Jump to content

Recommended Posts

When I am using the internet the browser opens tabs to random sites. I also have the XP Security Antivirus 2011 virus...

DDS

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Maximiliano at 16:23:56.90 on 04/05/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1013.459 [GMT 1:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Launch Manager\dsiwmis.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~1\Eraser\Eraser.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Maximiliano\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&m=em350&r=0xph0910n925l0444wum5r46n2r32p

uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&m=em350&r=0xph0910n925l0444wum5r46n2r32p

uInternet Connection Wizard,ShellNext = iexplore

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [AdobeBridge]

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe

StartupFolder: c:\docume~1\maximi~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\maximi~1\applic~1\mozilla\firefox\profiles\6yq2bz5c.default\

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\maximiliano\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\byond\bin\npbyond.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;c:\docume~1\maximi~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\docume~1\maximi~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-3-5 22504]

R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-5-4 312400]

R2 Updater Service;Updater Service;c:\program files\emachines\emachines updater\UpdaterService.exe [2010-5-4 243232]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-5-4 60456]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-20 135664]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-4 1691480]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-1 183560]

S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-5-4 108752]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-20 135664]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 XDva380;XDva380;\??\c:\windows\system32\xdva380.sys --> c:\windows\system32\XDva380.sys [?]

.

=============== Created Last 30 ================

.

2011-05-03 07:21:16 -------- dcsha-r- C:\cmdcons

2011-05-03 07:17:21 89088 ----a-w- c:\windows\MBR.exe

2011-05-03 07:17:20 98816 ----a-w- c:\windows\sed.exe

2011-05-03 07:17:20 256512 ----a-w- c:\windows\PEV.exe

2011-05-03 07:17:20 161792 ----a-w- c:\windows\SWREG.exe

2011-05-01 11:26:13 -------- dc----w- c:\docume~1\maximi~1\applic~1\SUPERAntiSpyware.com

2011-05-01 11:26:13 -------- dc----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2011-04-30 17:55:22 -------- dc----w- c:\docume~1\alluse~1\applic~1\dP31002LmHaH31002

2011-04-30 08:52:09 -------- d-----w- c:\program files\LucasArts

2011-04-29 21:39:53 -------- d-----w- c:\program files\GAMBIT

2011-04-28 20:01:59 4200896 ----a-w- c:\program files\microsoft games\age of empires ii\patches\Age2XPatch.exe

2011-04-28 20:01:59 2643424 ----a-w- c:\program files\microsoft games\age of empires ii\patches\Age2upA.exe

2011-04-28 19:42:37 -------- d-----w- c:\program files\Microsoft Games

2011-04-24 00:38:44 -------- d-----w- c:\program files\CMBO

2011-04-23 23:27:18 -------- d-----w- c:\program files\Codemasters

2011-04-19 23:06:18 -------- d-----w- c:\program files\LispWorks Personal

2011-04-15 23:23:44 -------- d-----w- c:\program files\Sierra

2011-04-15 23:20:40 -------- d-----w- c:\program files\Sierra On-Line

2011-04-12 17:13:40 118784 --sha-r- c:\windows\system32\trafficg.dll

2011-04-11 11:31:59 -------- dc----w- c:\docume~1\alluse~1\applic~1\AVAST Software

2011-04-11 11:31:59 -------- d-----w- c:\program files\AVAST Software

2011-04-10 23:38:51 0 ----a-w- c:\windows\Qhupu.bin

2011-04-10 23:38:49 -------- d-----w- c:\docume~1\maximi~1\locals~1\applic~1\{0ACD3826-E980-44FC-822F-A35D00FED734}

2011-04-09 23:16:07 378880 ----a-w- c:\windows\acumifixe.dll

2011-04-08 23:38:09 -------- d-----w- c:\program files\directx

2011-04-08 23:38:06 516173 ------w- c:\windows\system32\MSVCP60D.DLL

2011-04-07 20:31:02 -------- dc----w- C:\DeusEx

2011-04-07 17:10:12 -------- d-----w- c:\docume~1\maximi~1\locals~1\applic~1\nMars

2011-04-07 17:06:03 -------- d-----w- c:\program files\nMars

.

==================== Find3M ====================

.

2011-03-23 19:35:16 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2011-03-20 16:35:00 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-03-20 16:35:00 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-02-15 00:55:04 21052 ----atw- c:\windows\system32\SIntfNT.dll

2011-02-15 00:55:04 15144 ----atw- c:\windows\system32\SIntf32.dll

2011-02-15 00:55:04 12067 ----atw- c:\windows\system32\SIntf16.dll

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: TOSHIBA_ rev.GJ00 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865BF439]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x865c57d0]; MOV EAX, [0x865c584c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x865D35F0]

3 CLASSPNP[0xF76FFFD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000093[0x86FC71D0]

5 ACPI[0xF75F6620] -> nt!IofCallDriver[0x804E13B9] -> [0x86FCD028]

\Driver\iaStor[0x86FCC0F0] -> IRP_MJ_CREATE -> 0x865BF439

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }

detected disk devices:

\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskTOSHIBA_MK1665GSX_______________________GJ002J__#4&36fb52f8&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user != kernel MBR !!!

copy of MBR has been found in sector 9 !

sectors 312581806 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

============= FINISH: 16:26:45.71 ===============

Malwarebytes' Log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6484

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

01/05/2011 18:42:32

mbam-log-2011-05-01 (18-42-32).txt

Scan type: Full scan (C:\|E:\|)

Objects scanned: 318344

Time elapsed: 2 hour(s), 7 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 1

Files Infected: 12

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Maximiliano\Local Settings\Application Data\rnc.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Maximiliano\Local Settings\Application Data\rnc.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Maximiliano\Local Settings\Application Data\rnc.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:

c:\WINDOWS\$xntuninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully.

Files Infected:

c:\documents and settings\all users\application data\dp31002lmhah31002\dp31002lmhah31002.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\maximiliano\application data\Sun\Java\deployment\cache\6.0\35\64e4063-121b97bc (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\maximiliano\my documents\downloads\192\warcraft 3\warcraft3 keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\masm32\qeditor.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.

c:\masm32\examples\dialogs\calender\calender.exe (Malware.Packer) -> Quarantined and deleted successfully.

c:\masm32\examples\dialogs\simple\simple.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\masm32\examples\dialogs\tests\tests.exe (Malware.Packer) -> Quarantined and deleted successfully.

c:\masm32\examples\exampl05\qeplugin\qeplugin.dll (Spyware.Passwords) -> Quarantined and deleted successfully.

c:\masm32\examples\exampl06\regdemo\regdemo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\masm32\tools\makecimp\vcrtdemo\vcrtdemo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\masm32\tutorial\dlltute\dll\dlltute.dll (Spyware.Passwords) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi, unfortunately you have a nasty rootkit.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

I will format&reinstall as soon as possible.. but at the time I can't. So I will try to clean it up to it for a little while...

