Jump to content

Over my Head - Need help


Recommended Posts

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thank you Chris, your help is truely appreciated.

Below is the MBAM, Combofix, and DDS logs as requested.

The only thing that happened that wasn't in the combofix instructions was that it reported "rootkit activity" in file RDPCDD. It stopped the scan, did some stuff and rebooted a couple times before it was finished. As far as I know it all went well, but how would I know.

Dan

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4447

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/18/2010 4:44:28 PM

mbam-log-2010-08-18 (16-44-28).txt

Scan type: Quick scan

Objects scanned: 163609

Time elapsed: 21 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix 10-08-17.04 - Dan 08/18/2010 17:16:52.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.651 [GMT -7:00]

Running from: c:\documents and settings\Dan\Desktop\COMBOFIX\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\program files\Mozilla Firefox\searchplugins\google_search.xml

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

Infected copy of c:\windows\system32\DRIVERS\RDPCDD.sys was found and disinfected

Restored copy from - Kitty had a snack :)

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2010-07-19 to 2010-08-19 )))))))))))))))))))))))))))))))

.

2010-08-19 00:05 . 2004-08-04 10:00 4224 -c--a-w- c:\windows\system32\dllcache\rdpcdd.sys

2010-08-19 00:05 . 2004-08-04 10:00 4224 ----a-w- c:\windows\system32\drivers\RDPCDD.sys

2010-08-16 07:40 . 2010-08-16 07:40 -------- d-sh--w- c:\documents and settings\JJ\IECompatCache

2010-08-16 06:16 . 2010-08-16 06:16 -------- d-----w- c:\documents and settings\JJ\Application Data\Malwarebytes

2010-08-15 21:10 . 2010-08-15 21:10 -------- d-sh--w- c:\documents and settings\Dan\PrivacIE

2010-08-15 20:57 . 2010-08-15 20:57 388096 ----a-r- c:\documents and settings\Dan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-15 20:57 . 2010-08-15 20:57 -------- d-----w- c:\program files\Trend Micro

2010-08-14 16:06 . 2010-08-14 16:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-08-14 06:06 . 2010-08-14 06:06 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes

2010-08-14 06:05 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-14 06:05 . 2010-08-14 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-14 06:05 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-14 06:05 . 2010-08-14 06:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-14 06:03 . 2010-08-14 06:03 -------- d-sh--w- c:\documents and settings\Dan\IETldCache

2010-08-12 20:29 . 2010-08-12 20:29 -------- d-----w- c:\documents and settings\Administrator\Calibre Library

2010-08-12 20:29 . 2010-08-12 20:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\calibre

2010-08-12 19:10 . 2010-08-12 19:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2010-08-12 05:04 . 2010-08-12 05:04 -------- d-----w- c:\documents and settings\Administrator\log

2010-08-11 17:50 . 2010-08-11 19:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent

2010-08-10 21:18 . 2010-08-10 21:18 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2010-08-10 11:48 . 2010-08-10 11:48 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-08-10 09:01 . 2010-08-10 09:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-08-10 07:08 . 2010-08-10 07:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-08-10 07:06 . 2010-08-10 07:06 -------- d-sh--w- c:\documents and settings\JJ\PrivacIE

2010-08-10 06:59 . 2010-08-10 06:59 -------- d-sh--w- c:\documents and settings\JJ\IETldCache

2010-08-10 06:51 . 2010-08-10 06:54 -------- dc-h--w- c:\windows\ie8

2010-08-10 06:20 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-08-10 06:20 . 2001-08-18 05:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-08-10 06:20 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-08-10 06:20 . 2001-08-18 05:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-08-10 06:20 . 2001-08-18 05:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-08-10 06:20 . 2001-08-18 05:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2010-08-10 06:20 . 2001-08-17 19:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-08-10 06:20 . 2004-08-04 05:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-08-10 06:20 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys

2010-08-10 06:20 . 2004-08-04 05:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-08-10 06:20 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2010-08-10 06:19 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2010-08-10 06:19 . 2004-08-04 05:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2010-08-10 06:19 . 2001-08-17 19:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2010-08-10 06:19 . 2001-08-17 20:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2010-08-10 06:19 . 2001-08-18 05:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll

2010-08-10 06:19 . 2001-08-18 05:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2010-08-10 06:17 . 2001-08-17 20:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys

2010-08-10 06:17 . 2001-08-17 20:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys

2010-08-10 06:17 . 2001-08-17 19:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2010-08-10 06:17 . 2001-08-17 20:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2010-08-10 06:17 . 2008-04-13 18:40 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys

2010-08-10 06:17 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2010-08-10 06:17 . 2001-08-17 20:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2010-08-10 06:17 . 2001-08-17 20:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2010-08-10 06:17 . 2001-08-17 20:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2010-08-10 06:17 . 2001-08-17 20:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2010-08-10 06:17 . 2001-08-17 20:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2010-08-10 06:17 . 2001-08-17 20:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys

2010-08-10 06:17 . 2001-08-17 20:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2010-08-10 06:15 . 2001-08-17 20:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys

2010-08-10 06:15 . 2001-08-17 20:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2010-08-10 06:15 . 2001-08-17 19:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2010-08-10 06:15 . 2001-08-18 05:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll

2010-08-10 06:15 . 2001-08-17 19:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys

2010-08-10 06:15 . 2001-08-17 21:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll

2010-08-10 06:15 . 2001-08-17 19:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys

2010-08-10 06:15 . 2001-08-17 21:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll

2010-08-10 06:15 . 2001-08-17 19:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys

2010-08-10 06:15 . 2001-08-18 05:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll

2010-08-10 06:15 . 2008-04-14 00:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe

2010-08-10 06:15 . 2001-08-18 05:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll

2010-08-10 06:14 . 2001-08-17 20:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys

2010-08-10 06:14 . 2001-08-17 21:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys

2010-08-10 06:14 . 2001-08-17 21:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys

2010-08-10 06:14 . 2001-08-17 19:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys

2010-08-10 06:14 . 2001-08-17 19:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys

2010-08-10 06:14 . 2001-08-17 19:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2010-08-10 06:14 . 2001-08-17 21:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll

2010-08-10 06:14 . 2008-04-13 18:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys

2010-08-10 06:14 . 2001-08-17 19:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2010-08-10 06:14 . 2001-08-17 19:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2010-08-10 06:14 . 2001-08-17 20:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys

2010-08-10 06:12 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys

2010-08-10 06:12 . 2001-08-18 05:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2010-08-10 06:12 . 2001-08-18 05:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2010-08-10 06:12 . 2001-08-17 19:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2010-08-10 06:12 . 2001-08-17 20:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2010-08-10 06:12 . 2001-08-17 19:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2010-08-10 06:12 . 2001-08-18 05:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2010-08-10 06:12 . 2001-08-18 05:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2010-08-10 06:12 . 2001-08-17 20:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys

2010-08-10 06:12 . 2001-08-18 05:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll

2010-08-10 06:12 . 2001-08-17 21:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys

2010-08-10 06:12 . 2001-08-17 20:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys

2010-08-10 06:11 . 2001-08-17 19:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys

2010-08-10 06:11 . 2001-08-18 05:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll

2010-08-10 06:11 . 2001-08-17 19:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys

2010-08-10 06:11 . 2001-08-17 20:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys

2010-08-10 06:11 . 2008-04-13 18:40 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys

2010-08-10 06:11 . 2001-08-17 20:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys

2010-08-10 06:11 . 2001-08-17 19:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys

2010-08-10 06:11 . 2001-08-17 21:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll

2010-08-10 06:11 . 2001-08-17 19:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys

2010-08-10 06:11 . 2001-08-17 19:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys

2010-08-10 06:11 . 2001-08-17 19:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys

2010-08-10 06:09 . 2001-08-17 21:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll

2010-08-10 06:09 . 2001-08-17 19:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys

2010-08-10 06:09 . 2001-08-17 21:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2010-08-10 06:09 . 2001-08-17 19:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys

2010-08-10 06:09 . 2001-07-21 21:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2010-08-10 06:09 . 2001-07-21 21:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2010-08-10 06:09 . 2001-08-17 19:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2010-08-10 06:09 . 2001-08-18 05:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

2010-08-10 06:09 . 2001-08-17 19:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys

2010-08-10 06:09 . 2001-08-17 20:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2010-08-10 06:09 . 2001-08-17 20:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys

2010-08-10 06:07 . 2001-08-17 21:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll

2010-08-10 06:06 . 2008-04-13 18:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys

2010-08-10 06:06 . 2001-08-17 19:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys

2010-08-10 06:06 . 2001-08-18 05:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll

2010-08-10 06:06 . 2001-08-17 20:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys

2010-08-10 06:06 . 2001-08-17 20:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2010-08-10 06:06 . 2001-08-17 20:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys

2010-08-10 06:06 . 2001-08-18 05:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll

2010-08-10 06:06 . 2001-08-17 20:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys

2010-08-10 06:06 . 2001-08-17 20:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys

2010-08-10 06:04 . 2001-08-18 05:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll

2010-08-10 06:03 . 2001-08-17 19:11 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-17 09:00 . 2006-12-20 19:35 10 ---h--w- c:\windows\popcinfo.dat

2010-08-09 06:53 . 2006-12-23 21:52 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-08-04 00:38 . 2008-01-23 02:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-08-01 06:23 . 2010-04-18 00:22 -------- d-----w- c:\documents and settings\JJ\Application Data\uTorrent

2010-07-20 03:51 . 2009-11-17 01:28 -------- d-----w- c:\program files\Calibre2

2010-07-15 17:02 . 2009-05-24 18:15 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-15 17:02 . 2010-07-15 17:02 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 17:01 . 2009-05-24 18:15 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-07 21:58 . 2010-07-07 21:58 37376 ----a-w- c:\windows\system32\libusb0.dll

2010-07-07 21:58 . 2010-07-07 21:58 21504 ----a-w- c:\windows\system32\drivers\libusb0.sys

2010-06-14 14:31 . 2006-12-19 11:25 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-02 17:26 . 2006-12-24 00:14 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2006-12-20 22:32 . 2006-12-20 22:32 774144 ----a-w- c:\program files\RngInterstitial.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"eBook Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2009-11-24 906640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 17:02 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^JJ^Start Menu^Programs^Startup^Webshots.lnk]

path=c:\documents and settings\JJ\Start Menu\Programs\Startup\Webshots.lnk

backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

2006-12-24 00:05 679936 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]

2002-08-01 18:53 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2002-08-15 00:29 290816 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2005-02-23 23:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]

2002-08-22 20:11 221184 ----a-w- c:\program files\Common Files\Dell\EUSW\Support.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2006-11-09 22:07 49263 ----a-w- c:\program files\Java\jre1.5.0_10\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2031:UDP"= 2031:UDP:Windows Media Format SDK (IEXPLORE.EXE)

"2030:UDP"= 2030:UDP:Windows Media Format SDK (IEXPLORE.EXE)

"2073:UDP"= 2073:UDP:Windows Media Format SDK (IEXPLORE.EXE)

