Jump to content

billypat3

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by billypat3

  1. Combofixs log ComboFix 09-10-22.01 - mine 10/23/2009 18:27.4.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.564 [GMT -5:00] Running from: c:\documents and settings\mine\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\mine\Desktop\CFScript.txt AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} FILE :: "c:\windows\system32\wups(2).dll" "c:\windows\system32\wups2(2).dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\mine\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\mine\Local Settings\temp\IadHide5.dll . ---- Previous Run ------- . c:\program files\Common Files\Real\Update_OB\bak\realsched.exe c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe c:\program files\HP\HP Software Update\bak\HPwuSchd2.exe c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE c:\windows\CREATOR\bak\Remind_XP.exe c:\windows\ehome\bak\ehtray.exe c:\windows\SMINST\bak\RECGUARD.EXE c:\windows\system32\wups(2).dll c:\windows\system32\wups2(2).dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ANTIVIRSCHEDULERSERVICE -------\Legacy_MEMSWEEP2 -------\Legacy_SASDIFSV -------\Legacy_SASENUM -------\Legacy_SASKUTIL -------\Legacy_XOFTSPYSERVICE -------\Service_AntiVirSchedulerService -------\Service_MEMSWEEP2 -------\Service_SASDIFSV -------\Service_SASENUM -------\Service_SASKUTIL -------\Service_XoftSpyService ((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 ))))))))))))))))))))))))))))))) . 2009-10-23 13:32 . 2009-10-23 13:32 -------- d-----w- c:\program files\ESET 2009-10-21 12:51 . 2009-10-21 12:51 -------- d-----w- c:\documents and settings\mine\Application Data\HP 2009-10-21 12:51 . 2009-10-21 12:51 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\IsolatedStorage 2009-10-21 12:51 . 2009-10-21 12:51 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\HP 2009-10-19 20:47 . 2009-10-21 05:47 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Logs 2009-10-14 15:35 . 2009-10-14 15:36 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\Adobe 2009-10-13 16:04 . 2009-10-13 16:04 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\Apple Computer 2009-10-13 16:03 . 2009-10-23 13:26 -------- d-----w- c:\documents and settings\mine\Logs 2009-10-13 14:42 . 2009-10-13 14:42 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\AOL 2009-10-13 14:42 . 2009-10-13 14:42 -------- d-----w- c:\documents and settings\mine\Application Data\AOL 2009-10-13 13:40 . 2009-10-13 13:40 -------- d-----w- c:\documents and settings\mine\Application Data\Malwarebytes 2009-10-13 13:21 . 2009-10-13 13:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-13 13:10 . 2009-06-18 17:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2009-10-13 01:40 . 2009-10-13 01:40 -------- d-----w- c:\program files\Sophos 2009-10-13 01:07 . 2009-10-13 01:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL 2009-10-13 01:06 . 2009-10-13 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL 2009-10-13 00:50 . 2009-10-13 00:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-12 21:26 . 2009-10-12 21:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2009-10-12 21:20 . 2009-10-12 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-12 13:02 . 2009-10-12 13:02 -------- d-----w- c:\documents and settings\Guest.YOUR-4DACD0EA75\Local Settings\Application Data\AOL 2009-10-12 13:02 . 2009-10-12 13:02 -------- d-----w- c:\documents and settings\Guest.YOUR-4DACD0EA75\Application Data\AOL 2009-10-12 11:26 . 2009-10-23 12:49 -------- d-----w- c:\documents and settings\HP_Administrator\Logs 2009-10-12 00:02 . 2009-10-12 00:12 -------- d-----w- c:\windows\BDOSCAN8 2009-10-12 00:00 . 2009-10-23 23:38 -------- d-----w- c:\program files\a-squared Free 2009-10-11 23:48 . 2009-10-11 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE 2009-10-11 23:06 . 2009-10-11 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-11 22:50 . 2009-10-11 22:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Safer Networking 2009-10-11 22:34 . 2009-10-12 21:13 -------- d-----w- c:\program files\Safer Networking 2009-10-11 21:25 . 2009-10-12 21:12 -------- d-----w- c:\program files\Free Window Registry Repair 2009-10-11 20:07 . 2009-10-11 22:28 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-11 20:07 . 2009-10-11 20:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com 2009-10-11 19:43 . 2009-10-11 19:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-10-11 19:16 . 2009-10-11 20:42 -------- d-----w- c:\program files\Uniblue 2009-10-11 19:16 . 2009-10-11 20:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Uniblue 2009-10-11 17:59 . 2009-10-11 22:39 -------- d-----w- c:\program files\spybot 2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\InstallShield 2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\The Weather Channel 2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Local Settings\Application Data\The Weather Channel 2009-10-11 16:08 . 2009-10-11 16:08 -------- d--h--w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E} 2009-10-11 04:15 . 2009-10-11 04:15 -------- d-----w- c:\program files\Avira 2009-10-11 04:15 . 2009-10-11 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-10-09 14:49 . 2009-10-09 14:49 -------- d-----w- c:\program files\Lowrance . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-23 23:38 . 2006-02-23 02:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-23 12:50 . 2009-02-25 23:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp 2009-10-22 17:23 . 2009-07-17 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-10-22 17:23 . 2007-04-12 19:09 -------- d-----w- c:\program files\Norton Security Scan 2009-10-21 12:51 . 2009-10-13 13:37 127 ----a-w- c:\documents and settings\mine\Local Settings\Application Data\fusioncache.dat 2009-10-19 20:47 . 2009-03-28 21:37 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\mjusbsp 2009-10-19 20:47 . 2006-12-16 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-12 23:28 . 2008-05-27 15:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AOL 2009-10-12 21:13 . 2008-05-27 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot 2009-10-12 11:27 . 2008-06-01 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-10-12 11:21 . 2008-02-11 14:23 -------- d-----w- c:\program files\Bonjour 2009-10-12 11:21 . 2006-02-23 01:32 -------- d-----w- c:\program files\DISC 2009-10-12 11:21 . 2007-01-26 14:18 -------- d-----w- c:\program files\Freeze.com 2009-10-11 17:34 . 2006-02-23 02:05 -------- d-----w- c:\program files\Norton Internet Security 2009-10-11 17:30 . 2009-10-11 17:29 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-10-11 17:30 . 2009-10-11 17:29 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-10-11 17:30 . 2006-02-23 02:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-10-11 17:30 . 2006-02-23 02:04 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-10-11 17:30 . 2006-02-23 02:04 -------- d-----w- c:\program files\Symantec 2009-10-11 17:06 . 2008-01-03 14:24 -------- d-----w- c:\program files\AOL 9.1 2009-10-11 16:08 . 2006-02-23 01:40 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-11 14:20 . 2006-02-23 01:32 61008 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-11 04:02 . 2007-04-12 19:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-05 23:13 . 2006-09-06 13:23 -------- d-----w- c:\program files\Print Workshop 2006 2009-09-11 14:18 . 2004-08-10 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-09 19:53 . 2009-09-09 19:19 176 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat 2009-09-09 19:21 . 2009-09-09 19:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Template 2009-09-05 13:30 . 2008-07-23 23:02 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\Apple Computer 2009-09-04 21:03 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-01 01:49 . 2009-09-01 01:47 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\Move Networks 2009-08-26 08:00 . 