ComboFix 11-05-06.02 - Maximiliano 06/05/2011 20:44:43.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1013.702 [GMT 1:00]

Running from: c:\documents and settings\Maximiliano\Desktop\ComboFix.exe

.

PEV Error: PersonalFile

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Maximiliano\Application Data\Adobe\plugs

c:\documents and settings\Maximiliano\Application Data\Adobe\shed

c:\documents and settings\Maximiliano\Local Settings\Application Data\{0ACD3826-E980-44FC-822F-A35D00FED734}

c:\documents and settings\Maximiliano\Local Settings\Application Data\{0ACD3826-E980-44FC-822F-A35D00FED734}\chrome.manifest

c:\documents and settings\Maximiliano\Local Settings\Application Data\{0ACD3826-E980-44FC-822F-A35D00FED734}\chrome\content\_cfg.js

c:\documents and settings\Maximiliano\Local Settings\Application Data\{0ACD3826-E980-44FC-822F-A35D00FED734}\chrome\content\overlay.xul

c:\documents and settings\Maximiliano\Local Settings\Application Data\{0ACD3826-E980-44FC-822F-A35D00FED734}\install.rdf

c:\documents and settings\Maximiliano\WINDOWS

.

.

\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected

.

((((((((((((((((((((((((( Files Created from 2011-04-06 to 2011-05-06 )))))))))))))))))))))))))))))))

.

.

2011-05-01 19:08 . 2011-05-01 19:08 -------- dc----w- c:\documents and settings\Maria de fatima\Application Data\Malwarebytes

2011-05-01 14:05 . 2011-05-01 14:06 -------- dc----w- c:\documents and settings\Administrator

2011-05-01 11:26 . 2011-05-01 11:26 -------- dc----w- c:\documents and settings\Maximiliano\Application Data\SUPERAntiSpyware.com

2011-05-01 11:26 . 2011-05-01 11:26 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-04-30 23:22 . 2011-05-01 16:10 -------- d-----w- c:\program files\Warcraft III

2011-04-30 17:55 . 2011-05-01 17:42 -------- dc----w- c:\documents and settings\All Users\Application Data\dP31002LmHaH31002

2011-04-30 08:52 . 2011-04-30 08:52 -------- d-----w- c:\program files\LucasArts

2011-04-29 21:39 . 2011-04-29 21:39 -------- d-----w- c:\program files\GAMBIT

2011-04-28 19:42 . 2011-04-28 19:42 -------- d-----w- c:\program files\Microsoft Games

2011-04-26 23:13 . 2011-04-26 23:13 -------- dcsh--w- c:\documents and settings\LocalService\IECompatCache

2011-04-26 21:01 . 2011-04-26 21:01 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache

2011-04-26 20:08 . 2011-04-26 20:08 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-04-24 00:38 . 2011-04-24 00:45 -------- d-----w- c:\program files\CMBO

2011-04-23 23:27 . 2011-04-23 23:32 -------- d-----w- c:\program files\Codemasters

2011-04-22 20:40 . 2011-04-22 20:40 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple

2011-04-19 23:06 . 2011-04-19 23:09 -------- d-----w- c:\program files\LispWorks Personal

2011-04-15 23:23 . 2011-04-15 23:23 -------- d-----w- c:\program files\Sierra

2011-04-15 23:20 . 2011-04-27 09:59 -------- d-----w- c:\program files\Sierra On-Line

2011-04-12 17:13 . 2011-04-12 17:13 118784 --sha-r- c:\windows\system32\trafficg.dll

2011-04-11 11:31 . 2011-05-01 15:33 -------- dc----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-04-11 11:31 . 2011-04-11 11:31 -------- d-----w- c:\program files\AVAST Software

2011-04-10 23:58 . 2011-04-10 23:58 -------- dcsh--w- c:\documents and settings\LocalService\IETldCache

2011-04-10 23:38 . 2011-04-18 11:22 0 ----a-w- c:\windows\Qhupu.bin

2011-04-10 22:30 . 2011-05-01 21:00 -------- dc----w- c:\documents and settings\Maria de fatima\Application Data\Spyware Terminator

2011-04-09 23:16 . 2011-04-09 23:16 378880 ----a-w- c:\windows\acumifixe.dll

2011-04-08 23:38 . 2011-04-08 23:38 -------- d-----w- c:\program files\directx

2011-04-08 23:38 . 1998-06-16 22:00 516173 ------w- c:\windows\system32\MSVCP60D.DLL

2011-04-08 10:18 . 2011-04-08 10:18 -------- dc----w- c:\documents and settings\Maria de fatima\Application Data\Apple Computer

2011-04-08 10:16 . 2011-04-08 10:20 -------- dc----w- c:\documents and settings\Maria de fatima\.gimp-2.6

2011-04-08 10:16 . 2011-04-08 10:16 -------- dc----w- c:\documents and settings\Maria de fatima\Application Data\Wings3D

2011-04-08 10:15 . 2011-04-08 10:16 -------- dc----w- c:\documents and settings\Maria de fatima\Application Data\Notepad++

2011-04-07 20:31 . 2011-04-07 20:33 -------- dc----w- C:\DeusEx

2011-04-07 17:10 . 2011-04-07 17:10 -------- d-----w- c:\documents and settings\Maximiliano\Local Settings\Application Data\nMars

2011-04-07 17:06 . 2011-04-07 17:06 -------- d-----w- c:\program files\nMars

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-23 19:35 . 2010-11-13 19:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2011-03-23 19:27 . 2011-03-23 19:27 15360 -c--a-r- c:\documents and settings\Maximiliano\Application Data\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe

2011-03-23 19:27 . 2011-03-23 19:27 11264 -c--a-r- c:\documents and settings\Maximiliano\Application Data\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe

2011-03-20 16:35 . 2011-03-20 16:35 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-03-20 16:35 . 2011-03-20 16:35 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-02-15 00:55 . 2010-11-11 18:08 21052 ----atw- c:\windows\system32\SIntfNT.dll

2011-02-15 00:55 . 2010-11-11 18:08 15144 ----atw- c:\windows\system32\SIntf32.dll

2011-02-15 00:55 . 2010-11-11 18:08 12067 ----atw- c:\windows\system32\SIntf16.dll

2011-02-09 13:53 . 2010-05-04 18:25 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2010-05-04 18:25 186880 ----a-w- c:\windows\system32\encdec.dll

2011-04-30 08:48 . 2011-03-30 22:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

.