"2072:UDP"= 2072:UDP:Windows Media Format SDK (IEXPLORE.EXE)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/24/2009 11:15 AM 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/24/2009 11:15 AM 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 10:01 AM 308136]

S3 Ich;Ich;c:\windows\system32\drivers\Ich.sys [12/19/2006 5:17 PM 65916]

--- Other Services/Drivers In Memory ---

*Deregistered* - pfswnx

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?ec03dcfb912c4a04b1561713d7a64196

IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?ec03dcfb912c4a04b1561713d7a64196

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe

MSConfigStartUp-sta - qlqyp.dll

AddRemove-NiBiRu_is1 - c:\program files\JoWood\Nibiru\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-18 17:36

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86C03EC5]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf757cf28

\Driver\ACPI -> ACPI.sys @ 0xf74cfcb8

\Driver\atapi -> atapi.sys @ 0xf73a3852

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615

ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615

ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac

NDIS: Dell TrueMobile 1180 Internal 802.11b Mini PCI Card -> SendCompleteHandler -> NDIS.sys @ 0xf7297bb0

PacketIndicateHandler -> NDIS.sys @ 0xf7286a0d

SendHandler -> NDIS.sys @ 0xf729ab40

user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pfswnx]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3384)

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\System32\wltrysvc.exe

c:\windows\System32\bcmwltry.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-08-18 17:46:04 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-19 00:45

Pre-Run: 17,536,356,352 bytes free

Post-Run: 18,828,406,784 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 8C7641ABF25F2B3FDBBCE70D87B9AF25

DDS (Ver_10-03-17.01) - NTFSx86

Run by Dan at 17:48:46.11 on Wed 08/18/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.532 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Program Files\Logitech\Profiler\lwemon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Dan\Desktop\DDS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [eBook Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?ec03dcfb912c4a04b1561713d7a64196

IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?ec03dcfb912c4a04b1561713d7a64196

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166593849496

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} - hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-24 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-23 29584]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-24 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-21 54752]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 Ich;Ich;c:\windows\system32\drivers\Ich.sys [2006-12-19 65916]

=============== Created Last 30 ================

2010-08-19 00:05:10 4224 -c--a-w- c:\windows\system32\dllcache\rdpcdd.sys

2010-08-19 00:05:10 4224 ----a-w- c:\windows\system32\drivers\RDPCDD.sys

2010-08-19 00:01:43 0 d-sha-r- C:\cmdcons

2010-08-18 23:56:18 77312 ----a-w- c:\windows\MBR.exe

2010-08-18 23:56:17 98816 ----a-w- c:\windows\sed.exe

2010-08-18 23:56:17 256512 ----a-w- c:\windows\PEV.exe

2010-08-18 23:56:17 161792 ----a-w- c:\windows\SWREG.exe

2010-08-18 03:38:19 0 ----a-w- c:\documents and settings\dan\defogger_reenable

2010-08-15 21:10:06 0 d-sh--w- c:\documents and settings\dan\PrivacIE

2010-08-15 20:57:33 0 d-----w- c:\program files\Trend Micro

2010-08-14 06:06:10 0 d-----w- c:\docume~1\dan\applic~1\Malwarebytes

2010-08-14 06:05:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-14 06:05:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-08-14 06:05:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-14 06:05:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-14 06:03:22 0 d-sh--w- c:\documents and settings\dan\IETldCache

2010-08-10 06:51:46 0 dc-h--w- c:\windows\ie8

2010-08-10 06:20:44 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-08-10 06:20:39 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-08-10 06:20:38 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-08-10 06:20:33 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-08-10 06:20:29 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-08-10 06:20:22 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2010-08-10 06:20:13 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-08-10 06:20:11 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-08-10 06:20:05 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys

2010-08-10 06:20:03 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-08-10 06:20:01 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2010-08-10 06:19:35 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2010-08-10 06:19:30 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2010-08-10 06:19:25 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2010-08-10 06:19:11 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2010-08-10 06:19:05 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll

2010-08-10 06:19:00 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2010-08-10 06:17:59 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys

2010-08-10 06:17:53 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys

2010-08-10 06:17:47 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2010-08-10 06:17:43 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2010-08-10 06:17:41 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys

2010-08-10 06:17:38 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2010-08-10 06:17:31 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2010-08-10 06:17:26 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2010-08-10 06:17:21 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2010-08-10 06:17:17 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2010-08-10 06:17:12 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2010-08-10 06:17:08 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys

2010-08-10 06:17:03 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2010-08-10 06:15:56 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys

2010-08-10 06:15:49 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2010-08-10 06:15:38 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2010-08-10 06:15:34 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll

2010-08-10 06:15:30 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys

2010-08-10 06:15:26 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll

2010-08-10 06:15:22 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys

2010-08-10 06:15:17 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll

2010-08-10 06:15:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys

2010-08-10 06:15:08 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll

2010-08-10 06:15:07 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe

2010-08-10 06:15:02 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll

2010-08-10 06:14:57 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys

2010-08-10 06:14:53 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys

2010-08-10 06:14:48 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys

2010-08-10 06:14:43 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys

2010-08-10 06:14:38 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys

2010-08-10 06:14:28 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2010-08-10 06:14:24 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll

2010-08-10 06:14:22 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys

2010-08-10 06:14:16 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2010-08-10 06:14:12 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2010-08-10 06:14:01 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys

2010-08-10 06:12:59 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys

2010-08-10 06:12:55 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2010-08-10 06:12:51 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2010-08-10 06:12:47 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2010-08-10 06:12:42 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2010-08-10 06:12:36 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2010-08-10 06:12:32 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2010-08-10 06:12:22 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2010-08-10 06:12:16 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys

2010-08-10 06:12:12 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll

2010-08-10 06:12:08 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys

2010-08-10 06:12:03 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys

2010-08-10 06:11:59 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys

2010-08-10 06:11:55 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll

2010-08-10 06:11:52 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys

2010-08-10 06:11:46 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys

2010-08-10 06:11:45 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys

2010-08-10 06:11:39 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys

2010-08-10 06:11:25 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys

2010-08-10 06:11:17 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll

2010-08-10 06:11:13 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys

2010-08-10 06:11:08 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys

2010-08-10 06:11:05 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys

2010-08-10 06:09:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll

2010-08-10 06:09:53 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys

2010-08-10 06:09:48 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2010-08-10 06:09:44 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys

2010-08-10 06:09:28 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2010-08-10 06:09:24 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2010-08-10 06:09:20 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2010-08-10 06:09:16 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

2010-08-10 06:09:12 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys

2010-08-10 06:09:05 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2010-08-10 06:09:02 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys

2010-08-10 06:07:59 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll

2010-08-10 06:06:57 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys

2010-08-10 06:06:52 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys

2010-08-10 06:06:47 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll

2010-08-10 06:06:30 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys

2010-08-10 06:06:24 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2010-08-10 06:06:21 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys

2010-08-10 06:06:16 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll

2010-08-10 06:06:12 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys

2010-08-10 06:06:02 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys

2010-08-10 06:04:46 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll

2010-08-10 06:03:58 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys

2010-08-10 06:02:58 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys

2010-08-10 06:02:55 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys

2010-08-10 06:02:51 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys

2010-08-10 06:02:47 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys

2010-08-10 06:02:44 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys

2010-08-10 06:02:39 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys

2010-08-10 06:02:29 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys

2010-08-10 06:02:24 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll

2010-08-10 06:02:15 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys

2010-08-10 06:02:07 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys

2010-08-10 06:02:03 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys

2010-08-10 06:02:02 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys

2010-08-10 06:00:58 128000 -c--a-w- c:\windows\system32\dllcache\n100325.sys

2010-08-10 06:00:54 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys

2010-08-10 06:00:51 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys

2010-08-10 06:00:47 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll

2010-08-10 06:00:44 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys

2010-08-10 06:00:40 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll

2010-08-10 06:00:36 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys

2010-08-10 06:00:28 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys

2010-08-10 06:00:17 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys

2010-08-10 06:00:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys

2010-08-10 06:00:09 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys

2010-08-10 05:59:59 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2010-08-10 05:59:57 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys

2010-08-10 05:59:41 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys

2010-08-10 05:59:37 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys

2010-08-10 05:59:36 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax

2010-08-10 05:59:36 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys

2010-08-10 05:59:26 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys

2010-08-10 05:59:23 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2010-08-10 05:59:15 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys

2010-08-10 05:59:07 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys

2010-08-10 05:59:01 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys

2010-08-10 05:57:58 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys

2010-08-10 05:56:41 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll

2010-08-10 05:56:38 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll

2010-08-10 05:56:34 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll

2010-08-10 05:56:30 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll

2010-08-10 05:56:18 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys

2010-08-10 05:56:15 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys

2010-08-10 05:56:14 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2010-08-10 05:56:11 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys

2010-08-10 05:56:10 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe

2010-08-10 05:56:09 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys

2010-08-10 05:56:06 16384 -c--a-w- c:\windows\system32\dllcache\ipsink.ax

2010-08-10 05:56:01 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys

2010-08-10 05:55:57 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll

2010-08-10 05:55:54 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys

2010-08-10 05:55:50 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys

2010-08-10 05:55:47 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys

2010-08-10 05:55:17 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll

2010-08-10 05:55:13 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys

2010-08-10 05:55:10 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll

2010-08-10 05:55:07 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll

2010-08-10 05:55:04 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys

2010-08-10 05:55:01 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll

2010-08-10 05:53:58 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys

2010-08-10 05:52:57 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll

2010-08-10 05:51:59 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys

2010-08-10 05:50:58 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys

2010-08-10 05:49:58 61952 -c--a-w- c:\windows\system32\dllcache\eqnloop.exe

2010-08-10 05:48:57 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax

2010-08-10 05:47:59 131156 -c--a-w- c:\windows\system32\dllcache\digidbp.dll

2010-08-10 05:46:59 249856 -c--a-w- c:\windows\system32\dllcache\ctmasetp.dll

2010-08-10 05:45:58 7680 -c--a-w- c:\windows\system32\dllcache\cd20xrnt.sys

2010-08-10 05:44:57 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2010-08-10 05:43:59 281600 -c--a-w- c:\windows\system32\dllcache\atimtai.sys

2010-08-10 05:39:14 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys

2010-08-10 05:38:59 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys

2010-08-10 05:38:05 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-08-09 16:18:31 783872 ----a-w- c:\windows\system32\drivers\pfswnx.sys

2010-08-09 16:18:22 5 ----a-w- C:\zrpt.xml

2010-08-09 16:18:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Update

2010-08-09 08:15:07 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-31 01:09:16 0 d-----w- c:\program files\Borders Desktop

==================== Find3M ====================

2010-07-15 17:02:04 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-15 17:02:02 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 17:01:53 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-07 21:58:06 37376 ----a-w- c:\windows\system32\libusb0.dll

2010-07-07 21:58:06 21504 ----a-w- c:\windows\system32\drivers\libusb0.sys

2006-12-20 22:32:29 774144 ----a-w- c:\program files\RngInterstitial.dll

============= FINISH: 17:50:05.07 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

File::

C:\zrpt.xml

Folder::

c:\documents and settings\all users\application data\Update

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Sorry for the delayed response...caught me leaving town without the computer for the

weekend.