2004-08-10 04:00 247326 ------w- c:\windows\system32\strmdll.dll 2009-08-26 01:30 . 2006-04-28 01:37 -------- d-----w- c:\program files\Punch! Pro 2009-08-07 00:24 . 2004-08-10 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-07 00:24 . 2004-08-10 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-07 00:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-07 00:24 . 2004-08-10 04:00 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-07 00:24 . 2004-08-10 04:00 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-07 00:24 . 2004-08-10 04:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-07 00:23 . 2004-08-10 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-07 00:23 . 2004-08-10 04:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll 2009-08-04 15:13 . 2008-05-27 14:17 2145280 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2004-08-10 11:00 2023936 ------w- c:\windows\system32\ntkrnlpa.exe 2007-01-22 00:43 . 2006-12-23 02:40 0 ----a-w- c:\program files\llh.dll 2007-01-22 00:43 . 2006-12-23 02:32 7176 ----a-w- c:\program files\ARA.ini 2006-12-23 02:40 . 2006-12-23 02:40 679936 ----a-w- c:\program files\libeay32.dll 2006-12-23 02:40 . 2006-12-23 02:40 59904 ----a-w- c:\program files\zlib1.dll 2006-12-23 02:40 . 2006-12-23 02:40 147728 ----a-w- c:\program files\ASYCFILT.DLL 2006-12-23 02:40 . 2006-12-23 02:40 147456 ----a-w- c:\program files\ssleay32.dll 2006-12-23 02:32 . 2006-12-23 02:32 77824 ----a-w- c:\program files\DM.dll 2006-12-23 02:32 . 2006-12-23 02:32 995410 ----a-w- c:\program files\MFC42LU.DLL 2006-12-23 02:32 . 2006-12-23 02:32 393216 ----a-w- c:\program files\MSLUP60.dll 2006-12-23 02:32 . 2006-12-23 02:32 258352 ----a-w- c:\program files\UNICOWS.DLL 2006-12-23 02:32 . 2006-12-23 02:32 237568 ----a-w- c:\program files\MSLURT.dll 2006-10-31 01:27 . 2006-10-31 01:27 0 ----a-w- c:\program files\Common Files\err.log . ((((((((((((((((((((((((((((( SnapShot@2009-10-13_16.57.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-23 23:38 . 2009-10-23 23:38 16384 c:\windows\temp\Perflib_Perfdata_6d0.dat + 2004-08-10 04:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll - 2004-08-10 04:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll + 2004-08-10 04:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll - 2005-08-31 04:07 . 2009-08-06 09:03 71936 c:\windows\system32\perfc009.dat + 2005-08-31 04:07 . 2009-10-15 08:07 71936 c:\windows\system32\perfc009.dat + 2004-08-10 11:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys + 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll - 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll + 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll + 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll + 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys + 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe - 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll + 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2007-04-14 01:57 . 2007-04-14 01:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2007-04-14 01:57 . 2007-04-14 01:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2007-04-14 02:30 . 2007-04-14 02:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2004-09-30 01:11 . 2009-06-24 17:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe + 2004-10-08 00:36 . 2009-06-24 17:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe + 2004-08-04 04:12 . 2009-06-24 03:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll - 2004-08-04 04:12 . 2007-01-02 21:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll - 2004-08-04 04:12 . 2007-01-02 21:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll + 2004-08-04 04:12 . 2009-06-24 03:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll + 2004-08-04 04:11 . 2009-06-24 03:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe - 2004-08-04 04:11 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe + 2002-06-21 23:31 . 2009-06-24 03:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe - 2002-06-21 23:31 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe + 2009-10-15 08:04 . 2009-10-15 08:04 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_eadff9a2\System.Drawing.Design.dll + 2009-10-15 08:04 . 2009-10-15 08:04 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4222eac3\CustomMarshalers.dll + 2009-10-15 08:02 . 2009-10-15 08:02 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_60a2a8b3\System.Drawing.Design.dll + 2009-10-15 08:01 . 2009-10-15 08:01 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_6ee7e500\CustomMarshalers.dll + 2009-10-15 08:09 . 2009-10-15 08:09 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll + 2009-10-15 08:08 . 2009-10-15 08:08 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe + 2009-10-15 08:07 . 2009-10-15 08:07 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe + 2009-10-15 08:10 . 2009-10-15 08:10 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll - 2009-08-06 09:02 . 2009-08-06 09:02 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2009-10-15 08:06 . 2009-10-15 08:06 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2009-08-06 09:02 . 2009-08-06 09:02 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2009-10-15 08:06 . 2009-10-15 08:06 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2009-10-15 08:06 . 2009-10-15 08:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2009-08-06 09:02 . 2009-08-06 09:02 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2009-10-15 08:06 . 2009-10-15 08:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2009-08-06 09:02 . 2009-08-06 09:02 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2009-10-15 08:06 . 2009-10-15 08:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2009-08-06 09:02 . 2009-08-06 09:02 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2009-10-15 08:06 . 2009-10-15 08:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2009-08-06 09:02 . 2009-08-06 09:02 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2009-08-06 09:02 . 2009-08-06 09:02 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2009-10-15 08:06 . 2009-10-15 08:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2009-10-15 08:06 . 2009-10-15 08:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2009-08-06 09:02 . 2009-08-06 09:02 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2009-10-15 08:06 . 2009-10-15 08:06 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2009-08-06 09:02 . 2009-08-06 09:02 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2009-10-15 08:06 . 2009-10-15 08:06 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2009-08-06 09:02 . 2009-08-06 09:02 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2009-10-15 08:06 . 2009-10-15 08:06 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2009-08-06 09:02 . 2009-08-06 09:02 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2009-08-06 09:02 . 2009-08-06 09:02 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2009-10-15 08:06 . 2009-10-15 08:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2009-10-15 08:06 . 2009-10-15 08:06 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2009-08-06 09:02 . 2009-08-06 09:02 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2009-08-06 09:02 . 2009-08-06 09:02 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2009-10-15 08:06 . 2009-10-15 08:06 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll - 2004-07-20 00:54 . 2007-01-02 21:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe + 2004-07-20 00:54 . 2009-06-29 16:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe - 2009-08-06 09:02 . 2009-08-06 09:02 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2009-10-15 08:06 . 2009-10-15 08:06 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2009-10-15 08:06 . 2009-10-15 08:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2009-08-06 09:02 . 