Jump to content

Weathereye Malware


Recommended Posts

I have scanned using Prevx 3.0, which told me there was a problem with Weathereye. I lost my desktop which lead to the scan.

I then ran Bitdefender boot disk which did not remove all traces of whatever this threat was.

Next I ran CCcleaner. Then I ran combofix. I will post the log below and will run DDS next.

ComboFix 11-12-13.03 - Tyrant 12/13/2011 23:08:27.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.502 [GMT -5:00]

Running from: c:\documents and settings\Tyrant\My Documents\Combo-Fix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: Panda Titanium 2005 Personal Firewall *Disabled* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}

.

.

((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))

.

.

2011-12-14 04:14 . 2011-12-14 04:14 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE156117-C7BA-4F24-AC78-B3FD4BCADCAE}\MpKslf661b53e.sys

2011-12-14 04:14 . 2011-12-14 04:14 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE156117-C7BA-4F24-AC78-B3FD4BCADCAE}\offreg.dll

2011-12-14 02:59 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE156117-C7BA-4F24-AC78-B3FD4BCADCAE}\mpengine.dll

2011-12-14 02:51 . 2011-12-14 02:51 -------- d-----w- c:\program files\CCleaner

2011-12-07 23:08 . 2011-12-07 23:08 71880 ----a-w- c:\windows\system32\PxSecure.dll

2011-12-07 23:08 . 2011-12-07 23:08 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys

2011-12-07 23:08 . 2011-12-07 23:08 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys

2011-12-07 23:08 . 2011-12-07 23:08 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2011-12-07 23:08 . 2011-12-07 23:08 -------- d-----w- c:\program files\Prevx

2011-12-07 22:58 . 2011-12-14 03:44 -------- d-----w- c:\documents and settings\Tyrant

2011-12-07 22:54 . 2011-12-14 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI

2011-12-07 22:49 . 2011-12-07 22:49 -------- d-----w- c:\documents and settings\Lawrie\Program Files

2011-12-06 23:17 . 2011-12-06 23:17 -------- d-----w- c:\documents and settings\Administrator

2011-12-06 23:03 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2011-12-06 23:03 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2011-12-06 23:03 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2011-12-06 23:03 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2011-12-06 14:29 . 2011-12-07 23:40 -------- d-----w- C:\bd_logs

2011-12-02 22:51 . 2011-12-02 22:51 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-21 10:47 . 2011-10-13 06:32 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-10 14:22 . 2005-07-18 18:23 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2004-10-01 20:00 . 2005-12-01 00:04 40960 ----a-w- c:\program files\Uninstall_CDS.exe

2011-11-12 02:29 . 2011-06-15 21:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-08-11 00:46 . 2009-11-28 00:50 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

1997-07-21 23:30 1045776 --sha-w- c:\windows\system32\Msjet35.dll

1997-06-23 07:00 123664 --sha-w- c:\windows\system32\Msjint35.dll

1997-06-23 16:06 24848 --sha-w- c:\windows\system32\Msjter35.dll

1997-06-23 16:06 252176 --sha-w- c:\windows\system32\Msrd2x35.dll

1997-06-23 16:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-13_06.12.35 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 12:00 . 2011-11-09 08:26 72582 c:\windows\system32\perfc009.dat

- 2004-08-04 12:00 . 2011-09-15 11:19 72582 c:\windows\system32\perfc009.dat

- 2004-08-04 12:00 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll

+ 2009-03-08 09:31 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll

- 2009-03-08 09:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 43520 c:\windows\system32\licmgr10.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 43520 c:\windows\system32\licmgr10.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll

+ 2010-02-15 20:07 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll

- 2010-02-15 20:07 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2004-08-04 12:00 . 2011-09-26 15:41 20480 c:\windows\system32\dllcache\oleaccrc.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll

- 2010-02-15 20:07 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2010-02-15 20:07 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2005-07-18 18:41 . 2011-11-30 18:08 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2005-07-18 18:41 . 2011-08-24 18:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2005-07-18 18:41 . 2011-11-30 18:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2005-07-18 18:41 . 2011-08-24 18:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2005-07-18 18:41 . 2011-08-24 18:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2011-11-30 18:14 . 2011-11-30 18:08 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2011-10-18 05:03 . 2011-10-18 05:03 22016 c:\windows\Installer\8adfc16.msi

+ 2006-01-14 01:17 . 2011-11-09 08:01 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2006-01-14 01:17 . 2011-09-15 07:07 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2006-01-14 01:17 . 2011-11-09 08:01 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2006-01-14 01:17 . 2011-09-15 07:07 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2006-01-14 01:17 . 2011-11-09 08:01 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2006-01-14 01:17 . 2011-09-15 07:07 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2006-01-14 01:17 . 2011-09-15 07:07 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2006-01-14 01:17 . 2011-11-09 08:01 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2010-06-04 07:03 . 2011-10-13 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