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( SnapShot@2011-05-03_08.00.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-05-06 19:41 . 2011-05-06 19:41 16384 c:\windows\temp\Perflib_Perfdata_76c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-31 399736]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-10-23 2937528]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-16 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-16 173592]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]

"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]

.

c:\documents and settings\Maria de fatima\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\Maximiliano\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

2010-04-08 04:18 908368 ----a-w- c:\program files\Launch Manager\LManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-11-16 14:56 141336 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]

2010-02-12 15:11 99712 ----a-w- c:\windows\PLFSetL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]

2010-02-12 15:11 202112 ----a-w- c:\windows\system32\csnp2uvc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snuvcdsm]

2010-02-12 15:11 30080 ----a-w- c:\windows\snuvcdsm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Starcraft\\StarCraft.exe"=

"c:\\Program Files\\REACTOR\\REACTOR.exe"=

"c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\CAVEDOG\\TOTALA\\TotalA.exe"=

"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56856:TCP"= 56856:TCP:Pando Media Booster

"56856:UDP"= 56856:UDP:Pando Media Booster

"2970:TCP"= 2970:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

"25513:TCP"= 25513:TCP:spport

"27325:TCP"= 27325:TCP:spport

"18123:TCP"= 18123:TCP:spport

"11989:TCP"= 11989:TCP:spport

"5929:TCP"= 5929:TCP:spport

"28459:TCP"= 28459:TCP:spport

"14322:TCP"= 14322:TCP:spport

"27482:TCP"= 27482:TCP:spport

"14483:TCP"= 14483:TCP:spport

"27960:TCP"= 27960:TCP:spport

"13270:TCP"= 13270:TCP:spport

"13576:TCP"= 13576:TCP:spport

"11670:TCP"= 11670:TCP:spport

"13451:TCP"= 13451:TCP:spport

"12122:TCP"= 12122:TCP:spport

"18830:TCP"= 18830:TCP:spport

"29163:TCP"= 29163:TCP:spport

"8929:TCP"= 8929:TCP:spport

"27784:TCP"= 27784:TCP:spport

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/10/2010 22:09 691696]

R1 SASDIFSV;SASDIFSV;\??\c:\docume~1\MAXIMI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\MAXIMI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

R1 SASKUTIL;SASKUTIL;\??\c:\docume~1\MAXIMI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\MAXIMI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [05/03/2011 22:10 22504]

R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [04/05/2010 19:26 312400]

R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [04/05/2010 12:15 243232]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/05/2010 19:26 60456]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/09/2010 14:12 135664]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04/05/2010 12:00 1691480]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [01/03/2011 21:23 183560]

S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [04/05/2010 12:03 108752]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/09/2010 14:12 135664]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]

S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-EMACHMKH-Maximiliano.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-10-06 02:44]

.

2011-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 13:12]

.

2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 13:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&m=em350&r=0xph0910n925l0444wum5r46n2r32p

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\Maximiliano\Application Data\Mozilla\Firefox\Profiles\6yq2bz5c.default\

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-AdobeBridge - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-06 21:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: TOSHIBA_ rev.GJ00 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8652F439]<<

c:\docume~1\MAXIMI~1\LOCALS~1\Temp\catchme.sys

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x865357d0]; MOV EAX, [0x8653584c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86551030]

3 CLASSPNP[0xF76FFFD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000095[0x86F16848]

5 ACPI[0xF74EB620] -> nt!IofCallDriver[0x804E13B9] -> [0x86ED5028]

\Driver\iaStor[0x86ECA998] -> IRP_MJ_CREATE -> 0x8652F439

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }

detected disk devices:

\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskTOSHIBA_MK1665GSX_______________________GJ002J__#4&36fb52f8&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user != kernel MBR !!!

copy of MBR has been found in sector 9 !

sectors 312581806 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(880)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'lsass.exe'(940)

c:\windows\system32\WININET.dll

.

Completion time: 2011-05-06 21:11:01

ComboFix-quarantined-files.txt 2011-05-06 20:10

ComboFix2.txt 2011-05-03 08:08

.

Pre-Run: 5,262,979,072 bytes free

Post-Run: 5,879,345,152 bytes free

.

- - End Of File - - 2EB3FA09E6CDC53B8FA1BCA0343D269E

Link to post
Share on other sites

That sees the infection but it reappears afterwards.

Please run the following tool, then rerun combofix.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

ComboFix 11-05-06.03 - Maximiliano 06/05/2011 22:51:12.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1013.544 [GMT 1:00]

Running from: c:\documents and settings\Maximiliano\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Maximiliano\Desktop\Setup.exe

c:\program files\INSTALL.LOG

c:\windows\ST6UNST.000

.

.

((((((((((((((((((((((((( Files Created from 2011-04-06 to 2011-05-06 )))))))))))))))))))))))))))))))

.

.

2011-05-01 19:08 . 2011-05-01 19:08 -------- dc----w- c:\documents and settings\Maria de fatima\Application Data\Malwarebytes

2011-05-01 14:05 . 2011-05-01 14:06 -------- dc----w- c:\documents and settings\Administrator

2011-05-01 11:26 . 2011-05-01 11:26 -------- dc----w- c:\documents and settings\Maximiliano\Application Data\SUPERAntiSpyware.com

2011-05-01 11:26 . 2011-05-01 11:26 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-04-30 23:22 . 2011-05-01 16:10 -------- d-----w- c:\program files\Warcraft III

2011-04-30 17:55 . 2011-05-01 17:42 -------- dc----w- c:\documents and settings\All Users\Application Data\dP31002LmHaH31002

2011-04-30 08:52 . 2011-04-30 08:52 -------- d-----w- c:\program files\LucasArts

2011-04-29 21:39 . 2011-04-29 21:39 -------- d-----w- c:\program files\GAMBIT

2011-04-28 19:42 . 2011-04-28 19:42 -------- d-----w- c:\program files\Microsoft Games

2011-04-26 23:13 . 2011-04-26 23:13 -------- dcsh--w- c:\documents and settings\LocalService\IECompatCache

2011-04-26 21:01 . 2011-04-26 21:01 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache

2011-04-26 20:08 . 2011-04-26 20:08 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-04-24 00:38 . 2011-04-24 00:45 -------- d-----w- c:\program files\CMBO

2011-04-23 23:27 . 2011-04-23 23:32 -------- d-----w- c:\program files\Codemasters

2011-04-22 20:40 . 2011-04-22 20:40 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple

2011-04-19 23:06 . 2011-04-19 23:09 -------- d-----w- c:\program files\LispWorks Personal

2011-04-15 23:23 . 2011-04-15 23:23 -------- d-----w- c:\program files\Sierra

2011-04-15 23:20 . 2011-04-27 09:59 -------- d-----w- c:\program files\Sierra On-Line

2011-04-12 17:13 . 2011-04-12 17:13 118784 --sha-r- c:\windows\system32\trafficg.dll

2011-04-11 11:31 . 2011-05-01 15:33 -------- dc----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-04-11 11:31 . 2011-04-11 11:31 -------- d-----w- c:\program files\AVAST Software

2011-04-10 23:58 . 2011-04-10 23:58 -------- dcsh--w- c:\documents and settings\LocalService\IETldCache

2011-04-10 23:38 . 2011-04-18 11:22 0 ----a-w- c:\windows\Qhupu.bin

2011-04-10 22:30 . 2011-05-01 21:00 -------- dc----w- c:\documents and settings\Maria de fatima\Application Data\Spyware Terminator