2009-08-06 09:02 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2009-08-06 09:02 . 2009-08-06 09:02 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll + 2009-10-15 08:06 . 2009-10-15 08:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2009-08-06 09:02 . 2009-08-06 09:02 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2009-10-15 08:06 . 2009-10-15 08:06 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2009-10-15 08:06 . 2009-10-15 08:06 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2009-08-06 09:02 . 2009-08-06 09:02 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2009-08-06 09:02 . 2009-08-06 09:02 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2009-10-15 08:06 . 2009-10-15 08:06 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2004-08-10 04:00 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll + 2004-08-10 04:00 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll + 2005-08-31 04:07 . 2009-10-15 08:07 442796 c:\windows\system32\perfh009.dat - 2005-08-31 04:07 . 2009-08-06 09:03 442796 c:\windows\system32\perfh009.dat + 2004-08-10 04:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll + 2004-08-10 04:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll + 2004-08-10 04:00 . 2009-04-02 04:02 604160 c:\windows\system32\dllcache\wmspdmod.dll + 2004-08-10 04:00 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll - 2004-08-10 04:00 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll + 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll + 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll + 2009-04-15 17:00 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll + 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll + 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll + 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll - 2007-04-14 01:58 . 2007-04-14 01:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll - 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2007-04-14 02:30 . 2007-04-14 02:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2004-07-20 00:54 . 2009-06-24 02:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll - 2004-07-20 00:54 . 2004-07-20 00:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll + 2004-08-04 04:11 . 2009-06-24 03:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll - 2004-08-04 04:11 . 2008-04-13 16:09 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll + 2007-07-11 08:05 . 2007-07-11 08:05 835584 c:\windows\assembly\temp\GPX5DLT19H\System.Drawing.dll + 2009-10-15 08:04 . 2009-10-15 08:04 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6e601873\System.Drawing.dll + 2009-10-15 08:04 . 2009-10-15 08:04 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b440d574\System.Drawing.Design.dll + 2009-10-15 08:04 . 2009-10-15 08:04 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2c383db0\CustomMarshalers.dll + 2009-10-15 08:02 . 2009-10-15 08:02 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_99eb12a3\System.Drawing.dll + 2009-10-15 08:11 . 2009-10-15 08:11 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe + 2009-10-15 08:09 . 2009-10-15 08:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll + 2009-10-15 08:09 . 2009-10-15 08:09 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll + 2009-10-15 08:09 . 2009-10-15 08:09 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll + 2009-10-15 08:13 . 2009-10-15 08:13 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll + 2009-10-15 08:10 . 2009-10-15 08:10 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll + 2009-10-15 08:10 . 2009-10-15 08:10 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll + 2009-10-15 08:12 . 2009-10-15 08:12 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll + 2009-10-15 08:09 . 2009-10-15 08:09 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe + 2009-10-15 08:11 . 2009-10-15 08:11 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe + 2009-10-15 08:08 . 2009-10-15 08:08 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll + 2009-10-15 08:08 . 2009-10-15 08:08 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll + 2009-10-15 08:08 . 2009-10-15 08:08 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll + 2009-10-15 08:08 . 2009-10-15 08:08 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe + 2009-10-15 08:11 . 2009-10-15 08:11 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe + 2009-10-15 08:10 . 2009-10-15 08:10 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll - 2009-08-06 09:02 . 2009-08-06 09:02 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2009-10-15 08:06 . 2009-10-15 08:06 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2009-10-15 08:06 . 2009-10-15 08:06 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2009-08-06 09:02 . 2009-08-06 09:02 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2009-10-15 08:06 . 2009-10-15 08:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2009-08-06 09:02 . 2009-08-06 09:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2009-10-15 08:06 . 2009-10-15 08:06 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2009-08-06 09:02 . 2009-08-06 09:02 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2009-08-06 09:02 . 2009-08-06 09:02 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2009-10-15 08:06 . 2009-10-15 08:06 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2009-10-15 08:06 . 2009-10-15 08:06 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2009-08-06 09:02 . 2009-08-06 09:02 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2009-08-06 09:02 . 2009-08-06 09:02 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2009-10-15 08:06 . 2009-10-15 08:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2009-08-06 09:02 . 2009-08-06 09:02 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2009-10-15 08:06 . 2009-10-15 08:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2009-10-15 08:06 . 2009-10-15 08:06 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2009-08-06 09:02 . 2009-08-06 09:02 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2009-10-15 08:06 . 2009-10-15 08:06 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2009-08-06 09:02 . 2009-08-06 09:02 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2009-08-06 09:02 . 2009-08-06 09:02 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2009-10-15 08:06 . 2009-10-15 08:06 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2009-10-15 08:06 . 2009-10-15 08:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2009-08-06 09:02 . 2009-08-06 09:02 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2009-10-15 08:06 . 2009-10-15 08:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2009-08-06 09:02 . 2009-08-06 09:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2009-08-06 09:02 . 2009-08-06 09:02 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2009-10-15 08:06 . 2009-10-15 08:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2009-08-06 09:02 . 2009-08-06 09:02 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2009-10-15 08:06 . 2009-10-15 08:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2009-08-06 09:02 . 2009-08-06 09:02 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2009-10-15 08:06 . 2009-10-15 08:06 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2009-10-15 08:06 . 2009-10-15 08:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2009-08-06 09:02 . 2009-08-06 09:02 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2009-10-15 08:06 . 2009-10-15 08:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2009-08-06 09:02 . 2009-08-06 09:02 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2009-10-15 08:06 . 2009-10-15 08:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2009-08-06 09:02 . 2009-08-06 09:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2009-10-15 08:06 . 2009-10-15 08:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2009-08-06 09:02 . 