- 2010-06-04 07:03 . 2011-06-14 22:43 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-10-13 06:49 . 2011-06-23 18:36 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll

+ 2011-10-13 06:49 . 2011-06-23 18:36 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll

+ 2011-10-13 06:49 . 2011-06-23 18:36 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll

+ 2011-10-13 06:49 . 2011-06-23 18:36 43520 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll

+ 2011-10-13 06:49 . 2011-06-23 18:36 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll

+ 2011-10-13 14:09 . 2011-10-13 14:09 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll

+ 2011-10-13 14:20 . 2011-10-13 14:20 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a54a122f1070ab71931dd9679ddd8e90\System.Web.DynamicData.Design.ni.dll

+ 2011-10-13 14:17 . 2011-10-13 14:17 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-10-13 14:17 . 2011-10-13 14:17 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll

+ 2011-10-13 07:01 . 2011-10-13 07:01 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe

+ 2011-10-13 07:00 . 2011-10-13 07:00 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a2d4c56b2c8dcab24c53b3761c7b8638\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll

+ 2011-10-13 14:17 . 2011-10-13 14:17 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\50a9bc2079f688173ef516959f303151\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll

+ 2011-10-13 14:17 . 2011-10-13 14:17 53760 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4836807f887fb0245beb5a835733a838\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v9.0.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll

+ 2011-10-13 14:15 . 2011-10-13 14:15 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe

+ 2011-10-13 14:14 . 2011-10-13 14:14 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-11-12 08:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2641690\update\spcustom.dll

+ 2011-11-12 08:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2641690\spmsg.dll

+ 2011-10-13 06:49 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2592799\update\spcustom.dll

+ 2011-10-13 06:49 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2592799\spmsg.dll

+ 2011-10-13 06:49 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2586448-IE8\update\spcustom.dll

+ 2011-10-13 06:49 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2586448-IE8\spmsg.dll

+ 2011-10-13 03:59 . 2011-08-22 23:47 12800 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\xpshims.dll

+ 2011-10-13 03:59 . 2011-08-22 23:47 66560 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtmled.dll

+ 2011-10-13 03:59 . 2011-08-22 23:47 55296 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\msfeedsbs.dll

+ 2011-10-13 03:59 . 2011-08-22 23:47 43520 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\licmgr10.dll

+ 2011-10-13 03:59 . 2011-08-22 23:47 25600 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\jsproxy.dll

+ 2011-10-13 06:50 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2567053\update\spcustom.dll

+ 2011-10-13 06:50 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2567053\spmsg.dll

+ 2011-11-09 08:05 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544893-v2\update\spcustom.dll

+ 2011-11-09 08:05 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544893-v2\spmsg.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2006-01-14 01:17 . 2011-11-09 08:01 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2006-01-14 01:17 . 2011-09-15 07:07 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2011-08-10 07:09 . 2011-08-10 07:09 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-08-10 07:09 . 2011-08-10 07:09 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-08-10 07:09 . 2011-08-10 07:09 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 916480 c:\windows\system32\wininet.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 916480 c:\windows\system32\wininet.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll

- 2004-08-04 12:00 . 2011-09-15 11:19 444832 c:\windows\system32\perfh009.dat

+ 2004-08-04 12:00 . 2011-11-09 08:26 444832 c:\windows\system32\perfh009.dat

+ 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll

+ 2009-03-08 09:32 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll

- 2009-03-08 09:32 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe

+ 2011-12-14 03:41 . 2011-12-14 04:14 221632 c:\windows\system32\FNTCACHE.DAT

- 2005-07-18 14:09 . 2011-07-14 07:22 221632 c:\windows\system32\FNTCACHE.DAT

- 2010-10-25 01:25 . 2011-04-18 17:18 165648 c:\windows\system32\drivers\MpFilter.sys

+ 2011-04-18 17:18 . 2011-04-18 17:18 165648 c:\windows\system32\drivers\MpFilter.sys

+ 2004-08-04 12:00 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys

- 2004-08-04 12:00 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys

- 2004-08-04 12:00 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 916480 c:\windows\system32\dllcache\wininet.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll

+ 2004-08-04 12:00 . 2011-09-26 15:41 220160 c:\windows\system32\dllcache\oleacc.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll

- 2010-02-15 20:07 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2010-02-15 20:07 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll

- 2005-07-18 18:23 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2005-07-18 18:23 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2010-02-15 20:07 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2010-02-15 20:07 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll

- 2010-06-11 19:50 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2010-06-11 19:50 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe

- 2004-08-04 12:00 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll

+ 2004-08-04 12:00 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll

+ 2004-08-04 12:00 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys

- 2004-08-04 12:00 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys

+ 2011-07-07 09:18 . 2011-07-07 09:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2011-03-25 10:15 . 2011-03-25 10:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2011-07-07 09:18 . 2011-07-07 09:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2011-03-25 10:15 . 2011-03-25 10:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2011-10-13 06:30 . 2011-10-13 06:30 785920 c:\windows\Installer\e31f0.msi

