 16:30 17456640 c:\windows\Installer\ebb4ab.msp
+ 2010-04-24 21:09 . 2010-04-24 21:09 11750912 c:\windows\Installer\ebb48a.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 14599680 c:\windows\Installer\ebb480.msp
+ 2010-06-17 02:34 . 2010-06-17 02:34 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045 e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-17 02:37 . 2010-06-17 02:37 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da 92e212a374232c2\System.Web.ni.dll
+ 2010-06-17 02:36 . 2010-06-17 02:36 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe 3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-17 02:34 . 2010-06-17 02:34 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee1 05e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-17 02:33 . 2010-06-17 02:33 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ca898d9 42e4d85af4c3d5f14a77c359a\PresentationFramework.ni.dll
+ 2010-06-17 02:33 . 2010-06-17 02:33 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89 d7afa8885c2a326379f03\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Aim6"="" [BU]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="c:\windows\System32\JMRaidTool.exe" [2006-06-29 352256]
"Ai Quicker Help"="c:\program files\ASUS\ASUS DH Remote\AsRc.exe" [2006-07-19 3167744]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"EzBackup Manager"="c:\program files\EzBackup\EZ-Backup Manager\ezbackupmanager.exe" [2006-05-08 1901568]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 28160]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"P17Helper"="P17.dll" [2006-03-17 81408]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTXFIREG"="CTxfiReg.exe" [BU]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"nwiz"="nwiz.exe" [2009-05-01 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-7-19 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 15:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawser vice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/11/2008 9:05 AM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/11/2008 9:05 AM 242896]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [7/18/2006 1:02 PM 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [7/18/2006 1:02 PM 91672]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/13/2010 11:35 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/13/2010 11:35 AM 308064]
R3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [3/20/2006 7:34 PM 1452032]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [12/22/2006 9:10 PM 176128]
S2 EZ-Backup Manager;EZ-Backup Manager;c:\program files\EzBackup\EZ-Backup Manager\EzBackup.exe [12/23/2006 10:45 AM 1123840]
S2 gupdate1c9b07ddd78ad26;Google Update Service (gupdate1c9b07ddd78ad26);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2009 10:51 AM 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 14:51]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 14:51]

2010-06-17 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 02:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: {CD3ACDA6-AEC0-41FC-94C7-BB0FA1EDB460} = 24.92.226.9,24.92.226.102
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Vince V\Application Data\Mozilla\Firefox\Profiles\3285pk1g.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Vince V\Application Data\Mozilla\Firefox\Profiles\3285pk1g.default\extensions\iaplayer@instanta ction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-17 17:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-17 17:39:42
ComboFix-quarantined-files.txt 2010-06-17 21:39
ComboFix2.txt 2010-06-16 22:26

Pre-Run: 58,107,367,424 bytes free
Post-Run: 58,111,053,824 bytes free

- - End Of File - - 1B5ACBC7D8D4684246E333601F460BA7

**dvk01** · 17-Jun-2010, 08:54 PM #9

That looks OK now

Are you still getting any problems or has it all cleared up

Vince21 · 18-Jun-2010, 05:51 PM **#10**

Everything seems to be good now. Thanks for the help.

What kind of virus/trojan did I have?

**dvk01** · 19-Jun-2010, 03:49 AM **#11**

you had TDL3 rootkit

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place

Vince21 · 21-Jun-2010, 06:24 PM **#12**

Evreything is now updated. Thanks again for the help!

Similar Threads
Title	Thread Starter	Forum	Replies	Last Post
Google Redirecting problem.	bamwo1980	Virus & Other Malware Removal	14	11-Jun-2010 03:24 PM
Another Google Redirect Attach	davemvc	Virus & Other Malware Removal	0	22-Jan-2010 01:44 AM
Help! Google Redirect Problem!	kbompad	Virus & Other Malware Removal	0	20-Jan-2010 01:16 AM
Another Google re-direct problem (plus occasional pop-ups)	good_ol_gil	Virus & Other Malware Removal	2	11-Dec-2009 06:12 PM
Firefox Google redirect problem	caslonpierce	Virus & Other Malware Removal	0	26-Mar-2009 04:31 PM

Tag Cloud
acer asus batch bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming google hard drive hardware hdmi internet laptop malware memory missing monitor motherboard mouse network networking printer problem ram registry router slow software sound toshiba trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!