2009-08-06 09:02 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll + 2009-10-15 08:06 . 2009-10-15 08:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2009-08-06 09:02 . 2009-08-06 09:02 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2009-10-15 08:06 . 2009-10-15 08:06 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2009-08-06 09:02 . 2009-08-06 09:02 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2009-08-06 09:02 . 2009-08-06 09:02 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2009-10-15 08:06 . 2009-10-15 08:06 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2009-10-15 08:06 . 2009-10-15 08:06 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2009-08-06 09:02 . 2009-08-06 09:02 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2009-10-15 08:06 . 2009-10-15 08:06 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2009-08-06 09:02 . 2009-08-06 09:02 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2009-08-06 09:02 . 2009-08-06 09:02 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2009-10-15 08:06 . 2009-10-15 08:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2009-10-14 11:28 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll + 2004-08-10 04:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll - 2004-08-10 04:00 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll + 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll + 2008-10-15 03:50 . 2009-08-05 01:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe - 2008-10-15 03:50 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe + 2008-10-15 03:50 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe - 2008-10-15 03:50 . 2009-02-08 00:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-10-15 03:50 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe - 2008-10-15 03:50 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe + 2008-10-15 03:50 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe + 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll + 2009-08-08 04:51 . 2009-08-08 04:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll - 2008-11-25 09:59 . 2008-11-25 09:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll - 2007-04-14 02:35 . 2007-04-14 02:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll - 2007-04-14 02:35 . 2007-04-14 02:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll - 2007-04-14 01:57 . 2007-04-14 01:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll - 2007-04-14 01:57 . 2007-04-14 01:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - 2007-04-14 01:50 . 2007-04-14 01:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2004-07-20 00:54 . 2009-06-29 16:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll - 2004-07-20 00:54 . 2007-01-02 21:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll + 2004-07-20 00:54 . 2009-06-24 03:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll - 2004-07-20 00:54 . 2007-12-17 11:59 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll - 2004-07-20 00:54 . 2007-12-17 11:58 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll + 2004-07-20 00:54 . 2009-06-24 03:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll + 2004-07-20 00:54 . 2009-06-29 16:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll - 2004-07-20 00:54 . 2007-01-02 21:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll + 2008-10-15 03:50 . 2009-08-05 01:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe - 2008-10-15 03:50 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-10-15 03:50 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-10-15 03:50 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2008-10-15 03:50 . 2009-02-08 00:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2008-10-15 03:50 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-10-15 03:50 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-05-27 15:25 . 2008-05-27 15:25 1966080 c:\windows\assembly\temp\JT18GOW4CK\System.dll + 2007-07-11 08:05 . 2007-07-11 08:05 3391488 c:\windows\assembly\temp\HQX5DLT19I\mscorlib.dll + 2008-05-27 15:25 . 2008-05-27 15:25 3018752 c:\windows\assembly\temp\BKS08GOW4C\System.Windows.Forms.dll + 2008-05-27 15:24 . 2008-05-27 15:24 1232896 c:\windows\assembly\temp\9IQY6EMU2A\System.dll + 2009-10-15 08:04 . 2009-10-15 08:04 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e5a6130a\System.dll + 2009-10-15 08:04 . 2009-10-15 08:04 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1b6b0e48\System.dll + 2009-10-15 08:04 . 2009-10-15 08:04 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_5624fde4\System.Xml.dll + 2009-10-15 08:04 . 2009-10-15 08:04 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_073078b1\System.Xml.dll + 2009-10-15 08:04 . 2009-10-15 08:04 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a7e408ef\System.Windows.Forms.dll + 2009-10-15 08:04 . 2009-10-15 08:04 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_40af74a8\System.Windows.Forms.dll + 2009-10-15 08:04 . 2009-10-15 08:04 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_246b5f70\System.Drawing.dll + 2009-10-15 08:04 . 2009-10-15 08:04 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_d31c95f6\System.Design.dll + 2009-10-15 08:04 . 2009-10-15 08:04 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_5dc3b1e9\System.Design.dll + 2009-10-15 08:04 . 2009-10-15 08:04 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f1f2ed3b\mscorlib.dll + 2009-10-15 08:04 . 2009-10-15 08:04 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e82d3b19\mscorlib.dll + 2009-10-15 08:01 . 2009-10-15 08:01 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_9de2f62a\System.dll + 2009-10-15 08:02 . 2009-10-15 08:02 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_8f6a95b4\System.Xml.dll + 2009-10-15 08:02 . 2009-10-15 08:02 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_9dc78be5\System.Windows.Forms.dll + 2009-10-15 08:02 . 2009-10-15 08:02 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_c8124de0\System.Design.dll + 2009-10-15 08:01 . 2009-10-15 08:01 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_3d728a4e\mscorlib.dll + 2009-10-15 08:07 . 2009-10-15 08:07 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll + 2009-10-15 08:09 . 2009-10-15 08:09 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll + 2009-10-15 08:07 . 2009-10-15 08:07 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll + 2009-10-15 08:09 . 2009-10-15 08:09 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll + 2009-10-15 08:09 . 2009-10-15 08:09 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll + 2009-10-15 08:10 . 2009-10-15 08:10 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll + 2009-10-15 08:09 . 2009-10-15 08:09 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll + 2009-10-15 08:10 . 2009-10-15 08:10 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll + 2009-10-15 08:09 . 2009-10-15 08:09 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll + 2009-10-15 08:08 . 2009-10-15 08:08 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll + 2009-10-15 08:08 . 2009-10-15 08:08 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll + 2009-10-15 08:08 . 2009-10-15 08:08 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll + 2009-10-15 08:08 . 2009-10-15 08:08 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll + 2009-10-15 08:08 . 2009-10-15 08:08 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll + 2009-10-15 08:07 . 2009-10-15 08:07 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll + 2009-10-15 08:06 . 2009-10-15 08:06 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll - 2009-08-06 09:02 . 2009-08-06 09:02 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2009-10-15 08:06 . 2009-10-15 08:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2009-08-06 09:02 . 2009-08-06 09:02 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll + 2009-10-15 08:06 . 2009-10-15 08:06 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2009-08-06 09:02 . 