+ 2011-10-13 06:29 . 2011-10-13 06:29 483840 c:\windows\Installer\e31ea.msi

+ 2011-10-13 06:29 . 2011-10-13 06:29 301056 c:\windows\Installer\e31e5.msi

+ 2006-01-14 01:17 . 2011-11-09 08:01 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2006-01-14 01:17 . 2011-09-15 07:07 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2006-01-14 01:17 . 2011-09-15 07:07 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2006-01-14 01:17 . 2011-11-09 08:01 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2006-01-14 01:17 . 2011-09-15 07:07 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2006-01-14 01:17 . 2011-11-09 08:01 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2006-01-14 01:17 . 2011-09-15 07:07 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2006-01-14 01:17 . 2011-11-09 08:01 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2006-01-14 01:17 . 2011-11-09 08:01 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2006-01-14 01:17 . 2011-09-15 07:07 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2011-10-13 06:49 . 2011-06-23 18:36 916480 c:\windows\ie8updates\KB2586448-IE8\wininet.dll

+ 2011-10-13 06:49 . 2011-06-23 18:36 105984 c:\windows\ie8updates\KB2586448-IE8\url.dll

+ 2011-10-13 06:49 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2586448-IE8\spuninst\updspapi.dll

+ 2011-10-13 06:49 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2586448-IE8\spuninst\spuninst.exe

+ 2011-10-13 06:49 . 2011-06-23 18:36 206848 c:\windows\ie8updates\KB2586448-IE8\occache.dll

+ 2011-10-13 06:49 . 2011-06-23 18:36 611840 c:\windows\ie8updates\KB2586448-IE8\mstime.dll

+ 2011-10-13 06:49 . 2011-06-23 18:36 602112 c:\windows\ie8updates\KB2586448-IE8\msfeeds.dll

+ 2011-10-13 06:49 . 2011-06-23 18:36 247808 c:\windows\ie8updates\KB2586448-IE8\ieproxy.dll

+ 2011-10-13 06:49 . 2011-06-23 18:36 184320 c:\windows\ie8updates\KB2586448-IE8\iepeers.dll

+ 2011-10-13 06:49 . 2011-06-23 18:36 743424 c:\windows\ie8updates\KB2586448-IE8\iedvtool.dll

+ 2011-10-13 06:49 . 2011-06-23 18:36 387584 c:\windows\ie8updates\KB2586448-IE8\iedkcs32.dll

+ 2011-10-13 06:49 . 2011-06-23 12:05 173568 c:\windows\ie8updates\KB2586448-IE8\ie4uinit.exe

+ 2011-10-13 14:16 . 2011-10-13 14:16 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe

+ 2011-10-13 14:09 . 2011-10-13 14:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll

+ 2011-10-13 14:09 . 2011-10-13 14:09 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll

+ 2011-10-13 14:09 . 2011-10-13 14:09 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll

+ 2011-10-13 14:20 . 2011-10-13 14:20 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\3533d614ebecd4344efbee619dd11a74\System.Web.Routing.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d93514a764a83b18f6f3547b59cc8ae9\System.Web.Extensions.Design.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\93b5d1b77a74b76ac73cbf51ec871c01\System.Web.Entity.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d06a7d5872bbe85795f947f6c75d38c6\System.Web.Entity.Design.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ad0851438a18bf730d974c9b2f5f776a\System.Web.DynamicData.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\734ab0ea87d7dfd5c583eea535c05878\System.Web.Abstractions.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll

+ 2011-10-13 14:18 . 2011-10-13 14:18 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll

+ 2011-10-13 14:18 . 2011-10-13 14:18 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll

+ 2011-10-13 14:18 . 2011-10-13 14:18 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll

+ 2011-10-13 14:15 . 2011-10-13 14:15 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll

+ 2011-10-13 14:15 . 2011-10-13 14:15 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll

+ 2011-10-13 14:18 . 2011-10-13 14:18 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll

+ 2011-10-13 14:18 . 2011-10-13 14:18 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll

+ 2011-10-13 14:09 . 2011-10-13 14:09 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll

+ 2011-10-13 14:18 . 2011-10-13 14:18 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll

+ 2011-10-13 14:18 . 2011-10-13 14:18 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-10-13 14:18 . 2011-10-13 14:18 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll

+ 2011-10-13 14:18 . 2011-10-13 14:18 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f373f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll

+ 2011-10-13 14:18 . 2011-10-13 14:18 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\fee1a48b769a8c4beb335ee5ce006091\System.Data.Entity.Design.ni.dll

+ 2011-10-13 14:17 . 2011-10-13 14:17 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll

+ 2011-10-13 14:18 . 2011-10-13 14:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf5173121a084337256bc\System.AddIn.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe

+ 2011-10-13 14:16 . 2011-10-13 14:16 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\f2df1ca28301bfe7e1d52b86c8394217\ServiceModelReg.ni.exe

+ 2011-10-13 14:07 . 2011-10-13 14:07 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll

+ 2011-10-13 14:07 . 2011-10-13 14:07 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll

+ 2011-10-13 14:07 . 2011-10-13 14:07 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll

+ 2011-10-13 14:07 . 2011-10-13 14:07 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe

+ 2011-10-13 14:17 . 2011-10-13 14:17 335872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ec00785c5fae3ebd45f3f09490d7d89e\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll

+ 2011-10-13 14:17 . 2011-10-13 14:17 133120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d6087f46a43342ef6d9d7d8abbf0f93a\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll

+ 2011-10-13 14:17 . 2011-10-13 14:17 284672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9ba8f4274b5dfd42d24da32a6dc35ba3\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe

+ 2011-10-13 14:14 . 2011-10-13 14:14 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e1bcee92f5af50d560d577c0a99ea3bd\AspNetMMCExt.ni.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-10-13 06:59 . 2011-10-13 06:59 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-10-13 06:59 . 2011-10-13 06:59 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-10-13 06:59 . 2011-10-13 06:59 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-10-13 06:59 . 2011-10-13 06:59 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2011-10-13 06:59 . 2011-10-13 06:59 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2011-11-12 08:02 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2641690\update\updspapi.dll

+ 2011-11-12 08:02 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2641690\update\update.exe

+ 2011-11-12 08:02 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2641690\spuninst.exe

+ 2011-09-28 07:05 . 2011-09-28 07:05 599552 c:\windows\$hf_mig$\KB2641690\SP3QFE\crypt32.dll

+ 2011-10-13 06:49 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2592799\update\updspapi.dll

+ 2011-10-13 06:49 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2592799\update\update.exe

+ 2011-10-13 06:49 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2592799\spuninst.exe

+ 2011-10-13 03:59 . 2011-08-17 13:41 138496 c:\windows\$hf_mig$\KB2592799\SP3QFE\afd.sys

+ 2011-10-13 06:49 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2586448-IE8\update\updspapi.dll

+ 2011-10-13 06:49 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2586448-IE8\update\update.exe

+ 2011-10-13 06:49 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2586448-IE8\spuninst.exe

+ 2011-10-13 03:59 . 2011-08-22 23:47 919552 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll

+ 2011-10-13 03:59 . 2011-08-22 23:47 105984 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\url.dll

+ 2011-10-13 03:59 . 2011-08-22 23:47 206848 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\occache.dll

+ 2011-10-13 03:59 . 2011-08-22 23:47 611840 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mstime.dll

+ 2011-10-13 03:59 . 2011-08-22 23:47 602112 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\msfeeds.dll

+ 2011-10-13 03:59 . 2011-08-22 23:47 247808 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ieproxy.dll

+ 2011-10-13 03:59 . 2011-08-22 23:47 184320 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iepeers.dll

+ 2011-10-13 03:59 . 2011-08-22 23:47 743424 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iedvtool.dll

+ 2011-10-13 03:59 . 2011-08-22 23:47 387584 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iedkcs32.dll

+ 2011-10-13 03:59 . 2011-08-22 11:52 174080 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ie4uinit.exe

+ 2011-10-13 06:50 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2567053\update\updspapi.dll

+ 2011-10-13 06:50 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2567053\update\update.exe

+ 2011-10-13 06:50 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2567053\spuninst.exe

+ 2011-11-09 08:05 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2544893-v2\update\updspapi.dll

+ 2011-11-09 08:05 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2544893-v2\update\update.exe

+ 2011-11-09 08:05 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2544893-v2\spuninst.exe

+ 2011-10-10 14:21 . 2011-10-10 14:21 692736 c:\windows\$hf_mig$\KB2544893-v2\SP3QFE\inetcomm.dll

- 2004-08-04 12:00 . 2011-06-02 14:02 1858944 c:\windows\system32\win32k.sys

+ 2004-08-04 12:00 . 2011-09-06 13:20 1858944 c:\windows\system32\win32k.sys

- 2004-08-04 12:00 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll

+ 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll

+ 2004-08-04 12:00 . 2011-10-03 08:35 5971456 c:\windows\system32\mshtml.dll

+ 2009-03-08 09:32 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll

- 2004-08-04 12:00 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys

+ 2004-08-04 12:00 . 2011-09-06 13:20 1858944 c:\windows\system32\dllcache\win32k.sys

+ 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll

- 2004-08-04 12:00 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll

+ 2004-08-04 12:00 . 2011-10-03 08:35 5971456 c:\windows\system32\dllcache\mshtml.dll