Attached is the Combofix, DDS, ESET log and my security check logs.

We haven't been using the computer since we started the cleanup...will start using it and

let you know.

Thanks again,

Dan

ComboFix 10-08-22.05 - Dan 08/22/2010 20:15:23.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.660 [GMT -7:00]

Running from: c:\documents and settings\Dan\Desktop\COMBOFIX\ComboFix.exe

Command switches used :: c:\documents and settings\Dan\Desktop\COMBOFIX\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

{17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Created a new restore point

FILE ::

"C:\zrpt.xml"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions

)))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\all users\application data\Update

c:\documents and settings\JJ\Favorites\FBorFW.com is The Official Website of Lynn Johnston's

comic strip For Better or For Worse..url

C:\zrpt.xml

Infected copy of c:\windows\system32\drivers\kbdclass.sys was found and disinfected

Restored copy from - Kitty had a snack ;)

.

((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23

)))))))))))))))))))))))))))))))

.

2010-08-19 00:05 . 2004-08-04 10:00 4224 -c--a-w-

c:\windows\system32\dllcache\rdpcdd.sys

2010-08-19 00:05 . 2004-08-04 10:00 4224 ----a-w-

c:\windows\system32\drivers\RDPCDD.sys

2010-08-16 07:40 . 2010-08-16 07:40 -------- d-sh--w- c:\documents and

settings\JJ\IECompatCache

2010-08-16 06:16 . 2010-08-16 06:16 -------- d-----w- c:\documents and

settings\JJ\Application Data\Malwarebytes

2010-08-15 21:10 . 2010-08-15 21:10 -------- d-sh--w- c:\documents and

settings\Dan\PrivacIE

2010-08-15 20:57 . 2010-08-15 20:57 388096 ----a-r- c:\documents and

settings\Dan\Application

Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-15 20:57 . 2010-08-15 20:57 -------- d-----w- c:\program

files\Trend Micro

2010-08-14 16:06 . 2010-08-14 16:06 -------- d-----w- c:\documents and

settings\Administrator\Application Data\Malwarebytes

2010-08-14 06:06 . 2010-08-14 06:06 -------- d-----w- c:\documents and

settings\Dan\Application Data\Malwarebytes

2010-08-14 06:05 . 2010-04-29 22:39 38224 ----a-w-

c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-14 06:05 . 2010-08-14 06:05 -------- d-----w- c:\documents and