2009-08-06 09:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2009-08-06 09:02 . 2009-08-06 09:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2009-10-15 08:06 . 2009-10-15 08:06 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2009-10-15 08:06 . 2009-10-15 08:06 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2009-08-06 09:02 . 2009-08-06 09:02 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2009-10-15 08:06 . 2009-10-15 08:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2009-08-06 09:02 . 2009-08-06 09:02 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2009-08-06 09:02 . 2009-08-06 09:02 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2009-10-15 08:06 . 2009-10-15 08:06 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2009-10-15 08:03 . 2009-10-15 08:03 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - 2008-05-27 15:24 . 2008-05-27 15:24 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2009-10-15 08:03 . 2009-10-15 08:03 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - 2008-05-27 15:24 . 2008-05-27 15:24 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - 2008-08-21 11:32 . 2008-08-21 11:32 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll + 2009-10-15 08:01 . 2009-10-15 08:01 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll + 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp + 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\87f317c.msp + 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\87f3173.msp + 2009-10-15 08:09 . 2009-10-15 08:09 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll + 2009-10-15 08:12 . 2009-10-15 08:12 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll + 2009-10-15 08:11 . 2009-10-15 08:11 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll + 2009-10-15 08:08 . 2009-10-15 08:08 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll + 2009-10-15 08:08 . 2009-10-15 08:08 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll + 2009-10-15 08:08 . 2009-10-15 08:08 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll + 2009-10-15 08:07 . 2009-10-15 08:07 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "AOL Fast Start"="c:\progra~1\AOL9~1.1\AOL.EXE" [2007-10-27 50528] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440] "DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "HostManager"="c:\program files\Common Files\AOL\1225479186\ee\AOLSoftware.exe" [2008-06-24 41824] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-25 1519616] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-01-23 15969280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968] c:\documents and settings\Guest.YOUR-4DACD0EA75\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-22 27136] c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2008-2-19 983040] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-5-27 1470480] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 972064] Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-2-22 36903] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= "c:\\Documents and Settings\\Carrie.YOUR-4DACD0EA75\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:DCOM(135) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [10/13/2009 8:10 AM 18816] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST . Contents of the 'Scheduled Tasks' folder 2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab . - - - - ORPHANS REMOVED - - - - HKLM-Run-DISCover - c:\program files\DISC\DISCover.exe HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-23 18:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1256) c:\docume~1\mine\LOCALS~1\Temp\IadHide5.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\ccProxy.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\windows\arservice.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\combofix\CF8876.exe c:\windows\eHome\ehmsas.exe c:\progra~1\AOL9~1.1\waol.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\progra~1\AOL9~1.1\shellmon.exe c:\combofix\PEV.cfxxe . ************************************************************************** . Completion time: 2009-10-23 18:58 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-23 23:58 ComboFix2.txt 2009-10-13 17:04 Pre-Run: 91,431,337,984 bytes free Post-Run: 91,439,345,664 bytes free - - End Of File - - E28D34C0A72CA53B7EB4B7270C1B389B and here is the eset log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # waol.exe=9.05.001 # OnlineScanner.ocx=1.0.0.6210 # api_version=3.0.2 # EOSSerial=3786ec64b74e73499760cd3e6620608a # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-10-23 02:53:38 # local_time=2009-10-23 09:53:38 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1792 16777215 100 0 148975 148975 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=217091 # found=13 # cleaned=13 # scan_time=4542 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GameVance10.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GameVance11.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\B75FA91E\3E688669\stbsvc.exe Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\EB91CE86\3E688669\stbdl.exe a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Downloads\DTR2-dm[1].exe Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Carrie.YOUR-4DACD0EA75\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.0.21210\bin\stbup.exe.vir a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Carrie.YOUR-4DACD0EA75\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe.vir multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Carrie.YOUR-4DACD0EA75\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe.vir a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir a variant of Win32/Kryptik.YQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP565\A0105230.exe Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP565\A0105231.exe a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP565\A0105232.exe Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C # version=7 # waol.exe=9.05.001 # OnlineScanner.ocx=1.0.0.6210 # api_version=3.0.2 # EOSSerial=3786ec64b74e73499760cd3e6620608a # end=stopped # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-10-23 11:22:58 # local_time=2009-10-23 06:22:58 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1792 16777215 100 0 184069 184069 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=241 # found=0 # cleaned=0 # scan_time=5
  2. Here is the Combofix log sorry for the lack of response i have been sick Thank you for your help. ComboFix 09-10-12.03 - mine 10/13/2009 11:12.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.601 [GMT -5:00] Running from: c:\documents and settings\mine\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\mine\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\mine\Local Settings\Temp\IadHide5.dll -- Previous Run -- Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll -------- . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 ))))))))))))))))))))))))))))))) . 2009-10-13 16:04 . 2009-10-13 16:04 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\Apple Computer 2009-10-13 16:03 . 2009-10-13 16:03 -------- d-----w- c:\documents and settings\mine\Logs 2009-10-13 14:42 . 2009-10-13 14:42 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\AOL 2009-10-13 14:42 . 2009-10-13 14:42 -------- d-----w- c:\documents and settings\mine\Application Data\AOL 2009-10-13 13:40 . 2009-10-13 13:40 -------- d-----w- c:\documents and settings\mine\Application Data\Malwarebytes 2009-10-13 13:21 . 2009-10-13 13:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-13 13:10 . 2009-06-18 17:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2009-10-13 01:40 . 2009-10-13 01:40 -------- d-----w- c:\program files\Sophos 2009-10-13 01:07 . 2009-10-13 01:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL 2009-10-13 01:06 . 2009-10-13 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL 2009-10-13 00:50 . 