+ 2010-02-15 20:07 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll

- 2011-03-25 10:15 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2011-07-07 09:18 . 2011-07-07 09:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2011-03-25 10:15 . 2011-03-25 10:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-07-07 09:18 . 2011-07-07 09:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-11-03 18:31 . 2011-11-03 18:31 5525504 c:\windows\Installer\2cd162bb.msp

+ 2011-09-20 19:36 . 2011-09-20 19:36 5521408 c:\windows\Installer\2002d9.msp

+ 2011-10-13 06:49 . 2011-06-23 18:36 1212416 c:\windows\ie8updates\KB2586448-IE8\urlmon.dll

+ 2011-10-13 06:49 . 2011-07-25 15:17 5969920 c:\windows\ie8updates\KB2586448-IE8\mshtml.dll

+ 2011-10-13 06:49 . 2011-06-23 18:36 1991680 c:\windows\ie8updates\KB2586448-IE8\iertutil.dll

+ 2011-10-13 07:00 . 2011-10-13 07:00 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll

+ 2011-10-13 14:09 . 2011-10-13 14:09 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll

+ 2011-10-13 07:00 . 2011-10-13 07:00 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll

+ 2011-10-13 14:09 . 2011-10-13 14:09 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll

+ 2011-10-13 14:20 . 2011-10-13 14:20 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e\System.WorkflowServices.ni.dll

+ 2011-10-13 14:20 . 2011-10-13 14:20 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\f72c5f649951b0403e62bfab6c453e6f\System.Workflow.Runtime.ni.dll

+ 2011-10-13 14:20 . 2011-10-13 14:20 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0aa4f4174204c93cc5181df4a6b2fb09\System.Workflow.ComponentModel.ni.dll

+ 2011-10-13 14:20 . 2011-10-13 14:20 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\921629dc69a5a895101097c88ae67897\System.Workflow.Activities.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f5dac0448a1dbe2687a5df92904d6274\System.Web.Mobile.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ccaf6bdd256a9b5079fedadcc8993327\System.Web.Extensions.ni.dll

+ 2011-10-13 14:09 . 2011-10-13 14:09 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7\System.ServiceModel.Web.ni.dll

+ 2011-10-13 14:15 . 2011-10-13 14:15 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll

+ 2011-10-13 14:09 . 2011-10-13 14:09 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll

+ 2011-10-13 14:15 . 2011-10-13 14:15 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d14065ede44df8e9b5d6b60c5ddccc69\System.IdentityModel.ni.dll

+ 2011-10-13 14:09 . 2011-10-13 14:09 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll

+ 2011-10-13 14:18 . 2011-10-13 14:18 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll

+ 2011-10-13 14:18 . 2011-10-13 14:18 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll

+ 2011-10-13 14:08 . 2011-10-13 14:08 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll

+ 2011-10-13 14:18 . 2011-10-13 14:18 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\541142d8742e6e88f1e729fafee04e71\System.Data.Services.ni.dll

+ 2011-10-13 14:08 . 2011-10-13 14:08 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll

+ 2011-10-13 14:18 . 2011-10-13 14:18 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a3ce22c2a84fdcb008d72d230ee0b2c0\System.Data.Entity.ni.dll

+ 2011-10-13 14:08 . 2011-10-13 14:08 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll

+ 2011-10-13 14:08 . 2011-10-13 14:08 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll

+ 2011-10-13 14:07 . 2011-10-13 14:07 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll

+ 2011-10-13 07:00 . 2011-10-13 07:00 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b42ad515bb20ec1f1250c040371c6730\PresentationBuildTasks.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 1298944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\09f83a3ce68b47208377470e2e7c7df9\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2011-10-13 14:16 . 2011-10-13 14:16 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2011-10-13 06:59 . 2011-10-13 06:59 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2011-08-10 07:08 . 2011-08-10 07:08 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-10-13 06:59 . 2011-10-13 06:59 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2011-08-10 07:09 . 2011-08-10 07:09 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-10-13 06:58 . 2011-10-13 06:58 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-10-13 03:59 . 2011-08-22 23:47 1214464 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\urlmon.dll

+ 2011-10-13 03:59 . 2011-10-03 08:34 5972992 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll

+ 2011-10-13 03:59 . 2011-08-22 23:47 2001408 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iertutil.dll

+ 2011-09-06 13:25 . 2011-09-06 13:25 1867904 c:\windows\$hf_mig$\KB2567053\SP3QFE\win32k.sys

+ 2005-12-01 00:44 . 2011-11-09 08:01 50295240 c:\windows\system32\MRT.exe

- 2009-03-08 09:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll

+ 2009-03-08 09:39 . 2011-08-23 21:48 11081728 c:\windows\system32\ieframe.dll

+ 2010-02-15 20:07 . 2011-08-23 21:48 11081728 c:\windows\system32\dllcache\ieframe.dll