2011-04-09 23:16 . 2011-04-09 23:16 378880 ----a-w- c:\windows\acumifixe.dll

2011-04-08 23:38 . 2011-04-08 23:38 -------- d-----w- c:\program files\directx

2011-04-08 23:38 . 1998-06-16 22:00 516173 ------w- c:\windows\system32\MSVCP60D.DLL

2011-04-08 10:18 . 2011-04-08 10:18 -------- dc----w- c:\documents and settings\Maria de fatima\Application Data\Apple Computer

2011-04-08 10:16 . 2011-04-08 10:20 -------- dc----w- c:\documents and settings\Maria de fatima\.gimp-2.6

2011-04-08 10:16 . 2011-04-08 10:16 -------- dc----w- c:\documents and settings\Maria de fatima\Application Data\Wings3D

2011-04-08 10:15 . 2011-04-08 10:16 -------- dc----w- c:\documents and settings\Maria de fatima\Application Data\Notepad++

2011-04-07 20:31 . 2011-04-07 20:33 -------- dc----w- C:\DeusEx

2011-04-07 17:10 . 2011-04-07 17:10 -------- d-----w- c:\documents and settings\Maximiliano\Local Settings\Application Data\nMars

2011-04-07 17:06 . 2011-04-07 17:06 -------- d-----w- c:\program files\nMars

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-23 19:35 . 2010-11-13 19:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2011-03-23 19:27 . 2011-03-23 19:27 15360 -c--a-r- c:\documents and settings\Maximiliano\Application Data\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe

2011-03-23 19:27 . 2011-03-23 19:27 11264 -c--a-r- c:\documents and settings\Maximiliano\Application Data\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe

2011-03-20 16:35 . 2011-03-20 16:35 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-03-20 16:35 . 2011-03-20 16:35 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-02-15 00:55 . 2010-11-11 18:08 21052 ----atw- c:\windows\system32\SIntfNT.dll

2011-02-15 00:55 . 2010-11-11 18:08 15144 ----atw- c:\windows\system32\SIntf32.dll

2011-02-15 00:55 . 2010-11-11 18:08 12067 ----atw- c:\windows\system32\SIntf16.dll

2011-02-09 13:53 . 2010-05-04 18:25 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2010-05-04 18:25 186880 ----a-w- c:\windows\system32\encdec.dll

2011-04-30 08:48 . 2011-03-30 22:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

.

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( SnapShot@2011-05-03_08.00.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-05-06 21:46 . 2011-05-06 21:46 16384 c:\windows\temp\Perflib_Perfdata_730.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-31 399736]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-10-23 2937528]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-16 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-16 173592]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]

"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]

.

c:\documents and settings\Maria de fatima\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\Maximiliano\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

2010-04-08 04:18 908368 ----a-w- c:\program files\Launch Manager\LManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-11-16 14:56 141336 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]

2010-02-12 15:11 99712 ----a-w- c:\windows\PLFSetL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]

2010-02-12 15:11 202112 ----a-w- c:\windows\system32\csnp2uvc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snuvcdsm]

2010-02-12 15:11 30080 ----a-w- c:\windows\snuvcdsm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Starcraft\\StarCraft.exe"=

"c:\\Program Files\\REACTOR\\REACTOR.exe"=

"c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\CAVEDOG\\TOTALA\\TotalA.exe"=

"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56856:TCP"= 56856:TCP:Pando Media Booster

"56856:UDP"= 56856:UDP:Pando Media Booster

"2970:TCP"= 2970:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

"25513:TCP"= 25513:TCP:spport

"27325:TCP"= 27325:TCP:spport

"18123:TCP"= 18123:TCP:spport

"11989:TCP"= 11989:TCP:spport

"5929:TCP"= 5929:TCP:spport

"28459:TCP"= 28459:TCP:spport

"14322:TCP"= 14322:TCP:spport

"27482:TCP"= 27482:TCP:spport

"14483:TCP"= 14483:TCP:spport

"27960:TCP"= 27960:TCP:spport

"13270:TCP"= 13270:TCP:spport

"13576:TCP"= 13576:TCP:spport

"11670:TCP"= 11670:TCP:spport

"13451:TCP"= 13451:TCP:spport

"12122:TCP"= 12122:TCP:spport

"18830:TCP"= 18830:TCP:spport

"29163:TCP"= 29163:TCP:spport

"8929:TCP"= 8929:TCP:spport

"27784:TCP"= 27784:TCP:spport

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/10/2010 22:09 691696]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [05/03/2011 22:10 22504]

R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [04/05/2010 19:26 312400]

R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [04/05/2010 12:15 243232]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/05/2010 19:26 60456]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\MAXIMI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\MAXIMI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\MAXIMI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\MAXIMI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/09/2010 14:12 135664]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04/05/2010 12:00 1691480]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [01/03/2011 21:23 183560]

S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [04/05/2010 12:03 108752]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/09/2010 14:12 135664]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]

S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-EMACHMKH-Maximiliano.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-10-06 02:44]

.

2011-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 13:12]

.

2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 13:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&m=em350&r=0xph0910n925l0444wum5r46n2r32p

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\Maximiliano\Application Data\Mozilla\Firefox\Profiles\6yq2bz5c.default\

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-06 23:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

Completion time: 2011-05-06 23:03:23

ComboFix-quarantined-files.txt 2011-05-06 22:03

ComboFix2.txt 2011-05-06 20:11

ComboFix3.txt 2011-05-03 08:08

.

Pre-Run: 5,870,878,720 bytes free

Post-Run: 5,898,313,728 bytes free

.

- - End Of File - - EE5E34F8471DEE5F0FE011BBA275516D

TDSSkiller log

2011/05/06 22:43:52.0375 3936 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16

2011/05/06 22:43:52.0671 3936 ================================================================================

2011/05/06 22:43:52.0671 3936 SystemInfo:

2011/05/06 22:43:52.0671 3936

2011/05/06 22:43:52.0671 3936 OS Version: 5.1.2600 ServicePack: 3.0

2011/05/06 22:43:52.0671 3936 Product type: Workstation

2011/05/06 22:43:52.0671 3936 ComputerName: EMACHMKH

2011/05/06 22:43:52.0687 3936 UserName: Maximiliano

2011/05/06 22:43:52.0687 3936 Windows directory: C:\WINDOWS

2011/05/06 22:43:52.0687 3936 System windows directory: C:\WINDOWS

2011/05/06 22:43:52.0687 3936 Processor architecture: Intel x86

2011/05/06 22:43:52.0687 3936 Number of processors: 2

2011/05/06 22:43:52.0687 3936 Page size: 0x1000

2011/05/06 22:43:52.0687 3936 Boot type: Normal boot

2011/05/06 22:43:52.0687 3936 ================================================================================