2009-10-13 00:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-12 21:26 . 2009-10-12 21:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2009-10-12 21:20 . 2009-10-12 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-12 13:02 . 2009-10-12 13:02 -------- d-----w- c:\documents and settings\Guest.YOUR-4DACD0EA75\Local Settings\Application Data\AOL 2009-10-12 13:02 . 2009-10-12 13:02 -------- d-----w- c:\documents and settings\Guest.YOUR-4DACD0EA75\Application Data\AOL 2009-10-12 11:26 . 2009-10-12 11:26 -------- d-----w- c:\documents and settings\HP_Administrator\Logs 2009-10-12 00:02 . 2009-10-12 00:12 -------- d-----w- c:\windows\BDOSCAN8 2009-10-12 00:00 . 2009-10-12 22:59 -------- d-----w- c:\program files\a-squared Free 2009-10-11 23:48 . 2009-10-11 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE 2009-10-11 23:06 . 2009-10-11 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-11 22:50 . 2009-10-11 22:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Safer Networking 2009-10-11 22:34 . 2009-10-12 21:13 -------- d-----w- c:\program files\Safer Networking 2009-10-11 21:25 . 2009-10-12 21:12 -------- d-----w- c:\program files\Free Window Registry Repair 2009-10-11 20:07 . 2009-10-11 22:28 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-11 20:07 . 2009-10-11 20:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com 2009-10-11 19:43 . 2009-10-11 19:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-10-11 19:16 . 2009-10-11 20:42 -------- d-----w- c:\program files\Uniblue 2009-10-11 19:16 . 2009-10-11 20:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Uniblue 2009-10-11 17:59 . 2009-10-11 22:39 -------- d-----w- c:\program files\spybot 2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\InstallShield 2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\The Weather Channel 2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Local Settings\Application Data\The Weather Channel 2009-10-11 16:08 . 2009-10-11 16:08 -------- d--h--w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E} 2009-10-11 04:15 . 2009-10-11 04:15 -------- d-----w- c:\program files\Avira 2009-10-11 04:15 . 2009-10-11 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-10-09 14:49 . 2009-10-09 14:49 -------- d-----w- c:\program files\Lowrance . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-13 16:28 . 2006-02-23 02:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-13 12:03 . 2009-02-25 23:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp 2009-10-12 23:28 . 2008-05-27 15:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AOL 2009-10-12 21:13 . 2008-05-27 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot 2009-10-12 11:52 . 2006-12-16 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-12 11:27 . 2008-06-01 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-10-12 11:21 . 2008-02-11 14:23 -------- d-----w- c:\program files\Bonjour 2009-10-12 11:21 . 2006-02-23 01:32 -------- d-----w- c:\program files\DISC 2009-10-12 11:21 . 2007-01-26 14:18 -------- d-----w- c:\program files\Freeze.com 2009-10-11 17:34 . 2006-02-23 02:05 -------- d-----w- c:\program files\Norton Internet Security 2009-10-11 17:30 . 2009-10-11 17:29 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-10-11 17:30 . 2009-10-11 17:29 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-10-11 17:30 . 2006-02-23 02:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-10-11 17:30 . 2006-02-23 02:04 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-10-11 17:30 . 2006-02-23 02:04 -------- d-----w- c:\program files\Symantec 2009-10-11 17:06 . 2008-01-03 14:24 -------- d-----w- c:\program files\AOL 9.1 2009-10-11 16:09 . 2009-03-28 21:37 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\mjusbsp 2009-10-11 16:08 . 2006-02-23 01:40 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-11 14:20 . 2006-02-23 01:32 61008 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-11 04:02 . 2007-04-12 19:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-05 23:13 . 2006-09-06 13:23 -------- d-----w- c:\program files\Print Workshop 2006 2009-09-09 19:53 . 2009-09-09 19:19 176 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat 2009-09-09 19:21 . 2009-09-09 19:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Template 2009-09-05 13:30 . 2008-07-23 23:02 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\Apple Computer 2009-09-01 01:49 . 2009-09-01 01:47 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\Move Networks 2009-08-26 01:30 . 2006-04-28 01:37 -------- d-----w- c:\program files\Punch! Pro 2009-08-07 00:24 . 2004-08-10 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-07 00:24 . 2004-08-10 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-07 00:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-07 00:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2(2).dll 2009-08-07 00:24 . 2004-08-10 04:00 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-07 00:24 . 2004-08-10 04:00 35552 ----a-w- c:\windows\system32\wups(2).dll 2009-08-07 00:24 . 2004-08-10 04:00 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-07 00:24 . 2004-08-10 04:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-07 00:23 . 2004-08-10 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-07 00:23 . 2004-08-10 04:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll 2007-01-22 00:43 . 2006-12-23 02:40 0 ----a-w- c:\program files\llh.dll 2007-01-22 00:43 . 2006-12-23 02:32 7176 ----a-w- c:\program files\ARA.ini 2006-12-23 02:40 . 2006-12-23 02:40 679936 ----a-w- c:\program files\libeay32.dll 2006-12-23 02:40 . 2006-12-23 02:40 59904 ----a-w- c:\program files\zlib1.dll 2006-12-23 02:40 . 2006-12-23 02:40 147728 ----a-w- c:\program files\ASYCFILT.DLL 2006-12-23 02:40 . 2006-12-23 02:40 147456 ----a-w- c:\program files\ssleay32.dll 2006-12-23 02:32 . 2006-12-23 02:32 77824 ----a-w- c:\program files\DM.dll 2006-12-23 02:32 . 2006-12-23 02:32 995410 ----a-w- c:\program files\MFC42LU.DLL 2006-12-23 02:32 . 2006-12-23 02:32 393216 ----a-w- c:\program files\MSLUP60.dll 2006-12-23 02:32 . 2006-12-23 02:32 258352 ----a-w- c:\program files\UNICOWS.DLL 2006-12-23 02:32 . 2006-12-23 02:32 237568 ----a-w- c:\program files\MSLURT.dll 2006-10-31 01:27 . 2006-10-31 01:27 0 ----a-w- c:\program files\Common Files\err.log . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2006-02-23 01:32 . 2006-02-23 01:32 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe 2006-02-23 02:12 . 2005-11-10 00:29 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe 2006-02-23 02:12 . 2005-11-10 00:29 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe 2006-02-23 00:47 . 2005-06-02 06:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe 2006-02-23 00:47 . 2005-06-02 06:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe 2005-05-12 14:12 . 2005-05-12 14:12 49152 c:\program files\HP\HP Software Update\bak\HPwuSchd2.exe 2007-05-08 21:24 . 2007-05-08 21:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe 2006-10-23 23:50 . 2005-11-10 18:03 36975 c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe 2005-11-01 17:01 . 2005-11-01 17:01 90112 c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe 2005-11-01 17:01 . 2005-11-01 17:01 90112 c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe 2006-10-29 04:05 . 2006-10-24 21:10 4662776 c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE 2006-02-23 01:45 . 2004-12-14 10:23 663552 c:\windows\CREATOR\bak\Remind_XP.exe 2006-02-23 01:45 . 2004-12-14 10:23 663552 c:\windows\CREATOR\Remind_XP.exe 2004-08-10 10:04 . 2005-08-06 04:56 64512 c:\windows\ehome\bak\ehtray.exe 2004-08-10 10:04 . 2005-08-06 04:56 64512 c:\windows\ehome\ehtray.exe 2006-02-23 01:45 . 2005-07-23 06:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE 2006-02-23 01:45 . 2005-07-23 06:14 237568 c:\windows\SMINST\Recguard.