settings\All Users\Application Data\Malwarebytes

2010-08-14 06:05 . 2010-04-29 22:39 20952 ----a-w-

c:\windows\system32\drivers\mbam.sys

2010-08-14 06:05 . 2010-08-14 06:05 -------- d-----w- c:\program

files\Malwarebytes' Anti-Malware

2010-08-14 06:03 . 2010-08-14 06:03 -------- d-sh--w- c:\documents and

settings\Dan\IETldCache

2010-08-12 20:29 . 2010-08-12 20:29 -------- d-----w- c:\documents and

settings\Administrator\Calibre Library

2010-08-12 20:29 . 2010-08-12 20:30 -------- d-----w- c:\documents and

settings\Administrator\Application Data\calibre

2010-08-12 19:10 . 2010-08-12 19:12 -------- d-----w- c:\documents and

settings\Administrator\Local Settings\Application Data\Adobe

2010-08-12 05:04 . 2010-08-12 05:04 -------- d-----w- c:\documents and

settings\Administrator\log

2010-08-11 17:50 . 2010-08-11 19:09 -------- d-----w- c:\documents and

settings\Administrator\Application Data\uTorrent

2010-08-10 21:18 . 2010-08-10 21:18 -------- d-sh--w- c:\documents and

settings\Administrator\PrivacIE

2010-08-10 11:48 . 2010-08-10 11:48 -------- d-sh--w- c:\documents and

settings\Administrator\IETldCache

2010-08-10 09:01 . 2010-08-10 09:01 -------- d-sh--w- c:\documents and

settings\LocalService\IETldCache

2010-08-10 07:08 . 2010-08-10 07:08 -------- d-sh--w- c:\documents and

settings\NetworkService\IETldCache

2010-08-10 07:06 . 2010-08-10 07:06 -------- d-sh--w- c:\documents and

settings\JJ\PrivacIE

2010-08-10 06:59 . 2010-08-10 06:59 -------- d-sh--w- c:\documents and

settings\JJ\IETldCache

2010-08-10 06:51 . 2010-08-10 06:54 -------- dc-h--w- c:\windows\ie8

2010-08-10 06:20 . 2008-04-14 00:12 116224 -c--a-w-

c:\windows\system32\dllcache\xrxwiadr.dll

2010-08-10 06:20 . 2001-08-18 05:36 23040 -c--a-w-

c:\windows\system32\dllcache\xrxwbtmp.dll

2010-08-10 06:20 . 2008-04-14 00:12 18944 -c--a-w-

c:\windows\system32\dllcache\xrxscnui.dll

2010-08-10 06:20 . 2001-08-18 05:37 27648 -c--a-w-

c:\windows\system32\dllcache\xrxftplt.exe

2010-08-10 06:20 . 2001-08-18 05:37 4608 -c--a-w-

c:\windows\system32\dllcache\xrxflnch.exe

2010-08-10 06:20 . 2001-08-18 05:37 99865 -c--a-w-

c:\windows\system32\dllcache\xlog.exe

2010-08-10 06:20 . 2001-08-17 19:11 16970 -c--a-w-

c:\windows\system32\dllcache\xem336n5.sys

2010-08-10 06:20 . 2004-08-04 05:29 19455 -c--a-w-

c:\windows\system32\dllcache\wvchntxx.sys

2010-08-10 06:20 . 2008-04-13 18:46 19200 -c--a-w-

c:\windows\system32\dllcache\wstcodec.sys

2010-08-10 06:20 . 2004-08-04 05:29 12063 -c--a-w-

c:\windows\system32\dllcache\wsiintxx.sys

2010-08-10 06:20 . 2008-04-14 00:12 8192 -c--a-w-

c:\windows\system32\dllcache\wshirda.dll

2010-08-10 06:19 . 2008-04-13 18:36 8832 -c--a-w-

c:\windows\system32\dllcache\wmiacpi.sys

2010-08-10 06:19 . 2004-08-04 05:31 154624 -c--a-w-

c:\windows\system32\dllcache\wlluc48.sys

2010-08-10 06:19 . 2001-08-17 19:12 34890 -c--a-w-

c:\windows\system32\dllcache\wlandrv2.sys

2010-08-10 06:19 . 2001-08-17 20:28 771581 -c--a-w-

c:\windows\system32\dllcache\winacisa.sys

2010-08-10 06:19 . 2001-08-18 05:36 53760 -c--a-w-

c:\windows\system32\dllcache\wiamsmud.dll

2010-08-10 06:19 . 2001-08-18 05:36 87040 -c--a-w-

c:\windows\system32\dllcache\wiafbdrv.dll

2010-08-10 06:17 . 2001-08-17 20:28 397502 -c--a-w-

c:\windows\system32\dllcache\vpctcom.sys

2010-08-10 06:17 . 2001-08-17 20:28 604253 -c--a-w-

c:\windows\system32\dllcache\vmodem.sys

2010-08-10 06:17 . 2001-08-17 19:14 249402 -c--a-w-

c:\windows\system32\dllcache\vinwm.sys

2010-08-10 06:17 . 2001-08-17 20:49 24576 -c--a-w-

c:\windows\system32\dllcache\viairda.sys

2010-08-10 06:17 . 2008-04-13 18:40 5376 -c--a-w-

c:\windows\system32\dllcache\viaide.sys

2010-08-10 06:17 . 2008-04-14 00:12 53760 -c--a-w-

c:\windows\system32\dllcache\vfwwdm32.dll

2010-08-10 06:17 . 2001-08-17 20:28 687999 -c--a-w-

c:\windows\system32\dllcache\usrwdxjs.sys

2010-08-10 06:17 . 2001-08-17 20:28 765884 -c--a-w-

c:\windows\system32\dllcache\usrti.sys

2010-08-10 06:17 . 2001-08-17 20:28 113762 -c--a-w-

c:\windows\system32\dllcache\usrpda.sys

2010-08-10 06:17 . 2001-08-17 20:28 7556 -c--a-w-

c:\windows\system32\dllcache\usroslba.sys

2010-08-10 06:17 . 2001-08-17 20:28 224802 -c--a-w-

c:\windows\system32\dllcache\usr1807a.sys

2010-08-10 06:17 . 2001-08-17 20:28 794399 -c--a-w-

c:\windows\system32\dllcache\usr1806v.sys

2010-08-10 06:17 . 2001-08-17 20:28 793598 -c--a-w-

c:\windows\system32\dllcache\usr1806.sys

2010-08-10 06:15 . 2001-08-17 20:52 36736 -c--a-w-

c:\windows\system32\dllcache\ultra.sys

2010-08-10 06:15 . 2001-08-17 20:48 11520 -c--a-w-

c:\windows\system32\dllcache\twotrack.sys

2010-08-10 06:15 . 2001-08-17 19:51 166784 -c--a-w-

c:\windows\system32\dllcache\tridxpm.sys

2010-08-10 06:15 . 2001-08-18 05:36 525568 -c--a-w-

c:\windows\system32\dllcache\tridxp.dll

2010-08-10 06:15 . 2001-08-17 19:51 159232 -c--a-w-

c:\windows\system32\dllcache\tridkbm.sys

2010-08-10 06:15 . 2001-08-17 21:56 440576 -c--a-w-

c:\windows\system32\dllcache\tridkb.dll

2010-08-10 06:15 . 2001-08-17 19:51 222336 -c--a-w-

c:\windows\system32\dllcache\trid3dm.sys

2010-08-10 06:15 . 2001-08-17 21:56 315520 -c--a-w-

c:\windows\system32\dllcache\trid3d.dll

2010-08-10 06:15 . 2001-08-17 19:12 34375 -c--a-w-

c:\windows\system32\dllcache\tpro4.sys

2010-08-10 06:15 . 2001-08-18 05:35 42496 -c--a-w-

c:\windows\system32\dllcache\tp4res.dll

2010-08-10 06:15 . 2008-04-14 00:12 82944 -c--a-w-

c:\windows\system32\dllcache\tp4mon.exe

2010-08-10 06:15 . 2001-08-18 05:36 31744 -c--a-w-

c:\windows\system32\dllcache\tp4.dll

2010-08-10 06:14 . 2001-08-17 20:51 4992 -c--a-w-

c:\windows\system32\dllcache\toside.sys

2010-08-10 06:14 . 2001-08-17 21:02 230912 -c--a-w-

c:\windows\system32\dllcache\tosdvd03.sys

2010-08-10 06:14 . 2001-08-17 21:01 241664 -c--a-w-

c:\windows\system32\dllcache\tosdvd02.sys

2010-08-10 06:14 . 2001-08-17 19:10 28232 -c--a-w-

c:\windows\system32\dllcache\tos4mo.sys

2010-08-10 06:14 . 2001-08-17 19:14 123995 -c--a-w-

c:\windows\system32\dllcache\tjisdn.sys

2010-08-10 06:14 . 2001-08-17 19:51 138528 -c--a-w-

c:\windows\system32\dllcache\tgiulnt5.sys

2010-08-10 06:14 . 2001-08-17 21:56 81408 -c--a-w-

c:\windows\system32\dllcache\tgiul50.dll

2010-08-10 06:14 . 2008-04-13 18:40 149376 -c--a-w-

c:\windows\system32\dllcache\tffsport.sys

2010-08-10 06:14 . 2001-08-17 19:13 17129 -c--a-w-

c:\windows\system32\dllcache\tdkcd31.sys

2010-08-10 06:14 . 2001-08-17 19:13 37961 -c--a-w-

c:\windows\system32\dllcache\tdk100b.sys

2010-08-10 06:14 . 2001-08-17 20:49 30464 -c--a-w-

c:\windows\system32\dllcache\tbatm155.sys

2010-08-10 06:12 . 2008-04-13 18:46 15232 -c--a-w-

c:\windows\system32\dllcache\streamip.sys

2010-08-10 06:12 . 2001-08-18 05:36 155648 -c--a-w-

c:\windows\system32\dllcache\stlnprop.dll

2010-08-10 06:12 . 2001-08-18 05:36 53248 -c--a-w-

c:\windows\system32\dllcache\stlncoin.dll

2010-08-10 06:12 . 2001-08-17 19:18 285760 -c--a-w-

c:\windows\system32\dllcache\stlnata.sys

2010-08-10 06:12 . 2001-08-17 20:51 16896 -c--a-w-

c:\windows\system32\dllcache\stcusb.sys

2010-08-10 06:12 . 2001-08-17 19:11 48736 -c--a-w-

c:\windows\system32\dllcache\srwlnd5.sys

2010-08-10 06:12 . 2001-08-18 05:36 99328 -c--a-w-

c:\windows\system32\dllcache\srusd.dll

2010-08-10 06:12 . 2001-08-18 05:36 24660 -c--a-w-

c:\windows\system32\dllcache\spxupchk.dll

2010-08-10 06:12 . 2001-08-17 20:51 61824 -c--a-w-

c:\windows\system32\dllcache\speed.sys

2010-08-10 06:12 . 2001-08-18 05:36 106584 -c--a-w-

c:\windows\system32\dllcache\spdports.dll

2010-08-10 06:12 . 2001-08-17 21:07 19072 -c--a-w-

c:\windows\system32\dllcache\sparrow.sys

2010-08-10 06:12 . 2001-08-17 20:56 7552 -c--a-w-

c:\windows\system32\dllcache\sonypvu1.sys

2010-08-10 06:11 . 2001-08-17 19:51 37040 -c--a-w-

c:\windows\system32\dllcache\sonypi.sys

2010-08-10 06:11 . 2001-08-18 05:36 114688 -c--a-w-

c:\windows\system32\dllcache\sonypi.dll

2010-08-10 06:11 . 2001-08-17 19:51 20752 -c--a-w-

c:\windows\system32\dllcache\sonync.sys

2010-08-10 06:11 . 2001-08-17 20:53 9600 -c--a-w-

c:\windows\system32\dllcache\sonymc.sys

2010-08-10 06:11 . 2008-04-13 18:40 7552 -c--a-w-

c:\windows\system32\dllcache\sonyait.sys

2010-08-10 06:11 . 2001-08-17 20:53 7040 -c--a-w-

c:\windows\system32\dllcache\snyaitmc.sys

2010-08-10 06:11 . 2001-08-17 19:51 58368 -c--a-w-

c:\windows\system32\dllcache\smiminib.sys

2010-08-10 06:11 . 2001-08-17 21:56 147200 -c--a-w-

c:\windows\system32\dllcache\smidispb.dll

2010-08-10 06:11 . 2001-08-17 19:12 25034 -c--a-w-

c:\windows\system32\dllcache\smcpwr2n.sys

2010-08-10 06:11 . 2001-08-17 19:10 35913 -c--a-w-

c:\windows\system32\dllcache\smcirda.sys

2010-08-10 06:11 . 2001-08-17 19:12 24576 -c--a-w-

c:\windows\system32\dllcache\smc8000n.sys

2010-08-10 06:09 . 2001-08-17 21:56 150144 -c--a-w-

c:\windows\system32\dllcache\sis6306v.dll

2010-08-10 06:09 . 2001-08-17 19:50 68608 -c--a-w-

c:\windows\system32\dllcache\sis6306p.sys

2010-08-10 06:09 . 2001-08-17 21:56 252032 -c--a-w-

c:\windows\system32\dllcache\sis300iv.dll

2010-08-10 06:09 . 2001-08-17 19:50 101760 -c--a-w-

c:\windows\system32\dllcache\sis300ip.sys

2010-08-10 06:09 . 2001-07-21 21:29 161568 -c--a-w-

c:\windows\system32\dllcache\sgsmusb.sys

2010-08-10 06:09 . 2001-07-21 21:29 18400 -c--a-w-

c:\windows\system32\dllcache\sgsmld.sys

2010-08-10 06:09 . 2001-08-17 19:51 98080 -c--a-w-

c:\windows\system32\dllcache\sgiulnt5.sys

2010-08-10 06:09 . 2001-08-18 05:36 386560 -c--a-w-

c:\windows\system32\dllcache\sgiul50.dll

2010-08-10 06:09 . 2001-08-17 19:19 36480 -c--a-w-

c:\windows\system32\dllcache\sfmanm.sys

2010-08-10 06:09 . 2001-08-17 20:53 6784 -c--a-w-

c:\windows\system32\dllcache\serscan.sys

2010-08-10 06:09 . 2001-08-17 20:48 17664 -c--a-w-

c:\windows\system32\dllcache\sermouse.sys

2010-08-10 06:07 . 2001-08-17 21:56 179264 -c--a-w-

c:\windows\system32\dllcache\s3sav3d.dll

2010-08-10 06:06 . 2008-04-13 18:40 79104 -c--a-w-

c:\windows\system32\dllcache\rocket.sys

2010-08-10 06:06 . 2001-08-17 19:12 37563 -c--a-w-

c:\windows\system32\dllcache\rlnet5.sys

2010-08-10 06:06 . 2001-08-18 05:36 86097 -c--a-w-

c:\windows\system32\dllcache\reslog32.dll

2010-08-10 06:06 . 2001-08-17 20:51 19584 -c--a-w-

c:\windows\system32\dllcache\rasirda.sys

2010-08-10 06:06 . 2001-08-17 20:28 714762 -c--a-w-

c:\windows\system32\dllcache\r2mdmkxx.sys

2010-08-10 06:06 . 2001-08-17 20:28 899146 -c--a-w-

c:\windows\system32\dllcache\r2mdkxga.sys

2010-08-10 06:06 . 2001-08-18 05:36 41472 -c--a-w-

c:\windows\system32\dllcache\qvusd.dll

2010-08-10 06:06 . 2001-08-17 20:53 3328 -c--a-w-

c:\windows\system32\dllcache\qv2kux.sys

2010-08-10 06:06 . 2001-08-17 20:52 49024 -c--a-w-

c:\windows\system32\dllcache\ql1280.sys

2010-08-10 06:04 . 2001-08-18 05:36 121344 -c--a-w-

c:\windows\system32\dllcache\phvfwext.dll

2010-08-10 06:03 . 2001-08-17 19:11 29769 -c--a-w-

c:\windows\system32\dllcache\pcntn5m.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report

))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-17 09:00 . 2006-12-20 19:35 10 ---h--w- c:\windows\popcinfo.dat

2010-08-09 06:53 . 2006-12-23 21:52 -------- d-----w- c:\program

files\Spybot - Search & Destroy

2010-08-04 00:38 . 2008-01-23 02:22 -------- d---a-w- c:\documents and

settings\All Users\Application Data\TEMP

2010-08-01 06:23 . 2010-04-18 00:22 -------- d-----w- c:\documents and

settings\JJ\Application Data\uTorrent

2010-07-20 03:51 . 2009-11-17 01:28 -------- d-----w- c:\program

files\Calibre2

2010-07-15 17:02 . 2009-05-24 18:15 243024 ----a-w-

c:\windows\system32\drivers\avgtdix.sys

2010-07-15 17:02 . 2010-07-15 17:02 12536 ----a-w-

c:\windows\system32\avgrsstx.dll

2010-07-15 17:01 . 2009-05-24 18:15 216400 ----a-w-

c:\windows\system32\drivers\avgldx86.sys

2010-07-07 21:58 . 2010-07-07 21:58 37376 ----a-w-

c:\windows\system32\libusb0.dll

2010-07-07 21:58 . 2010-07-07 21:58 21504 ----a-w-

c:\windows\system32\drivers\libusb0.sys

2010-06-14 14:31 . 2006-12-19 11:25 744448 ----a-w-

c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-02 17:26 . 2006-12-24 00:14 29584 ----a-w-

c:\windows\system32\drivers\avgmfx86.sys

2006-12-20 22:32 . 2006-12-20 22:32 774144 ----a-w- c:\program

files\RngInterstitial.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points

))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe"

[2010-06-18 231888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[2008-01-12 39792]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"eBook Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library

Launcher.exe" [2009-11-24 906640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows

nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 17:02 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe

Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed

Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe

Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader

Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start

Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start

Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^JJ^Start Menu^Programs^Startup^Webshots.lnk]

path=c:\documents and settings\JJ\Start Menu\Programs\Startup\Webshots.lnk

backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

2006-12-24 00:05 679936 ----a-w- c:\program files\Roxio\Easy CD Creator

5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]

2002-08-01 18:53 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2002-08-15 00:29 290816 ----a-w- c:\program files\ATI Technologies\ATI

Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2005-02-23 23:19 53248 ------w- c:\program

files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]

2002-08-22 20:11 221184 ----a-w- c:\program files\Common

Files\Dell\EUSW\Support.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2006-11-09 22:07 49263 ----a-w- c:\program

files\Java\jre1.5.0_10\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplicatio

ns\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\Li

st]

"2031:UDP"= 2031:UDP:Windows Media Format SDK (IEXPLORE.EXE)

"2030:UDP"= 2030:UDP:Windows Media Format SDK (IEXPLORE.EXE)

"2073:UDP"= 2073:UDP:Windows Media Format SDK (IEXPLORE.EXE)

"2072:UDP"= 2072:UDP:Windows Media Format SDK (IEXPLORE.EXE)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys

[5/24/2009 11:15 AM 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/24/2009

11:15 AM 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 10:01 AM

308136]

S3 Ich;Ich;c:\windows\system32\drivers\Ich.sys [12/19/2006 5:17 PM 65916]

--- Other Services/Drivers In Memory ---

*Deregistered* - pfswnx

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Open in new background tab - c:\program files\Windows Live