2011/05/06 22:43:53.0156 3936 Initialize success

2011/05/06 22:43:56.0578 3648 ================================================================================

2011/05/06 22:43:56.0578 3648 Scan started

2011/05/06 22:43:56.0578 3648 Mode: Manual;

2011/05/06 22:43:56.0578 3648 ================================================================================

2011/05/06 22:43:57.0656 3648 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/05/06 22:43:57.0750 3648 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/06 22:43:57.0796 3648 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/05/06 22:43:57.0937 3648 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/05/06 22:43:58.0125 3648 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/05/06 22:43:58.0234 3648 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/05/06 22:43:58.0421 3648 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/05/06 22:43:58.0500 3648 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/05/06 22:43:58.0562 3648 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/05/06 22:43:58.0609 3648 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/05/06 22:43:58.0656 3648 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/05/06 22:43:58.0781 3648 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/05/06 22:43:58.0828 3648 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/05/06 22:43:58.0937 3648 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

2011/05/06 22:43:59.0140 3648 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/05/06 22:43:59.0187 3648 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/05/06 22:43:59.0250 3648 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/05/06 22:43:59.0312 3648 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/05/06 22:43:59.0359 3648 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/05/06 22:43:59.0515 3648 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/06 22:43:59.0671 3648 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/06 22:43:59.0781 3648 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/06 22:43:59.0968 3648 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/06 22:44:00.0218 3648 BCM43XX (c4dd93c82227d964897940c68391a577) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/05/06 22:44:00.0421 3648 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/06 22:44:00.0765 3648 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/05/06 22:44:00.0796 3648 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/06 22:44:00.0890 3648 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/05/06 22:44:01.0109 3648 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/05/06 22:44:01.0187 3648 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/06 22:44:01.0359 3648 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/06 22:44:01.0437 3648 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/06 22:44:01.0703 3648 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/05/06 22:44:01.0781 3648 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/05/06 22:44:01.0953 3648 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/05/06 22:44:02.0062 3648 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/05/06 22:44:02.0109 3648 cpuz135 (6bada94085b6709694f8327c211d12e1) C:\WINDOWS\system32\drivers\cpuz135_x32.sys

2011/05/06 22:44:02.0328 3648 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/05/06 22:44:02.0359 3648 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/05/06 22:44:02.0500 3648 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/06 22:44:02.0687 3648 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/06 22:44:02.0765 3648 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/06 22:44:02.0921 3648 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/06 22:44:02.0984 3648 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/06 22:44:03.0109 3648 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/05/06 22:44:03.0281 3648 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/06 22:44:03.0656 3648 EUCR (d13df42a6e5acf48960bd1f5e256c2f6) C:\WINDOWS\system32\DRIVERS\EUCR6SK.SYS

2011/05/06 22:44:03.0750 3648 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/06 22:44:03.0968 3648 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/05/06 22:44:04.0031 3648 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/06 22:44:04.0218 3648 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/05/06 22:44:04.0296 3648 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/05/06 22:44:04.0453 3648 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/06 22:44:04.0515 3648 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/06 22:44:04.0625 3648 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/06 22:44:04.0843 3648 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/05/06 22:44:04.0953 3648 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/06 22:44:05.0156 3648 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/05/06 22:44:05.0234 3648 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/06 22:44:05.0421 3648 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/05/06 22:44:05.0468 3648 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/05/06 22:44:05.0546 3648 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/06 22:44:05.0796 3648 ialm (0e501525f2b67aa17fe143d7c5e6a649) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/05/06 22:44:06.0000 3648 iaStor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\drivers\iaStor.sys

2011/05/06 22:44:06.0109 3648 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/06 22:44:06.0328 3648 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/05/06 22:44:06.0593 3648 IntcAzAudAddService (f574d00ab0319d8ab38fff0739c8659b) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/05/06 22:44:06.0937 3648 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/05/06 22:44:07.0015 3648 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/06 22:44:07.0078 3648 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/05/06 22:44:07.0218 3648 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/06 22:44:07.0265 3648 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/06 22:44:07.0421 3648 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/06 22:44:07.0500 3648 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/06 22:44:07.0640 3648 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/06 22:44:07.0734 3648 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/06 22:44:07.0812 3648 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/06 22:44:07.0984 3648 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/06 22:44:08.0046 3648 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/06 22:44:08.0234 3648 L1c (d99d73fb21394f2cba4b6f34361f88fa) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

2011/05/06 22:44:08.0531 3648 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/06 22:44:08.0640 3648 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/06 22:44:08.0843 3648 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

2011/05/06 22:44:09.0031 3648 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/06 22:44:09.0109 3648 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/06 22:44:09.0296 3648 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/06 22:44:09.0343 3648 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/05/06 22:44:09.0500 3648 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/06 22:44:09.0593 3648 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/06 22:44:09.0859 3648 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/06 22:44:09.0921 3648 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/06 22:44:09.0984 3648 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/06 22:44:10.0031 3648 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/06 22:44:10.0187 3648 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/06 22:44:10.0250 3648 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/05/06 22:44:10.0312 3648 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/06 22:44:10.0484 3648 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/05/06 22:44:10.0562 3648 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/06 22:44:10.0718 3648 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/05/06 22:44:10.0781 3648 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/06 22:44:10.0859 3648 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/06 22:44:11.0031 3648 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/06 22:44:11.0093 3648 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/06 22:44:11.0265 3648 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/06 22:44:11.0312 3648 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/06 22:44:11.0593 3648 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/06 22:44:11.0703 3648 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/06 22:44:11.0906 3648 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/06 22:44:11.0984 3648 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/06 22:44:12.0031 3648 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/06 22:44:12.0203 3648 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/05/06 22:44:12.0281 3648 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/06 22:44:12.0484 3648 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/06 22:44:12.0546 3648 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/06 22:44:12.0765 3648 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/06 22:44:12.0812 3648 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/05/06 22:44:13.0078 3648 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/05/06 22:44:13.0218 3648 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/05/06 22:44:13.0375 3648 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/06 22:44:13.0468 3648 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/06 22:44:13.0578 3648 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/06 22:44:13.0671 3648 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/05/06 22:44:13.0781 3648 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/05/06 22:44:13.0906 3648 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/05/06 22:44:13.0953 3648 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/05/06 22:44:14.0031 3648 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/05/06 22:44:14.0125 3648 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/06 22:44:14.0234 3648 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/06 22:44:14.0359 3648 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/06 22:44:14.0421 3648 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/06 22:44:14.0500 3648 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/06 22:44:14.0625 3648 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/06 22:44:14.0734 3648 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/06 22:44:14.0875 3648 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/06 22:44:15.0015 3648 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/06 22:44:15.0500 3648 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/06 22:44:15.0593 3648 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/05/06 22:44:15.0859 3648 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/06 22:44:15.0984 3648 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/05/06 22:44:16.0046 3648 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/05/06 22:44:16.0296 3648 SNP2UVC (fa8a150623ed0e99b8e4f5cc3d57968b) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys

2011/05/06 22:44:16.0453 3648 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/05/06 22:44:16.0531 3648 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/06 22:44:16.0781 3648 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

2011/05/06 22:44:16.0781 3648 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2011/05/06 22:44:16.0796 3648 sptd - detected LockedFile.Multi.Generic (1)

2011/05/06 22:44:16.0859 3648 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/06 22:44:17.0062 3648 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/06 22:44:17.0187 3648 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/05/06 22:44:17.0328 3648 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/06 22:44:17.0421 3648 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/06 22:44:17.0531 3648 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/05/06 22:44:17.0703 3648 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/05/06 22:44:17.0796 3648 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/05/06 22:44:17.0859 3648 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/05/06 22:44:17.0937 3648 SynTP (5cdd124913e91c7f79b4d5cae1c7c4de) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/05/06 22:44:18.0000 3648 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/06 22:44:18.0203 3648 Tcpip (4afb3b0919649f95c1964aa1fad27d73) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/06 22:44:18.0281 3648 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/06 22:44:18.0421 3648 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/06 22:44:18.0484 3648 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/06 22:44:18.0609 3648 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/05/06 22:44:18.0890 3648 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/06 22:44:18.0968 3648 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/05/06 22:44:19.0078 3648 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/06 22:44:19.0234 3648 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/06 22:44:19.0343 3648 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/06 22:44:19.0453 3648 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/06 22:44:19.0562 3648 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/06 22:44:19.0703 3648 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/06 22:44:19.0796 3648 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/05/06 22:44:19.0937 3648 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/05/06 22:44:20.0000 3648 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/05/06 22:44:20.0093 3648 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/05/06 22:44:20.0171 3648 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/06 22:44:20.0296 3648 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/06 22:44:20.0468 3648 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/05/06 22:44:20.0593 3648 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/06 22:44:20.0812 3648 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/05/06 22:44:21.0000 3648 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/05/06 22:44:21.0140 3648 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/05/06 22:44:21.0218 3648 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/05/06 22:44:21.0484 3648 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/05/06 22:44:21.0500 3648 ================================================================================

2011/05/06 22:44:21.0500 3648 Scan finished

2011/05/06 22:44:21.0500 3648 ================================================================================

2011/05/06 22:44:21.0546 3168 Detected object count: 2

2011/05/06 22:44:48.0203 3168 LockedFile.Multi.Generic(sptd) - User select action: Skip

2011/05/06 22:44:48.0265 3168 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/05/06 22:44:48.0265 3168 \HardDisk0 - ok

2011/05/06 22:44:48.0265 3168 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/05/06 22:44:51.0468 3024 Deinitialize success

Link to post
Share on other sites

Hi again, how are things running at this point?

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


FCopy::
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Uhm, better than before. I haven't been redirected for a while now. And no more random tabs opening :)

ComboFix 11-05-06.05 - Maximiliano 07/05/2011 19:35:53.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1013.484 [GMT 1:00]

Running from: c:\documents and settings\Maximiliano\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Maximiliano\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))

.

.

2011-05-07 14:17 . 2011-05-07 14:17 -------- d-----w- c:\windows\ServicePackFiles

2011-05-01 19:08 . 2011-05-01 19:08 -------- dc----w- c:\documents and settings\Maria de fatima\Application Data\Malwarebytes

2011-05-01 14:05 . 2011-05-01 14:06 -------- dc----w- c:\documents and settings\Administrator

2011-05-01 11:26 . 2011-05-01 11:26 -------- dc----w- c:\documents and settings\Maximiliano\Application Data\SUPERAntiSpyware.com

2011-05-01 11:26 . 2011-05-01 11:26 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-04-30 23:22 . 2011-05-01 16:10 -------- d-----w- c:\program files\Warcraft III

2011-04-30 17:55 . 2011-05-01 17:42 -------- dc----w- c:\documents and settings\All Users\Application Data\dP31002LmHaH31002

2011-04-30 08:52 . 2011-04-30 08:52 -------- d-----w- c:\program files\LucasArts

2011-04-29 21:39 . 2011-04-29 21:39 -------- d-----w- c:\program files\GAMBIT

2011-04-28 19:42 . 2011-04-28 19:42 -------- d-----w- c:\program files\Microsoft Games

2011-04-26 23:13 . 2011-04-26 23:13 -------- dcsh--w- c:\documents and settings\LocalService\IECompatCache

2011-04-26 21:01 . 2011-04-26 21:01 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache

2011-04-26 20:08 . 2011-04-26 20:08 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-04-24 00:38 . 2011-04-24 00:45 -------- d-----w- c:\program files\CMBO

2011-04-23 23:27 . 2011-04-23 23:32 -------- d-----w- c:\program files\Codemasters

2011-04-22 20:40 . 2011-04-22 20:40 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple

2011-04-19 23:06 . 2011-04-19 23:09 -------- d-----w- c:\program files\LispWorks Personal

2011-04-15 23:23 . 2011-04-15 23:23 -------- d-----w- c:\program files\Sierra

2011-04-15 23:20 . 2011-04-27 09:59 -------- d-----w- c:\program files\Sierra On-Line

2011-04-12 17:13 . 2011-04-12 17:13 118784 --sha-r- c:\windows\system32\trafficg.dll

2011-04-11 11:31 . 2011-05-01 15:33 -------- dc----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-04-11 11:31 . 2011-04-11 11:31 -------- d-----w- c:\program files\AVAST Software

2011-04-10 23:58 . 2011-04-10 23:58 -------- dcsh--w- c:\documents and settings\LocalService\IETldCache

2011-04-10 23:38 . 2011-04-18 11:22 0 ----a-w- c:\windows\Qhupu.bin

2011-04-10 22:30 . 2011-05-01 21:00 -------- dc----w- c:\documents and settings\Maria de fatima\Application Data\Spyware Terminator

2011-04-09 23:16 . 2011-04-09 23:16 378880 ----a-w- c:\windows\acumifixe.dll

2011-04-08 23:38 . 2011-04-08 23:38 -------- d-----w- c:\program files\directx

2011-04-08 23:38 . 1998-06-16 22:00 516173 ------w- c:\windows\system32\MSVCP60D.DLL

2011-04-08 10:18 . 2011-04-08 10:18 -------- dc----w- c:\documents and settings\Maria de fatima\Application Data\Apple Computer

2011-04-08 10:16 . 2011-04-08 10:20 -------- dc----w- c:\documents and settings\Maria de fatima\.gimp-2.6

2011-04-08 10:16 . 2011-04-08 10:16 -------- dc----w- c:\documents and settings\Maria de fatima\Application Data\Wings3D

2011-04-08 10:15 . 2011-04-08 10:16 -------- dc----w- c:\documents and settings\Maria de fatima\Application Data\Notepad++