- 2010-02-15 20:07 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll

+ 2011-10-13 07:00 . 2011-10-13 07:00 20333568 c:\windows\Installer\2002ee.msp

+ 2011-07-12 00:43 . 2011-07-12 00:43 11641344 c:\windows\Installer\2002e3.msp

+ 2011-10-13 06:49 . 2011-06-23 18:36 11081728 c:\windows\ie8updates\KB2586448-IE8\ieframe.dll

+ 2011-10-13 14:09 . 2011-10-13 14:09 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll

+ 2011-10-13 14:19 . 2011-10-13 14:19 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll

+ 2011-10-13 14:15 . 2011-10-13 14:15 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll

+ 2011-10-13 14:08 . 2011-10-13 14:08 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c6374d32e4af7b7e3e46b32176f76558\System.Design.ni.dll

+ 2011-10-13 14:07 . 2011-10-13 14:07 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll

+ 2011-10-13 07:01 . 2011-10-13 07:01 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll

+ 2011-10-13 07:00 . 2011-10-13 07:00 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

+ 2011-10-13 03:58 . 2011-08-22 23:47 11084288 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ieframe.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-09-29 21:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-14 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-22 8720384]

"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]

"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-25 1397760]

"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"WD Button Manager"="WDBtnMgr.exe" [2008-09-17 364544]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

.

R1 MpKslf661b53e;MpKslf661b53e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE156117-C7BA-4F24-AC78-B3FD4BCADCAE}\MpKslf661b53e.sys [12/13/2011 11:14 PM 29904]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [12/7/2011 6:08 PM 26096]

S1 MpKsl0418cd42;MpKsl0418cd42;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FE6058B-312A-4633-822D-CB407F300EC2}\MpKsl0418cd42.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FE6058B-312A-4633-822D-CB407F300EC2}\MpKsl0418cd42.sys [?]

S1 MpKsl2b66c255;MpKsl2b66c255;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{065A3632-BBC1-4417-9A27-680177EA7F14}\MpKsl2b66c255.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{065A3632-BBC1-4417-9A27-680177EA7F14}\MpKsl2b66c255.sys [?]

S1 MpKsl39960356;MpKsl39960356;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{679CC9D9-016E-414E-9E8C-341756951724}\MpKsl39960356.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{679CC9D9-016E-414E-9E8C-341756951724}\MpKsl39960356.sys [?]

S1 MpKsl3b8bd022;MpKsl3b8bd022;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{785317FA-63F2-4907-9FCD-67C8DB524ACD}\MpKsl3b8bd022.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{785317FA-63F2-4907-9FCD-67C8DB524ACD}\MpKsl3b8bd022.sys [?]

S1 MpKsl6ea4a3bf;MpKsl6ea4a3bf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DAC2AD5-8139-43C7-8C49-D073F7EEE6F8}\MpKsl6ea4a3bf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DAC2AD5-8139-43C7-8C49-D073F7EEE6F8}\MpKsl6ea4a3bf.sys [?]

S1 MpKsl6f061df9;MpKsl6f061df9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E54A826-09DC-4BBE-895B-30BD378B0B17}\MpKsl6f061df9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E54A826-09DC-4BBE-895B-30BD378B0B17}\MpKsl6f061df9.sys [?]

S1 MpKsl7e5cfe6a;MpKsl7e5cfe6a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6091A6F1-7A53-43E8-8409-C1F433C56BE2}\MpKsl7e5cfe6a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6091A6F1-7A53-43E8-8409-C1F433C56BE2}\MpKsl7e5cfe6a.sys [?]

S1 MpKsl9203b812;MpKsl9203b812;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{607F046E-8F9D-4962-9003-5CC92DF0B3FE}\MpKsl9203b812.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{607F046E-8F9D-4962-9003-5CC92DF0B3FE}\MpKsl9203b812.sys [?]

S1 MpKsl95dda91f;MpKsl95dda91f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53C76F8D-F035-40DF-90AF-1F92D80EA62D}\MpKsl95dda91f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53C76F8D-F035-40DF-90AF-1F92D80EA62D}\MpKsl95dda91f.sys [?]

S1 MpKslcc4edd54;MpKslcc4edd54;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEAC4D9F-412F-4BEF-B743-1523844A6537}\MpKslcc4edd54.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEAC4D9F-412F-4BEF-B743-1523844A6537}\MpKslcc4edd54.sys [?]

S1 MpKslcc719199;MpKslcc719199;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{073FBCBB-953C-420A-9C16-EA27CBA692FC}\MpKslcc719199.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{073FBCBB-953C-420A-9C16-EA27CBA692FC}\MpKslcc719199.sys [?]

S1 MpKslff54bff6;MpKslff54bff6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4CE088B5-7C0F-4341-9039-29D11FAE253A}\MpKslff54bff6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4CE088B5-7C0F-4341-9039-29D11FAE253A}\MpKslff54bff6.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2010 10:57 AM 135664]

S3 exdisk;Express Disk Service;c:\windows\system32\drivers\exdisk.sys [12/29/2005 10:01 AM 14074]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/8/2008 2:25 PM 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2010 10:57 AM 135664]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLF661B53E

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 15:57]

.