Toolbar\Components\en-us\msntabres.dll.mui/229?ec03dcfb912c4a04b1561713d7a64196

IE: Open in new foreground tab - c:\program files\Windows Live

Toolbar\Components\en-us\msntabres.dll.mui/230?ec03dcfb912c4a04b1561713d7a64196

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

http://www.gmer.net

Rootkit scan 2010-08-22 20:27

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pfswnx]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServe

r32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyS

tubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLi

b]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2010-08-22 20:30:05

ComboFix-quarantined-files.txt 2010-08-23 03:29

ComboFix2.txt 2010-08-19 00:46

Pre-Run: 18,840,162,304 bytes free

Post-Run: 18,836,312,064 bytes free

- - End Of File - - 14EC5655BB588F4DE97903083A55318C

DDS (Ver_10-03-17.01) - NTFSx86

Run by Dan at 20:33:39.54 on Sun 08/22/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.552 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

{17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Dan\Desktop\DDS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program

files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program

files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

files\java\jre1.5.0_10\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program

files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program

files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows

live\toolbar\wltcore.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [eBook Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library

Launcher.exe

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Open in new background tab - c:\program files\windows live

toolbar\components\en-us\msntabres.dll.mui/229?ec03dcfb912c4a04b1561713d7a64196

IE: Open in new foreground tab - c:\program files\windows live

toolbar\components\en-us\msntabres.dll.mui/230?ec03dcfb912c4a04b1561713d7a64196

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} -

c:\program files\java\jre1.5.0_10\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -

c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} -

hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -

hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {62789780-B744-11D0-986B-00609731A21D} -

hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166593

849496

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -

hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -

hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} -

hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

hxxp://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} -

hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program

files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys

[2009-5-24 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver

x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-23 29584]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-24

243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-21 54752]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family

safety\fsssvc.exe [2009-8-5 704864]

S3 Ich;Ich;c:\windows\system32\drivers\Ich.sys [2006-12-19 65916]

=============== Created Last 30 ================

2010-08-19 00:05:10 4224 -c--a-w- c:\windows\system32\dllcache\rdpcdd.sys

2010-08-19 00:05:10 4224 ----a-w- c:\windows\system32\drivers\RDPCDD.sys

2010-08-19 00:01:43 0 d-sha-r- C:\cmdcons

2010-08-18 23:56:18 77312 ----a-w- c:\windows\MBR.exe

2010-08-18 23:56:17 98816 ----a-w- c:\windows\sed.exe

2010-08-18 23:56:17 256512 ----a-w- c:\windows\PEV.exe

2010-08-18 23:56:17 161792 ----a-w- c:\windows\SWREG.exe

2010-08-18 03:38:19 0 ----a-w- c:\documents and

settings\dan\defogger_reenable

2010-08-15 21:10:06 0 d-sh--w- c:\documents and settings\dan\PrivacIE

2010-08-15 20:57:33 0 d-----w- c:\program files\Trend Micro

2010-08-14 06:06:10 0 d-----w- c:\docume~1\dan\applic~1\Malwarebytes

2010-08-14 06:05:53 38224 ----a-w-

c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-14 06:05:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-08-14 06:05:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-14 06:05:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-14 06:03:22 0 d-sh--w- c:\documents and settings\dan\IETldCache

2010-08-10 06:51:46 0 dc-h--w- c:\windows\ie8

2010-08-10 06:20:44 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-08-10 06:20:39 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-08-10 06:20:38 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-08-10 06:20:33 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-08-10 06:20:29 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-08-10 06:20:22 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2010-08-10 06:20:13 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-08-10 06:20:11 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-08-10 06:20:05 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys

2010-08-10 06:20:03 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-08-10 06:20:01 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2010-08-10 06:19:35 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2010-08-10 06:19:30 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2010-08-10 06:19:25 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2010-08-10 06:19:11 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2010-08-10 06:19:05 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll

2010-08-10 06:19:00 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2010-08-10 06:17:59 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys

2010-08-10 06:17:53 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys

2010-08-10 06:17:47 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2010-08-10 06:17:43 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2010-08-10 06:17:41 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys

2010-08-10 06:17:38 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2010-08-10 06:17:31 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2010-08-10 06:17:26 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2010-08-10 06:17:21 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2010-08-10 06:17:17 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2010-08-10 06:17:12 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2010-08-10 06:17:08 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys

2010-08-10 06:17:03 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2010-08-10 06:15:56 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys

2010-08-10 06:15:49 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2010-08-10 06:15:38 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2010-08-10 06:15:34 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll

2010-08-10 06:15:30 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys

2010-08-10 06:15:26 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll

2010-08-10 06:15:22 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys

2010-08-10 06:15:17 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll

2010-08-10 06:15:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys

2010-08-10 06:15:08 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll

2010-08-10 06:15:07 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe

2010-08-10 06:15:02 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll

2010-08-10 06:14:57 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys

2010-08-10 06:14:53 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys

2010-08-10 06:14:48 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys

2010-08-10 06:14:43 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys

2010-08-10 06:14:38 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys

2010-08-10 06:14:28 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2010-08-10 06:14:24 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll

2010-08-10 06:14:22 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys

2010-08-10 06:14:16 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2010-08-10 06:14:12 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2010-08-10 06:14:01 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys

2010-08-10 06:12:59 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys

2010-08-10 06:12:55 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2010-08-10 06:12:51 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2010-08-10 06:12:47 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2010-08-10 06:12:42 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2010-08-10 06:12:36 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2010-08-10 06:12:32 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2010-08-10 06:12:22 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2010-08-10 06:12:16 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys

2010-08-10 06:12:12 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll

2010-08-10 06:12:08 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys

2010-08-10 06:12:03 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys

2010-08-10 06:11:59 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys

2010-08-10 06:11:55 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll

2010-08-10 06:11:52 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys

2010-08-10 06:11:46 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys

2010-08-10 06:11:45 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys

2010-08-10 06:11:39 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys

2010-08-10 06:11:25 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys

2010-08-10 06:11:17 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll

2010-08-10 06:11:13 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys

2010-08-10 06:11:08 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys

2010-08-10 06:11:05 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys

2010-08-10 06:09:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll

2010-08-10 06:09:53 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys

2010-08-10 06:09:48 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2010-08-10 06:09:44 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys

2010-08-10 06:09:28 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2010-08-10 06:09:24 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2010-08-10 06:09:20 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2010-08-10 06:09:16 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

2010-08-10 06:09:12 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys

2010-08-10 06:09:05 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2010-08-10 06:09:02 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys

2010-08-10 06:07:59 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll

2010-08-10 06:06:57 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys

2010-08-10 06:06:52 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys

2010-08-10 06:06:47 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll

2010-08-10 06:06:30 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys

2010-08-10 06:06:24 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2010-08-10 06:06:21 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys

2010-08-10 06:06:16 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll

2010-08-10 06:06:12 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys

2010-08-10 06:06:02 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys

2010-08-10 06:04:46 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll

2010-08-10 06:03:58 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys

2010-08-10 06:02:58 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys

2010-08-10 06:02:55 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys

2010-08-10 06:02:51 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys

2010-08-10 06:02:47 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys

2010-08-10 06:02:44 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys

2010-08-10 06:02:39 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys

2010-08-10 06:02:29 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys

2010-08-10 06:02:24 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll

2010-08-10 06:02:15 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys

2010-08-10 06:02:07 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys

2010-08-10 06:02:03 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys

2010-08-10 06:02:02 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys

2010-08-10 06:00:58 128000 -c--a-w- c:\windows\system32\dllcache\n100325.sys

2010-08-10 06:00:54 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys

2010-08-10 06:00:51 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys

2010-08-10 06:00:47 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll

2010-08-10 06:00:44 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys

2010-08-10 06:00:40 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll

2010-08-10 06:00:36 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys

2010-08-10 06:00:28 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys

2010-08-10 06:00:17 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys

2010-08-10 06:00:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys

2010-08-10 06:00:09 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys

2010-08-10 05:59:59 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2010-08-10 05:59:57 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys

2010-08-10 05:59:41 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys

2010-08-10 05:59:37 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys

2010-08-10 05:59:36 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax

2010-08-10 05:59:36 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys

2010-08-10 05:59:26 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys

2010-08-10 05:59:23 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2010-08-10 05:59:15 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys

2010-08-10 05:59:07 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys

2010-08-10 05:59:01 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys

2010-08-10 05:57:58 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys

2010-08-10 05:56:41 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll

2010-08-10 05:56:38 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll

2010-08-10 05:56:34 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll

2010-08-10 05:56:30 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll

2010-08-10 05:56:18 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys

2010-08-10 05:56:15 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys

2010-08-10 05:56:14 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2010-08-10 05:56:11 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys

2010-08-10 05:56:10 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe

2010-08-10 05:56:09 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys

2010-08-10 05:56:06 16384 -c--a-w- c:\windows\system32\dllcache\ipsink.ax

2010-08-10 05:56:01 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys

2010-08-10 05:55:57 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll

2010-08-10 05:55:54 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys

2010-08-10 05:55:50 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys

2010-08-10 05:55:47 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys

2010-08-10 05:55:17 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll

2010-08-10 05:55:13 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys

2010-08-10 05:55:10 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll

2010-08-10 05:55:07 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll

2010-08-10 05:55:04 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys

2010-08-10 05:55:01 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll

2010-08-10 05:53:58 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys

2010-08-10 05:52:57 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll

2010-08-10 05:51:59 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys

2010-08-10 05:50:58 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys

2010-08-10 05:49:58 61952 -c--a-w- c:\windows\system32\dllcache\eqnloop.exe

2010-08-10 05:48:57 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax

2010-08-10 05:47:59 131156 -c--a-w- c:\windows\system32\dllcache\digidbp.dll

2010-08-10 05:46:59 249856 -c--a-w- c:\windows\system32\dllcache\ctmasetp.dll

2010-08-10 05:45:58 7680 -c--a-w- c:\windows\system32\dllcache\cd20xrnt.sys

2010-08-10 05:44:57 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2010-08-10 05:43:59 281600 -c--a-w- c:\windows\system32\dllcache\atimtai.sys

2010-08-10 05:39:14 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys

2010-08-10 05:38:59 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys

2010-08-10 05:38:05 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-08-09 16:18:31 783872 ----a-w- c:\windows\system32\drivers\pfswnx.sys

2010-08-09 08:15:07 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-31 01:09:16 0 d-----w- c:\program files\Borders Desktop

==================== Find3M ====================

2010-07-15 17:02:04 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-15 17:02:02 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 17:01:53 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-07 21:58:06 37376 ----a-w- c:\windows\system32\libusb0.dll

2010-07-07 21:58:06 21504 ----a-w- c:\windows\system32\drivers\libusb0.sys

2006-12-20 22:32:29 774144 ----a-w- c:\program files\RngInterstitial.dll

============= FINISH: 20:34:00.84 ===============

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=e35c507ec225424d910823344ec485f1

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-08-23 05:01:22

# local_time=2010-08-22 10:01:22 (-0700, US Mountain Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 543064 543064 0 0

# compatibility_mode=1024 16777191 100 0 23875449 23875449 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=136246

# found=6

# cleaned=6

# scan_time=4369

C:\Documents and Settings\All Users\Application Data\Spybot - Search &

Destroy\Recovery\AdRotator1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined)