2011-04-07 20:31 . 2011-04-07 20:33 -------- dc----w- C:\DeusEx

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-23 19:35 . 2010-11-13 19:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2011-03-23 19:27 . 2011-03-23 19:27 15360 -c--a-r- c:\documents and settings\Maximiliano\Application Data\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe

2011-03-23 19:27 . 2011-03-23 19:27 11264 -c--a-r- c:\documents and settings\Maximiliano\Application Data\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe

2011-03-20 16:35 . 2011-03-20 16:35 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-03-20 16:35 . 2011-03-20 16:35 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-03-07 05:33 . 2010-05-04 09:45 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2010-05-04 18:25 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2010-05-04 18:25 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2010-05-04 18:25 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2010-05-04 18:25 43520 ------w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2010-05-04 18:25 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2010-05-04 18:25 385024 ------w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2010-05-04 18:25 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2010-05-04 18:25 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2010-09-21 21:22 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2010-05-04 18:25 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-15 00:55 . 2010-11-11 18:08 21052 ----atw- c:\windows\system32\SIntfNT.dll

2011-02-15 00:55 . 2010-11-11 18:08 15144 ----atw- c:\windows\system32\SIntf32.dll

2011-02-15 00:55 . 2010-11-11 18:08 12067 ----atw- c:\windows\system32\SIntf16.dll

2011-02-11 13:25 . 2010-05-04 09:44 229888 ----a-w- c:\windows\system32\fxscover.exe

2011-02-09 13:53 . 2010-05-04 18:25 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2010-05-04 18:25 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2010-05-04 18:25 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2010-05-04 18:25 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-04-30 08:48 . 2011-03-30 22:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-05-03_08.00.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-05-07 14:29 . 2011-05-07 14:29 16384 c:\windows\temp\Perflib_Perfdata_734.dat

+ 2010-05-04 18:25 . 2011-05-07 14:06 72066 c:\windows\system32\perfc009.dat

+ 2010-05-04 18:25 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll

- 2010-05-04 18:25 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll

+ 2009-03-08 04:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll

- 2009-03-08 04:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll

+ 2010-05-04 18:25 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll

- 2010-05-04 18:25 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll

- 2010-05-04 18:25 . 2008-04-14 12:00 45568 c:\windows\system32\dnsrslvr.dll

+ 2010-05-04 18:25 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll

- 2010-05-04 10:30 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2010-05-04 10:30 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll

- 2010-05-04 18:25 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2010-05-04 18:25 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll

- 2010-05-04 10:35 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2010-05-04 10:35 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2010-05-04 18:25 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2010-05-04 18:25 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2010-05-04 18:25 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2010-05-04 18:25 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2010-05-04 18:25 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll

- 2010-05-04 18:25 . 2008-04-14 12:00 45568 c:\windows\system32\dllcache\dnsrslvr.dll

- 2011-01-28 18:00 . 2011-02-17 09:59 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-01-28 18:00 . 2011-05-07 14:16 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-05-07 14:14 . 2010-12-20 23:59 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll

+ 2011-05-07 14:14 . 2010-12-20 23:59 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll

+ 2011-05-07 14:14 . 2010-12-20 23:59 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll

+ 2011-05-07 14:14 . 2010-12-20 23:59 43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll

+ 2011-05-07 14:14 . 2010-12-20 23:59 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll

+ 2011-05-07 18:40 . 2011-05-07 18:40 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\e7011899210fffe6c581aedc2a4f56af\WindowsLiveWriter.ni.exe

+ 2011-05-07 18:42 . 2011-05-07 18:42 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\83a67ede72b011c0d5933896ac124abd\WindowsLive.Writer.Api.ni.dll

+ 2011-05-07 14:18 . 2011-05-07 14:18 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll

+ 2011-05-07 14:14 . 2011-05-07 14:14 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe

+ 2011-05-07 14:12 . 2011-05-07 14:12 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\61ae638a8173b053fc3e6dde41df25a3\Microsoft.VisualC.ni.dll

+ 2011-05-07 15:11 . 2011-05-07 15:11 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2010-10-06 09:23 . 2010-10-06 09:23 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2010-05-04 18:25 . 2011-05-07 14:06 442800 c:\windows\system32\perfh009.dat

+ 2010-05-04 18:25 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll

- 2010-05-04 18:25 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll

+ 2010-05-04 18:25 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll

- 2010-05-04 18:25 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll

- 2010-05-04 18:25 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll

+ 2010-05-04 18:25 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll

- 2009-03-08 04:32 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll

+ 2009-03-08 04:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll

- 2010-05-04 18:25 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll

+ 2010-05-04 18:25 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll

+ 2010-05-04 18:25 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll

- 2010-05-04 18:25 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll

- 2010-05-04 18:25 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll

+ 2010-05-04 18:25 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll

- 2010-05-04 18:25 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe

+ 2010-05-04 18:25 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe

- 2010-05-04 18:25 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys

+ 2010-05-04 18:25 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys

+ 2010-05-04 18:25 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll

+ 2010-05-04 18:25 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll

- 2010-05-04 18:25 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll

+ 2010-05-04 18:25 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll

+ 2010-05-04 18:25 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys

- 2010-05-04 18:25 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll

+ 2010-05-04 18:25 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll

+ 2010-05-04 18:25 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll

- 2010-05-04 18:25 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll

+ 2010-05-04 18:25 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll

- 2010-05-04 18:25 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll

- 2010-05-04 10:35 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2010-05-04 10:35 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2010-05-04 10:18 . 2011-02-17 13:18 455936 c:\windows\system32\dllcache\mrxsmb.sys

- 2010-05-04 18:25 . 2010-09-18 11:23 974848 c:\windows\system32\dllcache\mfc42u.dll

+ 2010-05-04 18:25 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll

+ 2010-05-04 18:25 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll

+ 2010-05-04 18:25 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll

- 2010-05-04 18:25 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll

+ 2010-05-04 09:45 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll

- 2010-05-04 09:45 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll

- 2010-05-04 10:30 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2010-05-04 10:30 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2010-05-04 18:25 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2010-05-04 18:25 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2010-09-21 21:25 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2010-09-21 21:25 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2010-05-04 18:25 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2010-05-04 18:25 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2010-05-04 18:25 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe

+ 2010-05-04 18:25 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe

+ 2010-05-04 09:44 . 2011-02-11 13:25 229888 c:\windows\system32\dllcache\fxscover.exe

+ 2010-05-04 18:25 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll

+ 2010-05-04 18:25 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll

+ 2010-05-04 18:25 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys

- 2010-05-04 18:25 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys

+ 2011-02-11 13:25 . 2011-02-11 13:25 229888 c:\windows\ServicePackFiles\ServicePackCache\i386\fxscover.exe

+ 2011-01-18 03:39 . 2011-01-18 03:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2010-05-11 05:40 . 2010-05-11 05:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2011-01-18 03:39 . 2011-01-18 03:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