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "AOL Fast Start"="c:\progra~1\AOL9~1.1\AOL.EXE" [2007-10-27 50528] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "DISCover"="c:\program files\DISC\DISCover.exe" [N/A] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440] "DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "HostManager"="c:\program files\Common Files\AOL\1225479186\ee\AOLSoftware.exe" [2008-06-24 41824] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [N/A] "SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-25 1519616] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-01-23 15969280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968] c:\documents and settings\Guest.YOUR-4DACD0EA75\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-22 27136] c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2008-2-19 983040] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-5-27 1470480] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 972064] Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-2-22 36903] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Carrie.YOUR-4DACD0EA75\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= "c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:DCOM(135) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [10/13/2009 8:10 AM 18816] S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1.tmp --> c:\windows\system32\1.tmp [?] S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?] S3 XoftSpyService;XoftSpyService;"c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe" --> c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST . Contents of the 'Scheduled Tasks' folder 2009-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34] 2009-10-11 c:\windows\Tasks\Norton Security Scan for Carrie.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-17 00:58] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html . - - - - ORPHANS REMOVED - - - - BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) Toolbar-Locked - (no file) AddRemove-SuperiorCasino - c:\program files\SuperiorCasino\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-13 11:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\1.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @DACL=(02 0010) @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @DACL=(02 0010) @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @DACL=(02 0010) @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2460) c:\docume~1\mine\LOCALS~1\Temp\IadHide5.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE c:\program files\Common Files\Symantec Shared\CCPROXY.EXE c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\a-squared Free\a2service.exe c:\windows\arservice.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\ehome\ehmsas.exe c:\progra~1\AOL9~1.1\waol.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\progra~1\AOL9~1.1\shellmon.exe . ************************************************************************** . Completion time: 2009-10-13 12:04 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-13 17:04 Pre-Run: 83,890,946,048 bytes free Post-Run: 85,394,812,928 bytes free 333 --- E O F --- 2009-10-12 08:00
  3. still having malware removal problems downloaded mbam and it quits right after scan starts anyone know how to fix
  4. I have a trojan and can't get rid of it at all please help me I use my pc for work and contracts Need help Please!!!!!!!
  5. here is the combo fix log.. PLease Help!!!!!! ComboFix 09-10-12.03 - mine 10/13/2009 11:12.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.601 [GMT -5:00] Running from: c:\documents and settings\mine\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\mine\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\mine\Local Settings\Temp\IadHide5.dll -- Previous Run -- Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll -------- . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 ))))))))))))))))))))))))))))))) . 2009-10-13 16:04 . 2009-10-13 16:04 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\Apple Computer 2009-10-13 16:03 . 2009-10-13 16:03 -------- d-----w- c:\documents and settings\mine\Logs 2009-10-13 14:42 . 2009-10-13 14:42 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\AOL 2009-10-13 14:42 . 2009-10-13 14:42 -------- d-----w- c:\documents and settings\mine\Application Data\AOL 2009-10-13 13:40 . 2009-10-13 13:40 -------- d-----w- c:\documents and settings\mine\Application Data\Malwarebytes 2009-10-13 13:21 . 2009-10-13 13:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-13 13:10 . 2009-06-18 17:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2009-10-13 01:40 . 2009-10-13 01:40 -------- d-----w- c:\program files\Sophos 2009-10-13 01:07 . 2009-10-13 01:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL 2009-10-13 01:06 . 2009-10-13 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL 2009-10-13 00:50 . 2009-10-13 00:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-12 21:26 . 2009-10-12 21:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2009-10-12 21:20 . 2009-10-12 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-12 13:02 . 2009-10-12 13:02 -------- d-----w- c:\documents and settings\Guest.YOUR-4DACD0EA75\Local Settings\Application Data\AOL 2009-10-12 13:02 . 2009-10-12 13:02 -------- d-----w- c:\documents and settings\Guest.YOUR-4DACD0EA75\Application Data\AOL 2009-10-12 11:26 . 2009-10-12 11:26 -------- d-----w- c:\documents and settings\HP_Administrator\Logs 2009-10-12 00:02 . 2009-10-12 00:12 -------- d-----w- c:\windows\BDOSCAN8 2009-10-12 00:00 . 2009-10-12 22:59 -------- d-----w- c:\program files\a-squared Free 2009-10-11 23:48 . 2009-10-11 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE 2009-10-11 23:06 . 2009-10-11 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-11 22:50 . 2009-10-11 22:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Safer Networking 2009-10-11 22:34 . 2009-10-12 21:13 -------- d-----w- c:\program files\Safer Networking 2009-10-11 21:25 . 2009-10-12 21:12 -------- d-----w- c:\program files\Free Window Registry Repair 2009-10-11 20:07 . 2009-10-11 22:28 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-11 20:07 . 2009-10-11 20:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com 2009-10-11 19:43 . 2009-10-11 19:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-10-11 19:16 . 2009-10-11 20:42 -------- d-----w- c:\program files\Uniblue 2009-10-11 19:16 . 2009-10-11 20:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Uniblue 2009-10-11 17:59 . 2009-10-11 22:39 -------- d-----w- c:\program files\spybot 2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\InstallShield 2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\The Weather Channel 2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Local Settings\Application Data\The Weather Channel 2009-10-11 16:08 . 2009-10-11 16:08 -------- d--h--w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E} 2009-10-11 04:15 . 2009-10-11 04:15 -------- d-----w- c:\program files\Avira 2009-10-11 04:15 . 2009-10-11 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-10-09 14:49 . 2009-10-09 14:49 -------- d-----w- c:\program files\Lowrance . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-13 16:28 . 2006-02-23 02:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-13 12:03 . 2009-02-25 23:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp 2009-10-12 23:28 . 2008-05-27 15:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AOL 2009-10-12 21:13 . 2008-05-27 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot 2009-10-12 11:52 . 2006-12-16 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-12 11:27 . 2008-06-01 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-10-12 11:21 . 2008-02-11 14:23 -------- d-----w- c:\program files\Bonjour 2009-10-12 11:21 . 2006-02-23 01:32 -------- d-----w- c:\program files\DISC 2009-10-12 11:21 . 2007-01-26 14:18 -------- d-----w- c:\program files\Freeze.com 2009-10-11 17:34 . 2006-02-23 02:05 -------- d-----w- c:\program files\Norton Internet Security 2009-10-11 17:30 . 