00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\kbdclass.sys.vir Win32/Olmarik.ZC

trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume

Information\_restore{4637009A-11CB-4D76-8634-03F273DD3624}\RP1081\A0089890.exe a variant of

Win32/Injector.CPC trojan (cleaned by deleting - quarantined)

00000000000000000000000000000000 C

C:\System Volume

Information\_restore{4637009A-11CB-4D76-8634-03F273DD3624}\RP1083\A0092342.exe

Win32/Adware.Lifze.O application (deleted - quarantined)

00000000000000000000000000000000 C

C:\System Volume

Information\_restore{4637009A-11CB-4D76-8634-03F273DD3624}\RP1083\A0092344.exe

Win32/Adware.Lifze.O application (deleted - quarantined)

00000000000000000000000000000000 C

C:\System Volume

Information\_restore{4637009A-11CB-4D76-8634-03F273DD3624}\RP1090\A0093038.sys

Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG Free 9.0

ESET Online Scanner v3

OneCare Advisor (Windows Live Toolbar)

```````````````````````````````

Anti-malware/Other Utilities Check:

Out of date Spybot installed!

Malwarebytes' Anti-Malware

Adobe Flash Player

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

Could you please grab a fresh copy of ComboFix, run it and post its log. Ensure that Word Wrap in Notepad is off before proceeding.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Restart your computer.

Get the latest version of Adobe Reader. Also uninstall your version of Spybot since it's out of date. If you want to keep using it, download the latest version..

Link to post
Share on other sites

Here is the COMBOFIX log as requested.

SPYBOT and ADOBE have been deleted. There were actually 2 versions of SPYBOT installed, 1.4 and 1.6.2, which I believe is the current version.

I have deleted both.

The computer has been running very well the last few days. There has been no symptom of infection. The only thing noticed out of

place is that the "NUM LOCK" light comes on at boot. However, the keys function normally.

Dan

ComboFix 10-08-24.0C - Dan 08/25/2010 21:43:47.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.608 [GMT -7:00]

Running from: c:\documents and settings\Dan\Desktop\COMBOFIX\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))

.

2010-08-23 08:59 . 2010-08-23 08:59 -------- d-----w- c:\windows\ie8updates

2010-08-23 07:48 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-08-23 07:48 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-08-23 07:48 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-08-23 03:41 . 2010-08-23 03:41 -------- d-----w- c:\program files\ESET

2010-08-19 00:05 . 2004-08-04 10:00 4224 -c--a-w- c:\windows\system32\dllcache\rdpcdd.sys

2010-08-19 00:05 . 2004-08-04 10:00 4224 ----a-w- c:\windows\system32\drivers\RDPCDD.sys

2010-08-16 07:40 . 2010-08-16 07:40 -------- d-sh--w- c:\documents and settings\JJ\IECompatCache

2010-08-16 06:16 . 2010-08-16 06:16 -------- d-----w- c:\documents and settings\JJ\Application Data\Malwarebytes

2010-08-15 21:10 . 2010-08-15 21:10 -------- d-sh--w- c:\documents and settings\Dan\PrivacIE

2010-08-15 20:57 . 2010-08-15 20:57 388096 ----a-r- c:\documents and settings\Dan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-15 20:57 . 2010-08-15 20:57 -------- d-----w- c:\program files\Trend Micro

2010-08-14 16:06 . 2010-08-14 16:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-08-14 06:06 . 2010-08-14 06:06 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes

2010-08-14 06:05 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-14 06:05 . 2010-08-14 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-14 06:05 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-14 06:05 . 2010-08-14 06:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-14 06:03 . 2010-08-14 06:03 -------- d-sh--w- c:\documents and settings\Dan\IETldCache

2010-08-12 20:29 . 2010-08-12 20:29 -------- d-----w- c:\documents and settings\Administrator\Calibre Library

2010-08-12 20:29 . 2010-08-12 20:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\calibre

2010-08-12 19:10 . 2010-08-12 19:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2010-08-12 05:04 . 2010-08-12 05:04 -------- d-----w- c:\documents and settings\Administrator\log

2010-08-11 17:50 . 2010-08-11 19:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent

2010-08-10 21:18 . 2010-08-10 21:18 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2010-08-10 11:48 . 2010-08-10 11:48 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-08-10 09:01 . 2010-08-10 09:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-08-10 07:08 . 2010-08-10 07:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-08-10 07:06 . 2010-08-10 07:06 -------- d-sh--w- c:\documents and settings\JJ\PrivacIE

2010-08-10 06:59 . 2010-08-10 06:59 -------- d-sh--w- c:\documents and settings\JJ\IETldCache

2010-08-10 06:51 . 2010-08-10 06:54 -------- dc-h--w- c:\windows\ie8

2010-08-10 06:20 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-08-10 06:20 . 2001-08-18 05:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-08-10 06:20 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-08-10 06:20 . 2001-08-18 05:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-08-10 06:20 . 2001-08-18 05:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-08-10 06:20 . 2001-08-18 05:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2010-08-10 06:20 . 2001-08-17 19:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-08-10 06:20 . 2004-08-04 05:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-08-10 06:20 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys

2010-08-10 06:20 . 2004-08-04 05:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-08-10 06:20 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2010-08-10 06:19 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2010-08-10 06:19 . 2004-08-04 05:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2010-08-10 06:19 . 2001-08-17 19:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2010-08-10 06:19 . 2001-08-17 20:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2010-08-10 06:19 . 2001-08-18 05:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll

2010-08-10 06:19 . 2001-08-18 05:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2010-08-10 06:17 . 2001-08-17 20:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys

2010-08-10 06:17 . 2001-08-17 20:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys

2010-08-10 06:17 . 2001-08-17 19:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2010-08-10 06:17 . 2001-08-17 20:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2010-08-10 06:17 . 2008-04-13 18:40 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys

2010-08-10 06:17 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2010-08-10 06:17 . 2001-08-17 20:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2010-08-10 06:17 . 2001-08-17 20:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2010-08-10 06:17 . 2001-08-17 20:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2010-08-10 06:17 . 2001-08-17 20:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2010-08-10 06:17 . 2001-08-17 20:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2010-08-10 06:17 . 2001-08-17 20:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys

2010-08-10 06:17 . 2001-08-17 20:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2010-08-10 06:15 . 2001-08-17 20:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys

2010-08-10 06:15 . 2001-08-17 20:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2010-08-10 06:15 . 2001-08-17 19:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2010-08-10 06:15 . 2001-08-18 05:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll

2010-08-10 06:15 . 2001-08-17 19:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys

2010-08-10 06:15 . 2001-08-17 21:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll

2010-08-10 06:15 . 2001-08-17 19:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys

2010-08-10 06:15 . 2001-08-17 21:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll

2010-08-10 06:15 . 2001-08-17 19:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys

2010-08-10 06:15 . 2001-08-18 05:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll

2010-08-10 06:15 . 2008-04-14 00:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe

2010-08-10 06:15 . 2001-08-18 05:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll

2010-08-10 06:14 . 2001-08-17 20:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys

2010-08-10 06:14 . 2001-08-17 21:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys

2010-08-10 06:14 . 2001-08-17 21:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys

2010-08-10 06:14 . 2001-08-17 19:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys

2010-08-10 06:14 . 2001-08-17 19:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys

2010-08-10 06:14 . 2001-08-17 19:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2010-08-10 06:14 . 2001-08-17 21:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll

2010-08-10 06:14 . 2008-04-13 18:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys

2010-08-10 06:14 . 2001-08-17 19:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2010-08-10 06:14 . 2001-08-17 19:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2010-08-10 06:14 . 2001-08-17 20:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys

2010-08-10 06:12 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys

2010-08-10 06:12 . 2001-08-18 05:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2010-08-10 06:12 . 2001-08-18 05:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2010-08-10 06:12 . 2001-08-17 19:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2010-08-10 06:12 . 2001-08-17 20:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2010-08-10 06:12 . 2001-08-17 19:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2010-08-10 06:12 . 2001-08-18 05:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2010-08-10 06:12 . 2001-08-18 05:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2010-08-10 06:12 . 2001-08-17 20:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys

2010-08-10 06:12 . 2001-08-18 05:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll

2010-08-10 06:12 . 2001-08-17 21:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys

2010-08-10 06:12 . 2001-08-17 20:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys

2010-08-10 06:11 . 2001-08-17 19:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys

2010-08-10 06:11 . 2001-08-18 05:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll

2010-08-10 06:11 . 2001-08-17 19:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys

2010-08-10 06:11 . 2001-08-17 20:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys

2010-08-10 06:11 . 2008-04-13 18:40 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys

2010-08-10 06:11 . 2001-08-17 20:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys

2010-08-10 06:11 . 2001-08-17 19:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys

2010-08-10 06:11 . 2001-08-17 21:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll

2010-08-10 06:11 . 2001-08-17 19:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys

2010-08-10 06:11 . 2001-08-17 19:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys

2010-08-10 06:11 . 2001-08-17 19:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys

2010-08-10 06:09 . 2001-08-17 21:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll

2010-08-10 06:09 . 2001-08-17 19:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys

2010-08-10 06:09 . 2001-08-17 21:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2010-08-10 06:09 . 2001-08-17 19:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys

2010-08-10 06:09 . 2001-07-21 21:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2010-08-10 06:09 . 2001-07-21 21:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2010-08-10 06:09 . 2001-08-17 19:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2010-08-10 06:09 . 2001-08-18 05:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

2010-08-10 06:09 . 2001-08-17 19:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys

2010-08-10 06:09 . 2001-08-17 20:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2010-08-10 06:09 . 2001-08-17 20:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys

2010-08-10 06:07 . 2001-08-17 21:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll

2010-08-10 06:06 . 2008-04-13 18:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys

2010-08-10 06:06 . 2001-08-17 19:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys

2010-08-10 06:06 . 2001-08-18 05:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll

2010-08-10 06:06 . 2001-08-17 20:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys

2010-08-10 06:06 . 2001-08-17 20:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2010-08-10 06:06 . 2001-08-17 20:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-26 03:54 . 2006-12-23 21:52 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-08-26 03:54 . 2006-12-23 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-08-25 07:33 . 2006-12-20 19:35 10 ---h--w- c:\windows\popcinfo.dat

2010-08-04 00:38 . 2008-01-23 02:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-08-01 06:23 . 2010-04-18 00:22 -------- d-----w- c:\documents and settings\JJ\Application Data\uTorrent

2010-07-20 03:51 . 2009-11-17 01:28 -------- d-----w- c:\program files\Calibre2