2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 15:57]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKCU-Run-PowerBar - (no file)

HKLM-Run-XYRqQgvDYPoUCvX.exe - c:\documents and settings\All Users\Application Data\XYRqQgvDYPoUCvX.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-13 23:16

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = ????????l?@?????????D??????w???????????????wl?@?l?@????? ??????????????w???w???????w?m?wx????????m?w???????? ??????????????|x???0???????????}M???m?w???????????????? |??????K???????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2544)

c:\windows\system32\WININET.dll

c:\program files\Logitech\iTouch\iTchHk.dll

c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\Logi_MwX.Exe

c:\windows\system32\WDBtnMgr.exe

c:\windows\system32\igfxsrvc.exe

.

**************************************************************************

.

Completion time: 2011-12-13 23:19:32 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-14 04:19

ComboFix2.txt 2011-10-13 06:17

.

Pre-Run: 336,760,012,800 bytes free

Post-Run: 336,790,286,336 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - ADE0EC759C9F2ACAC3DD094D6D81203C

Link to post
Share on other sites

Also ran Avenger using the following script.

Files to delete:

C:\WINDOWS\system32\gajijide.dll

c:\windows\system32\vilohora.dll

Drivers to delete:

refufuzuva

Here is the DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Tyrant at 23:26:43 on 2011-12-13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.346 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: Panda Titanium 2005 Personal Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [intelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY

mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [inCD] c:\program files\ahead\incd\InCD.exe

mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"

mRun: [WD Button Manager] WDBtnMgr.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/24.19/uploader2.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://hannmarie.spaces.live.com//PhotoUpload/MsnPUpld.cab

DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133396840296

DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://c:\program files\autodesk architectural desktop 3\AcDcToday.ocx

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - hxxp://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://blacks.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?

DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://blacks.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?

DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://c:\program files\autodesk architectural desktop 3\AcPreview.ocx

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4E7EBF69-18C4-4F49-B622-198142487CE0} : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKslf661b53e;MpKslf661b53e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ce156117-c7ba-4f24-ac78-b3fd4bcadcae}\MpKslf661b53e.sys [2011-12-13 29904]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-12-7 26096]

S1 MpKsl0418cd42;MpKsl0418cd42;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0fe6058b-312a-4633-822d-cb407f300ec2}\mpksl0418cd42.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0fe6058b-312a-4633-822d-cb407f300ec2}\MpKsl0418cd42.sys [?]

S1 MpKsl2b66c255;MpKsl2b66c255;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{065a3632-bbc1-4417-9a27-680177ea7f14}\mpksl2b66c255.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{065a3632-bbc1-4417-9a27-680177ea7f14}\MpKsl2b66c255.sys [?]

S1 MpKsl39960356;MpKsl39960356;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{679cc9d9-016e-414e-9e8c-341756951724}\mpksl39960356.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{679cc9d9-016e-414e-9e8c-341756951724}\MpKsl39960356.sys [?]

S1 MpKsl3b8bd022;MpKsl3b8bd022;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{785317fa-63f2-4907-9fcd-67c8db524acd}\mpksl3b8bd022.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{785317fa-63f2-4907-9fcd-67c8db524acd}\MpKsl3b8bd022.sys [?]

S1 MpKsl6ea4a3bf;MpKsl6ea4a3bf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0dac2ad5-8139-43c7-8c49-d073f7eee6f8}\mpksl6ea4a3bf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0dac2ad5-8139-43c7-8c49-d073f7eee6f8}\MpKsl6ea4a3bf.sys [?]

S1 MpKsl6f061df9;MpKsl6f061df9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e54a826-09dc-4bbe-895b-30bd378b0b17}\mpksl6f061df9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e54a826-09dc-4bbe-895b-30bd378b0b17}\MpKsl6f061df9.sys [?]

S1 MpKsl7e5cfe6a;MpKsl7e5cfe6a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6091a6f1-7a53-43e8-8409-c1f433c56be2}\mpksl7e5cfe6a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6091a6f1-7a53-43e8-8409-c1f433c56be2}\MpKsl7e5cfe6a.sys [?]

S1 MpKsl9203b812;MpKsl9203b812;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{607f046e-8f9d-4962-9003-5cc92df0b3fe}\mpksl9203b812.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{607f046e-8f9d-4962-9003-5cc92df0b3fe}\MpKsl9203b812.sys [?]

S1 MpKsl95dda91f;MpKsl95dda91f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53c76f8d-f035-40df-90af-1f92d80ea62d}\mpksl95dda91f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53c76f8d-f035-40df-90af-1f92d80ea62d}\MpKsl95dda91f.sys [?]

S1 MpKslcc4edd54;MpKslcc4edd54;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{feac4d9f-412f-4bef-b743-1523844a6537}\mpkslcc4edd54.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{feac4d9f-412f-4bef-b743-1523844a6537}\MpKslcc4edd54.sys [?]