2009-10-11 17:29 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-10-11 17:30 . 2009-10-11 17:29 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-10-11 17:30 . 2006-02-23 02:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-10-11 17:30 . 2006-02-23 02:04 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-10-11 17:30 . 2006-02-23 02:04 -------- d-----w- c:\program files\Symantec 2009-10-11 17:06 . 2008-01-03 14:24 -------- d-----w- c:\program files\AOL 9.1 2009-10-11 16:09 . 2009-03-28 21:37 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\mjusbsp 2009-10-11 16:08 . 2006-02-23 01:40 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-11 14:20 . 2006-02-23 01:32 61008 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-11 04:02 . 2007-04-12 19:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-05 23:13 . 2006-09-06 13:23 -------- d-----w- c:\program files\Print Workshop 2006 2009-09-09 19:53 . 2009-09-09 19:19 176 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat 2009-09-09 19:21 . 2009-09-09 19:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Template 2009-09-05 13:30 . 2008-07-23 23:02 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\Apple Computer 2009-09-01 01:49 . 2009-09-01 01:47 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\Move Networks 2009-08-26 01:30 . 2006-04-28 01:37 -------- d-----w- c:\program files\Punch! Pro 2009-08-07 00:24 . 2004-08-10 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-07 00:24 . 2004-08-10 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-07 00:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-07 00:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2(2).dll 2009-08-07 00:24 . 2004-08-10 04:00 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-07 00:24 . 2004-08-10 04:00 35552 ----a-w- c:\windows\system32\wups(2).dll 2009-08-07 00:24 . 2004-08-10 04:00 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-07 00:24 . 2004-08-10 04:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-07 00:23 . 2004-08-10 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-07 00:23 . 2004-08-10 04:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll 2007-01-22 00:43 . 2006-12-23 02:40 0 ----a-w- c:\program files\llh.dll 2007-01-22 00:43 . 2006-12-23 02:32 7176 ----a-w- c:\program files\ARA.ini 2006-12-23 02:40 . 2006-12-23 02:40 679936 ----a-w- c:\program files\libeay32.dll 2006-12-23 02:40 . 2006-12-23 02:40 59904 ----a-w- c:\program files\zlib1.dll 2006-12-23 02:40 . 2006-12-23 02:40 147728 ----a-w- c:\program files\ASYCFILT.DLL 2006-12-23 02:40 . 2006-12-23 02:40 147456 ----a-w- c:\program files\ssleay32.dll 2006-12-23 02:32 . 2006-12-23 02:32 77824 ----a-w- c:\program files\DM.dll 2006-12-23 02:32 . 2006-12-23 02:32 995410 ----a-w- c:\program files\MFC42LU.DLL 2006-12-23 02:32 . 2006-12-23 02:32 393216 ----a-w- c:\program files\MSLUP60.dll 2006-12-23 02:32 . 2006-12-23 02:32 258352 ----a-w- c:\program files\UNICOWS.DLL 2006-12-23 02:32 . 2006-12-23 02:32 237568 ----a-w- c:\program files\MSLURT.dll 2006-10-31 01:27 . 2006-10-31 01:27 0 ----a-w- c:\program files\Common Files\err.log . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2006-02-23 01:32 . 2006-02-23 01:32 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe 2006-02-23 02:12 . 2005-11-10 00:29 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe 2006-02-23 02:12 . 2005-11-10 00:29 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe 2006-02-23 00:47 . 2005-06-02 06:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe 2006-02-23 00:47 . 2005-06-02 06:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe 2005-05-12 14:12 . 2005-05-12 14:12 49152 c:\program files\HP\HP Software Update\bak\HPwuSchd2.exe 2007-05-08 21:24 . 2007-05-08 21:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe 2006-10-23 23:50 . 2005-11-10 18:03 36975 c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe 2005-11-01 17:01 . 2005-11-01 17:01 90112 c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe 2005-11-01 17:01 . 2005-11-01 17:01 90112 c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe 2006-10-29 04:05 . 2006-10-24 21:10 4662776 c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE 2006-02-23 01:45 . 2004-12-14 10:23 663552 c:\windows\CREATOR\bak\Remind_XP.exe 2006-02-23 01:45 . 2004-12-14 10:23 663552 c:\windows\CREATOR\Remind_XP.exe 2004-08-10 10:04 . 2005-08-06 04:56 64512 c:\windows\ehome\bak\ehtray.exe 2004-08-10 10:04 . 2005-08-06 04:56 64512 c:\windows\ehome\ehtray.exe 2006-02-23 01:45 . 2005-07-23 06:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE 2006-02-23 01:45 . 2005-07-23 06:14 237568 c:\windows\SMINST\Recguard.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "AOL Fast Start"="c:\progra~1\AOL9~1.1\AOL.EXE" [2007-10-27 50528] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "DISCover"="c:\program files\DISC\DISCover.exe" [N/A] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440] "DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "HostManager"="c:\program files\Common Files\AOL\1225479186\ee\AOLSoftware.exe" [2008-06-24 41824] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [N/A] "SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-25 1519616] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-01-23 15969280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968] c:\documents and settings\Guest.YOUR-4DACD0EA75\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-22 27136] c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2008-2-19 983040] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-5-27 1470480] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 972064] Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-2-22 36903] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Carrie.YOUR-4DACD0EA75\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= "c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:DCOM(135) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [10/13/2009 8:10 AM 18816] S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1.tmp --> c:\windows\system32\1.tmp [?] S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?] S3 XoftSpyService;XoftSpyService;"c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe" --> c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST . Contents of the 'Scheduled Tasks' folder 2009-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34] 2009-10-11 c:\windows\Tasks\Norton Security Scan for Carrie.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-17 00:58] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html . - - - - ORPHANS REMOVED - - - - BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) Toolbar-Locked - (no file) AddRemove-SuperiorCasino - c:\program files\SuperiorCasino\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-13 11:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\1.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @DACL=(02 0010) @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @DACL=(02 0010) @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @DACL=(02 0010) @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2460) c:\docume~1\mine\LOCALS~1\Temp\IadHide5.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE c:\program files\Common Files\Symantec Shared\CCPROXY.EXE c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\a-squared Free\a2service.exe c:\windows\arservice.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\ehome\ehmsas.exe c:\progra~1\AOL9~1.1\waol.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\progra~1\AOL9~1.1\shellmon.exe . ************************************************************************** . Completion time: 2009-10-13 12:04 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-13 17:04 Pre-Run: 83,890,946,048 bytes free Post-Run: 85,394,812,928 bytes free 333 --- E O F --- 2009-10-12 08:00
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.