2010-07-15 17:02 . 2009-05-24 18:15 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-15 17:02 . 2010-07-15 17:02 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 17:01 . 2009-05-24 18:15 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-07 21:58 . 2010-07-07 21:58 37376 ----a-w- c:\windows\system32\libusb0.dll

2010-07-07 21:58 . 2010-07-07 21:58 21504 ----a-w- c:\windows\system32\drivers\libusb0.sys

2010-06-30 12:31 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-08-04 10:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-04 10:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-04 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2006-12-19 11:25 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-02 17:26 . 2006-12-24 00:14 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2006-12-20 22:32 . 2006-12-20 22:32 774144 ----a-w- c:\program files\RngInterstitial.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-08-23_03.26.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 10:00 . 2010-08-23 09:10 71904 c:\windows\system32\perfc009.dat

- 2007-08-14 01:54 . 2009-03-08 11:31 55296 c:\windows\system32\msfeedsbs.dll

+ 2007-08-14 01:54 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll

- 2004-08-04 10:00 . 2009-03-08 11:33 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-04 10:00 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll

+ 2008-11-09 21:14 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2008-11-09 21:14 . 2009-03-08 11:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2004-08-04 10:00 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2004-08-04 10:00 . 2009-03-08 11:33 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2006-12-20 00:39 . 2010-07-14 06:28 90112 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe

+ 2006-12-20 00:39 . 2010-08-23 09:11 90112 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe

+ 2006-12-20 00:39 . 2010-08-23 09:11 45056 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe

- 2006-12-20 00:39 . 2010-07-14 06:28 45056 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe

+ 2006-12-20 00:39 . 2010-08-23 09:11 22528 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe

- 2006-12-20 00:39 . 2010-07-14 06:28 22528 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe

+ 2006-12-20 00:39 . 2010-08-23 09:11 12800 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe

- 2006-12-20 00:39 . 2010-07-14 06:28 12800 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe

+ 2006-12-20 00:39 . 2010-08-23 09:11 16384 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe

- 2006-12-20 00:39 . 2010-07-14 06:28 16384 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe

- 2006-12-20 00:39 . 2010-07-14 06:28 34304 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe

+ 2006-12-20 00:39 . 2010-08-23 09:11 34304 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe

- 2010-06-12 01:42 . 2010-06-12 01:42 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2010-08-23 08:59 . 2010-08-23 08:59 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2010-08-23 09:05 . 2009-03-08 11:33 12288 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll

+ 2010-08-23 09:05 . 2009-03-08 11:31 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll

+ 2010-08-23 09:05 . 2009-03-08 11:33 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll

+ 2010-08-23 18:56 . 2010-08-23 18:56 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\dd5ce29ac227f3d0fd81b84621a57477\WindowsLiveWriter.ni.exe

+ 2010-08-23 18:57 . 2010-08-23 18:57 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\67a565eaa748e11f0953953cbdcd4e72\WindowsLive.Writer.Api.ni.dll

+ 2010-08-23 14:03 . 2010-08-23 14:03 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll

+ 2010-08-23 13:59 . 2010-08-23 13:59 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe

+ 2010-08-23 09:12 . 2010-08-23 09:12 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe

+ 2010-08-23 18:55 . 2010-08-23 18:55 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2010-06-23 08:20 . 2010-06-23 08:20 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2006-12-20 00:39 . 2010-07-14 06:28 3584 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe

+ 2006-12-20 00:39 . 2010-08-23 09:11 3584 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe

+ 2006-12-20 00:39 . 2010-08-23 09:11 8192 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe

- 2006-12-20 00:39 . 2010-07-14 06:28 8192 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe

+ 2006-12-20 00:39 . 2010-08-23 09:11 2560 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe

- 2006-12-20 00:39 . 2010-07-14 06:28 2560 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe

+ 2010-08-23 09:09 . 2010-08-23 09:09 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2010-06-23 08:21 . 2010-06-23 08:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2004-08-04 10:00 . 2009-03-08 11:33 420352 c:\windows\system32\vbscript.dll

+ 2004-08-04 10:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll

+ 2004-08-04 10:00 . 2010-08-23 09:10 442118 c:\windows\system32\perfh009.dat

+ 2004-08-04 10:00 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll

+ 2006-03-04 03:33 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll

- 2006-03-04 03:33 . 2009-03-08 11:32 611840 c:\windows\system32\mstime.dll

+ 2007-08-14 01:54 . 2010-06-24 12:21 599040 c:\windows\system32\msfeeds.dll

- 2004-08-04 10:00 . 2009-03-08 11:33 726528 c:\windows\system32\jscript.dll

+ 2004-08-04 10:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll

+ 2006-03-04 03:33 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll

+ 2004-08-04 10:00 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 10:00 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe

- 2004-08-04 10:00 . 2009-03-08 11:32 173056 c:\windows\system32\ie4uinit.exe

+ 2004-01-11 00:56 . 2010-08-23 13:58 271784 c:\windows\system32\FNTCACHE.DAT

- 2004-01-11 00:56 . 2010-08-10 11:41 271784 c:\windows\system32\FNTCACHE.DAT

- 2010-08-09 16:18 . 2010-08-23 03:27 783872 c:\windows\system32\drivers\pfswnx.sys

+ 2010-08-09 16:18 . 2010-08-26 04:54 783872 c:\windows\system32\drivers\pfswnx.sys

+ 2006-03-04 03:33 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll

- 2004-08-04 10:00 . 2009-03-08 11:33 420352 c:\windows\system32\dllcache\vbscript.dll

+ 2004-08-04 10:00 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll

+ 2004-08-04 10:00 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys

+ 2004-08-04 10:00 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll

+ 2004-08-04 10:00 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll

- 2006-03-04 03:33 . 2009-03-08 11:32 611840 c:\windows\system32\dllcache\mstime.dll

+ 2006-03-04 03:33 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll

+ 2008-11-09 21:14 . 2010-06-24 12:21 599040 c:\windows\system32\dllcache\msfeeds.dll

- 2004-08-04 10:00 . 2009-03-08 11:33 726528 c:\windows\system32\dllcache\jscript.dll

+ 2004-08-04 10:00 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll

+ 2006-03-04 03:33 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2004-08-04 10:00 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2004-08-04 10:00 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe

- 2004-08-04 10:00 . 2009-03-08 11:32 173056 c:\windows\system32\dllcache\ie4uinit.exe

+ 2010-05-11 13:40 . 2010-05-11 13:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2010-05-11 13:40 . 2010-05-11 13:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2009-08-08 06:51 . 2009-08-08 06:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2006-12-20 00:39 . 2010-07-14 06:28 114688 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe

+ 2006-12-20 00:39 . 2010-08-23 09:11 114688 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe

+ 2006-12-20 00:39 . 2010-08-23 09:11 155702 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe

- 2006-12-20 00:39 . 2010-07-14 06:28 155702 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe

+ 2010-08-23 08:59 . 2009-03-08 11:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll

+ 2010-08-23 08:59 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll

+ 2010-08-23 08:59 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe

+ 2010-08-23 09:12 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll

+ 2010-08-23 09:12 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe

+ 2010-08-23 09:12 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll

+ 2010-08-23 08:59 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll

+ 2010-08-23 08:59 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe

+ 2010-08-23 08:59 . 2009-03-08 11:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll

+ 2010-08-23 09:05 . 2009-03-08 11:34 914944 c:\windows\ie8updates\KB2183461-IE8\wininet.dll

+ 2010-08-23 09:05 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll

+ 2010-08-23 09:05 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe

+ 2010-08-23 09:05 . 2009-03-08 11:34 109568 c:\windows\ie8updates\KB2183461-IE8\occache.dll

+ 2010-08-23 09:05 . 2009-03-08 11:32 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll

+ 2010-08-23 09:05 . 2009-03-08 11:32 594432 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll

+ 2010-08-23 09:05 . 2009-03-08 11:33 246784 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll

+ 2010-08-23 09:05 . 2009-03-08 11:31 183808 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll

+ 2010-08-23 09:05 . 2009-03-08 11:35 742912 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll

+ 2010-08-23 09:05 . 2009-03-08 21:09 391536 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll

+ 2010-08-23 09:05 . 2009-03-08 11:32 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe

+ 2010-08-23 18:58 . 2010-08-23 18:58 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe

+ 2010-08-23 18:57 . 2010-08-23 18:57 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\556ae36dd8238b6157bc1e8a7cccd550\WindowsLiveLocal.WriterPlugin.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f06626ccee27150b618f6ff8e4b83dba\WindowsLive.Writer.Extensibility.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e0e45d40fad4c1b13c93dbd1268410f3\WindowsLive.Writer.Passport.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\df15c0083bdfbbe4b1c7e83034ecd5f6\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c46d84073499887c745801bda334c97f\WindowsLive.Writer.Interop.SHDocVw.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b2d5a953edeb3357a489c44f9f9000b2\WindowsLive.Writer.HtmlParser.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8f73472385b353ebd6010d02ad42b2b6\WindowsLive.Writer.SpellChecker.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\84c1ee11d86bed17949850c394f4581c\WindowsLive.Writer.BlogClient.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56faab9a03f8863e76f75d8b6c70185b\WindowsLive.Writer.Localization.ni.dll

+ 2010-08-23 18:56 . 2010-08-23 18:56 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4844cd1fac89240407ab5e2a4fe9c518\WindowsLive.Writer.BrowserControl.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\482300ac4d48e5c77dc319ec489e6bfc\WindowsLive.Writer.Interop.Mshtml.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\436529704b6c85b97f68a5489dc82ab2\WindowsLive.Writer.FileDestinations.ni.dll

+ 2010-08-23 18:56 . 2010-08-23 18:56 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3dce78aa75f081de7ad7cd480e64167a\WindowsLive.Writer.Interop.ni.dll

+ 2010-08-23 18:56 . 2010-08-23 18:56 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1931e1807dc35a71bda7ce8b517c84ef\WindowsLive.Writer.Controls.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\18a657bcf90f1a3340e7e33ea4dad4c9\WindowsLive.Writer.Mshtml.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\088f2a6fd9107021e9b80ecc5c832334\WindowsLive.Writer.Instrumentation.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\4db92179406aa5a642aca6165defa8fe\WindowsLive.Client.ni.dll

+ 2010-08-23 14:03 . 2010-08-23 14:03 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll

+ 2010-08-23 14:03 . 2010-08-23 14:03 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll

+ 2010-08-23 14:03 . 2010-08-23 14:03 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll

+ 2010-08-23 19:01 . 2010-08-23 19:01 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll

+ 2010-08-23 18:56 . 2010-08-23 18:56 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll

+ 2010-08-23 18:56 . 2010-08-23 18:56 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3de39eb60b9d32af46f32f6c7a88fc7f\System.Runtime.Remoting.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll

+ 2010-08-23 18:59 . 2010-08-23 18:59 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll

+ 2010-08-23 18:59 . 2010-08-23 18:59 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll

+ 2010-08-23 18:55 . 2010-08-23 18:55 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll

+ 2010-08-23 18:55 . 2010-08-23 18:55 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll

+ 2010-08-23 14:02 . 2010-08-23 14:02 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll

+ 2010-08-23 18:59 . 2010-08-23 18:59 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll

+ 2010-08-23 18:59 . 2010-08-23 18:59 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll

+ 2010-08-23 18:59 . 2010-08-23 18:59 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll

+ 2010-08-23 18:59 . 2010-08-23 18:59 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll

+ 2010-08-23 18:56 . 2010-08-23 18:56 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe

+ 2010-08-23 18:58 . 2010-08-23 18:58 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe

+ 2010-08-23 14:00 . 2010-08-23 14:00 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll

+ 2010-08-23 14:00 . 2010-08-23 14:00 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll

+ 2010-08-23 14:00 . 2010-08-23 14:00 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll

+ 2010-08-23 14:00 . 2010-08-23 14:00 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe

+ 2010-08-23 18:57 . 2010-08-23 18:57 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe

+ 2010-08-23 18:55 . 2010-08-23 18:55 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2010-06-23 08:20 . 2010-06-23 08:20 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2010-06-23 08:20 . 2010-06-23 08:20 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2006-03-18 11:09 . 2010-06-24 12:22 1210368 c:\windows\system32\urlmon.dll

- 2005-03-30 01:23 . 2010-02-17 16:10 2189952 c:\windows\system32\ntoskrnl.exe

+ 2005-03-30 01:23 . 2010-04-28 02:25 2189952 c:\windows\system32\ntoskrnl.exe

- 2005-03-30 01:01 . 2010-02-16 13:25 2066816 c:\windows\system32\ntkrnlpa.exe

+ 2005-03-30 01:01 . 2010-04-27 13:05 2066816 c:\windows\system32\ntkrnlpa.exe

+ 2006-03-23 17:32 . 2010-06-24 12:22 5951488 c:\windows\system32\mshtml.dll

+ 2007-08-14 01:34 . 2010-06-24 12:21 1986560 c:\windows\system32\iertutil.dll

+ 2004-08-04 10:00 . 2010-06-23 13:44 1851904 c:\windows\system32\dllcache\win32k.sys

+ 2006-03-18 11:09 . 2010-06-24 12:22 1210368 c:\windows\system32\dllcache\urlmon.dll

- 2005-03-30 01:23 . 2010-02-17 16:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2005-03-30 01:23 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe

- 2008-10-14 17:39 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2008-10-14 17:39 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe

- 2005-03-30 01:01 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2005-03-30 01:01 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe

- 2008-10-14 17:39 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2008-10-14 17:39 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2004-08-04 10:00 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll

- 2004-08-04 10:00 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll

+ 2006-03-23 17:32 . 2010-06-24 12:22 5951488 c:\windows\system32\dllcache\mshtml.dll

+ 2006-12-19 11:25 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe

- 2006-12-19 11:25 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe

+ 2008-11-09 21:14 . 2010-06-24 12:21 1986560 c:\windows\system32\dllcache\iertutil.dll

- 2009-08-08 06:51 . 2009-08-08 06:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2010-05-11 13:40 . 2010-05-11 13:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2010-05-11 13:40 . 2010-05-11 13:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2010-06-29 23:01 . 2010-06-29 23:01 8404992 c:\windows\Installer\4c40bd.msp

+ 2010-07-11 03:14 . 2010-07-11 03:14 2850816 c:\windows\Installer\4c408d.msp

+ 2010-08-23 09:05 . 2009-03-08 11:34 1206784 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll

+ 2010-08-23 09:05 . 2009-03-08 11:41 5937152 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll

+ 2010-08-23 09:05 . 2009-03-08 11:32 1985024 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll

- 2008-10-14 17:39 . 2010-02-17 16:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2008-10-14 17:39 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2008-10-14 17:39 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2008-10-14 17:39 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2008-10-14 17:39 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2008-10-14 17:39 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe

- 2008-10-14 17:39 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2008-10-14 17:39 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2010-08-23 18:57 . 2010-08-23 18:57 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ba732eb3a84c96e8bf60495395efbfac\WindowsLive.Writer.ApplicationFramework.ni.dll

+ 2010-08-23 18:56 . 2010-08-23 18:56 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aacec1e49b5cc0e8369ff555abd4b922\WindowsLive.Writer.CoreServices.ni.dll

+ 2010-08-23 18:56 . 2010-08-23 18:56 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\87825e26c8a5fd4e559b5e8d58faec21\WindowsLive.Writer.PostEditor.ni.dll

+ 2010-08-23 09:12 . 2010-08-23 09:12 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll

+ 2010-08-23 14:03 . 2010-08-23 14:03 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll

+ 2010-08-23 09:11 . 2010-08-23 09:11 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll

+ 2010-08-23 14:03 . 2010-08-23 14:03 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll

+ 2010-08-23 19:01 . 2010-08-23 19:01 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll

+ 2010-08-23 19:01 . 2010-08-23 19:01 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll

+ 2010-08-23 14:02 . 2010-08-23 14:02 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll

+ 2010-08-23 18:55 . 2010-08-23 18:55 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll

+ 2010-08-23 14:02 . 2010-08-23 14:02 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll

+ 2010-08-23 18:55 . 2010-08-23 18:55 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll

+ 2010-08-23 14:02 . 2010-08-23 14:02 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll

+ 2010-08-23 18:56 . 2010-08-23 18:56 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll

+ 2010-08-23 14:01 . 2010-08-23 14:01 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll

+ 2010-08-23 18:56 . 2010-08-23 18:56 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll

+ 2010-08-23 18:59 . 2010-08-23 18:59 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll

+ 2010-08-23 14:01 . 2010-08-23 14:01 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll

+ 2010-08-23 18:59 . 2010-08-23 18:59 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll

+ 2010-08-23 14:00 . 2010-08-23 14:00 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll

+ 2010-08-23 14:00 . 2010-08-23 14:00 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll

+ 2010-08-23 14:00 . 2010-08-23 14:00 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll

+ 2010-08-23 09:11 . 2010-08-23 09:11 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll

+ 2010-08-23 19:00 . 2010-08-23 19:00 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2010-08-23 18:58 . 2010-08-23 18:58 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2010-06-23 08:20 . 2010-06-23 08:20 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2010-06-23 08:20 . 2010-06-23 08:20 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2010-06-23 08:20 . 2010-06-23 08:20 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-08-23 09:08 . 2010-08-23 09:08 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2010-06-23 08:21 . 2010-06-23 08:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2010-08-23 09:09 . 2010-08-23 09:09 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2006-12-20 06:21 . 2010-08-03 18:09 35962312 c:\windows\system32\MRT.exe

+ 2007-08-14 01:54 . 2010-06-25 00:51 11077120 c:\windows\system32\ieframe.dll

+ 2008-11-09 21:14 . 2010-06-25 00:51 11077120 c:\windows\system32\dllcache\ieframe.dll

+ 2010-05-19 20:08 . 2010-05-19 20:08 11408896 c:\windows\Installer\4c40aa.msp

+ 2010-06-29 06:46 . 2010-06-29 06:46 17512960 c:\windows\Installer\4c40a0.msp

+ 2010-08-23 09:05 . 2009-03-08 11:39 11063808 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll

+ 2010-08-23 14:02 . 2010-08-23 14:02 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll

+ 2010-08-23 18:57 . 2010-08-23 18:57 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll

+ 2010-08-23 18:56 . 2010-08-23 18:56 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll

+ 2010-08-23 14:02 . 2010-08-23 14:02 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll

+ 2010-08-23 14:00 . 2010-08-23 14:00 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll

+ 2010-08-23 13:59 . 2010-08-23 13:59 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll

+ 2010-08-23 09:11 . 2010-08-23 09:11 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"eBook Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2009-11-24 906640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 17:02 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^JJ^Start Menu^Programs^Startup^Webshots.lnk]

path=c:\documents and settings\JJ\Start Menu\Programs\Startup\Webshots.lnk

backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

2006-12-24 00:05 679936 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]

2002-08-01 18:53 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2002-08-15 00:29 290816 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2005-02-23 23:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]

2002-08-22 20:11 221184 ----a-w- c:\program files\Common Files\Dell\EUSW\Support.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2006-11-09 22:07 49263 ----a-w- c:\program files\Java\jre1.5.0_10\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2031:UDP"= 2031:UDP:Windows Media Format SDK (IEXPLORE.EXE)

"2030:UDP"= 2030:UDP:Windows Media Format SDK (IEXPLORE.EXE)

"2073:UDP"= 2073:UDP:Windows Media Format SDK (IEXPLORE.EXE)

"2072:UDP"= 2072:UDP:Windows Media Format SDK (IEXPLORE.EXE)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/24/2009 11:15 AM 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/24/2009 11:15 AM 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 10:01 AM 308136]

S3 Ich;Ich;c:\windows\system32\drivers\Ich.sys [12/19/2006 5:17 PM 65916]

--- Other Services/Drivers In Memory ---

*Deregistered* - pfswnx

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?ec03dcfb912c4a04b1561713d7a64196

IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?ec03dcfb912c4a04b1561713d7a64196

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-25 21:53

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pfswnx]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3872)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-08-25 21:56:55

ComboFix-quarantined-files.txt 2010-08-26 04:56

ComboFix2.txt 2010-08-23 03:30

ComboFix3.txt 2010-08-19 00:46

Pre-Run: 17,884,442,624 bytes free

Post-Run: 18,203,398,144 bytes free

- - End Of File - - 22D594D19C91718A8D66DE634C641456

Link to post
Share on other sites

An Update:

After posting the previous post, we installed the latest version of Adobe Reader as suggested. Then we uninstalled the "google toolbar" that seemed to install itself with the reader.

Today, things have been seemingly slow, and have been getting what seems to be an abnormal number of "cannot display the webpage" type errors fom IE. It seems we have taken a half step back. No redirects, and no popups (at least none that the browser has let thru.

Dan

Link to post
Share on other sites

Followed the link provided, however it was not clear to me exactly what you wanted when I got there. Seems like there are several tools there, however none of them indicated "full tests". Ended up running "overdrive", creating an account in the process. I hope that this is what you wanted.

http://www.pcpitstop.com/betapit/sec.asp?conid=23834529

The system seems to be running better today, but we are still getting a large number of "web page cannot be displayed" messages. With persistence, it seems we can eventually connect to the page we wanted.

Link to post
Share on other sites

I called Cox, my ISP. It was not a real enjoyable experience, I think the only ones there are working from a script...and not a good one at that. But they did end up telling me that they could not see any problem from their end. They are not reporting any problems with their network. As far as I can tell it is probably not on their end.

The router seems to be working as I can access other computers on my local network. So I am thinking that it is probably ok.

I am a little concerned that it might be the cable modem that is dropping out. I am about ready to replace it just in case, but I am unsure.

My other thought is that everything was working fine until we deleted the old Adobe Reader and installed 9.3.4. It seemed like it installed a lot of junk with it, perhaps it isn't playing nice with IE8. The situation seems to be getting worse. So I deleted it (Adobe Reader), and perhaps will try a reinstall later. I am also considering reinstalling IE8. If your have a opinion, please let me know.

Things seem to be working well except for the connection/"webpage cannot be displayed" errors.

Dan

Link to post
Share on other sites

  • Staff
My other thought is that everything was working fine until we deleted the old Adobe Reader and installed 9.3.4. It seemed like it installed a lot of junk with it, perhaps it isn't playing nice with IE8. The situation seems to be getting worse. So I deleted it (Adobe Reader), and perhaps will try a reinstall later. I am also considering reinstalling IE8. If your have a opinion, please let me know.

Things seem to be working well except for the connection/"webpage cannot be displayed" errors.

Likely that your modem is glitching for whatever reason (might be old), so replacing it is a good idea in my opinion.

Adobe Reader wouldn't cause all of this. It's been installed millions of times and I haven't seen this issue before.

Does the same error occur in Firefox too, or just Internet Explorer?

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.