S1 MpKslcc719199;MpKslcc719199;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{073fbcbb-953c-420a-9c16-ea27cba692fc}\mpkslcc719199.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{073fbcbb-953c-420a-9c16-ea27cba692fc}\MpKslcc719199.sys [?]

S1 MpKslff54bff6;MpKslff54bff6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4ce088b5-7c0f-4341-9039-29d11fae253a}\mpkslff54bff6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4ce088b5-7c0f-4341-9039-29d11fae253a}\MpKslff54bff6.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-13 135664]

S3 exdisk;Express Disk Service;c:\windows\system32\drivers\exdisk.sys [2005-12-29 14074]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-8 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-13 135664]

.

=============== Created Last 30 ================

.

2011-12-14 04:14:36 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ce156117-c7ba-4f24-ac78-b3fd4bcadcae}\MpKslf661b53e.sys

2011-12-14 04:14:33 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ce156117-c7ba-4f24-ac78-b3fd4bcadcae}\offreg.dll

2011-12-14 04:06:17 -------- d-sha-r- C:\cmdcons

2011-12-14 03:46:36 -------- d-----w- c:\documents and settings\tyrant\local settings\application data\PCHealth

2011-12-14 03:44:05 -------- d-sh--w- c:\documents and settings\tyrant\PrivacIE

2011-12-14 02:59:52 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ce156117-c7ba-4f24-ac78-b3fd4bcadcae}\mpengine.dll

2011-12-14 02:51:02 -------- d-----w- c:\program files\CCleaner

2011-12-07 23:08:50 71880 ----a-w- c:\windows\system32\PxSecure.dll

2011-12-07 23:08:50 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys

2011-12-07 23:08:49 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys

2011-12-07 23:08:49 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2011-12-07 23:08:47 -------- d-----w- c:\program files\Prevx

2011-12-07 22:59:15 -------- d-----w- c:\documents and settings\tyrant\local settings\application data\Google

2011-12-07 22:59:13 -------- d-----w- c:\documents and settings\tyrant\local settings\application data\Apple Computer

2011-12-07 22:59:10 -------- d-sh--w- c:\documents and settings\tyrant\IETldCache

2011-12-07 22:54:46 -------- d-----w- c:\documents and settings\all users\application data\PrevxCSI

2011-12-06 23:03:18 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2011-12-06 23:03:18 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2011-12-06 23:03:11 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2011-12-06 23:03:11 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2011-12-06 14:29:12 -------- d-----w- C:\bd_logs

2011-12-02 22:51:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

.

==================== Find3M ====================

.

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2004-10-01 20:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe

1997-07-21 23:30:54 1045776 --sha-w- c:\windows\system32\Msjet35.dll

1997-06-23 07:00:00 123664 --sha-w- c:\windows\system32\Msjint35.dll

1997-06-23 16:06:50 24848 --sha-w- c:\windows\system32\Msjter35.dll

1997-06-23 16:06:50 252176 --sha-w- c:\windows\system32\Msrd2x35.dll

1997-06-23 16:06:50 287504 --sha-w- c:\windows\system32\Msxbse35.dll

.

============= FINISH: 23:27:08.93 ===============

Link to post
Share on other sites

Ran FixIEDef.

********************************************************************************

* *

* FixIEDef Log *

* Version 1.8.33.7611 *

* *

********************************************************************************

Created at 23:33:05 on Tuesday, December 13, 2011

Time Zone : (GMT-05:00) Eastern Time (US & Canada)

Logged On User : Tyrant

Operating System : Microsoft Windows XP Home Edition Service Pack 3

OS Architecture : X86

System Langauge : English (United States)

Keyboard Layout : English (United States)

Processor : X64 Intel® Pentium® 4 CPU 3.00GHz

File System : NTFS

System Drive : C:\

Windows Directory : C:\WINDOWS

System Directory : C:\WINDOWS\system32

System Drive Type : Fixed

System Drive Status : READY

System Drive Label :

System Drive Size : 476.94 GB

System Drive Free : 321.09 GB

Total Physical Memory: 1014 MB

Free Physical Memory : 527 MB

Total Page File : 1014 MB

Free Page File : 2081 MB

Total Virtual Memory : 2048 MB

Free Virtual Memory : 1950 MB

Boot State : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Hosts file entries that have been deleted !!!

No malicious Hosts entries found

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

Link to post
Share on other sites

Ran Smitfraud in safe mode.

SmitFraudFix v2.424

Scan done at 23:39:19.23, Tue 12/13/2011

Run from C:\Documents and Settings\Tyrant\My Documents\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4E7EBF69-18C4-4F49-B622-198142487CE0}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{4E7EBF69-18C4-4F49-B622-198142487CE0}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{4E7EBF69-18C4-4F49-B622-198142487CE0}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.