- 2010-05-11 05:40 . 2010-05-11 05:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2011-01-18 03:39 . 2011-01-18 03:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2011-05-07 14:01 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll

+ 2011-05-07 14:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll

+ 2011-05-07 14:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe

+ 2011-05-07 14:01 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll

+ 2011-05-07 14:14 . 2010-12-20 23:59 916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll

+ 2011-05-07 14:14 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll

+ 2011-05-07 14:14 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe

+ 2011-05-07 14:14 . 2010-12-20 23:59 206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll

+ 2011-05-07 14:14 . 2010-12-20 23:59 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll

+ 2011-05-07 14:14 . 2010-12-20 23:59 602112 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll

+ 2011-05-07 14:14 . 2010-12-20 23:59 247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll

+ 2011-05-07 14:14 . 2010-12-20 23:59 184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll

+ 2011-05-07 14:14 . 2010-12-20 23:59 743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll

+ 2011-05-07 14:14 . 2010-12-20 23:59 387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll

+ 2011-05-07 14:14 . 2010-12-20 12:55 173568 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe

+ 2010-10-06 09:23 . 2010-10-06 09:23 626688 c:\windows\assembly\temp\6GOW3BJQY6\System.Drawing.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ec67941b90dae5d83c9f07ef4eb76d0f\WindowsLive.Writer.BlogClient.ni.dll

+ 2011-05-07 18:41 . 2011-05-07 18:41 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e7963a721bbdde3a85eb60f433ecdcf6\WindowsLive.Writer.Interop.Mshtml.ni.dll

+ 2011-05-07 18:41 . 2011-05-07 18:41 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cde9e70b835d2c0793a730d9b1133a74\WindowsLive.Writer.Interop.ni.dll

+ 2011-05-07 18:41 . 2011-05-07 18:41 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa6a2966e5e5b66e655524bdc20bdda9\WindowsLive.Writer.Interop.SHDocVw.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9fe9f927e7261c2b8b9fe8beb7f55f3c\WindowsLive.Writer.Passport.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8583f74057e06196c730254eb6175fe6\WindowsLive.Writer.Extensibility.ni.dll

+ 2011-05-07 18:41 . 2011-05-07 18:41 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\84c846479457aecc420ec3fa96bbd0ea\WindowsLive.Writer.HtmlParser.ni.dll

+ 2011-05-07 18:41 . 2011-05-07 18:41 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6ad2d2fa593fdab2994f3a28bc062904\WindowsLive.Writer.BrowserControl.ni.dll

+ 2011-05-07 18:41 . 2011-05-07 18:41 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\44c24056e778be36c9f8ed822ba7d175\WindowsLive.Writer.Controls.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3c735419e4f07e6c2f53b15022a17f01\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3a35107bc70604c615b533bbdbd8dbc7\WindowsLive.Writer.Localization.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2dfead1290e37be1443a894d74c77403\WindowsLive.Writer.SpellChecker.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\15d7ad1328907b52dfba4b9eaa17917a\WindowsLive.Writer.Mshtml.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\2facc5c45b44a9442103fe1fde63019d\WindowsLive.Client.ni.dll

+ 2011-05-07 14:18 . 2011-05-07 14:18 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll

+ 2011-05-07 14:18 . 2011-05-07 14:18 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll

+ 2011-05-07 14:18 . 2011-05-07 14:18 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC2.tmp\WindowsLive.Writer.FileDestinations.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\103956fdb019bce8a173fe9cb9da3e02\System.Web.RegularExpressions.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll

+ 2011-05-07 18:41 . 2011-05-07 18:41 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll

+ 2011-05-07 18:41 . 2011-05-07 18:41 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa6a58394a1f162eecce4cd8af0875c3\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1d03df7f7548613e8beab2cc21e57910\System.Runtime.Remoting.ni.dll

+ 2011-05-07 15:12 . 2011-05-07 15:12 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\abd5a61d39e474f12b30ccbbe6277667\System.IO.Log.ni.dll

+ 2011-05-07 15:12 . 2011-05-07 15:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\12c4dba6d4ff0278d208c283d9ed7670\System.IdentityModel.Selectors.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.Wrapper.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll

+ 2011-05-07 14:17 . 2011-05-07 14:17 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\447d7b4a7d0add13f8d2086088bcc41c\System.DirectoryServices.Protocols.ni.dll

+ 2011-05-07 18:41 . 2011-05-07 18:41 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f312bb844670ebc7458fec9e6b2568b3\System.Configuration.Install.ni.dll

+ 2011-05-07 14:15 . 2011-05-07 14:15 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll

+ 2011-05-07 14:15 . 2011-05-07 14:15 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll

+ 2011-05-07 14:16 . 2011-05-07 14:16 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll

+ 2011-05-07 14:16 . 2011-05-07 14:16 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll

+ 2011-05-07 15:11 . 2011-05-07 15:11 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\800da7dec567fadf3392091e9f01ecb9\AspNetMMCExt.ni.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2010-10-06 09:23 . 2011-05-07 14:06 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2011-05-06 23:17 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll

- 2010-05-04 18:25 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll

+ 2010-05-04 18:25 . 2011-02-22 23:06 1210880 c:\windows\system32\urlmon.dll

+ 2010-05-04 18:25 . 2011-02-22 23:06 5962240 c:\windows\system32\mshtml.dll

- 2009-03-08 04:32 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll

+ 2009-03-08 04:32 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll

- 2010-05-04 10:41 . 2011-04-29 02:12 3610376 c:\windows\system32\FNTCACHE.DAT

+ 2010-05-04 10:41 . 2011-05-07 14:29 3610376 c:\windows\system32\FNTCACHE.DAT

+ 2010-05-04 18:25 . 2011-03-03 13:21 1857920 c:\windows\system32\dllcache\win32k.sys

+ 2010-05-04 18:25 . 2011-02-22 23:06 1210880 c:\windows\system32\dllcache\urlmon.dll

- 2010-05-04 18:25 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll

+ 2010-05-04 18:25 . 2011-02-22 23:06 5962240 c:\windows\system32\dllcache\mshtml.dll

- 2010-05-04 10:30 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll

+ 2010-05-04 10:30 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll

+ 2011-01-18 03:39 . 2011-01-18 03:39 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2011-01-18 03:39 . 2011-01-18 03:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

- 2010-05-11 05:40 . 2010-05-11 05:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-05-07 14:14 . 2010-12-20 23:59 1210880 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll

+ 2011-05-07 14:14 . 2010-12-20 23:59 5961216 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll

+ 2011-05-07 14:14 . 2010-12-20 23:59 1991680 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll

+ 2010-10-06 09:23 . 2010-10-06 09:23 5025792 c:\windows\assembly\temp\X6ELT19HQY\System.Windows.Forms.dll

+ 2010-10-06 09:23 . 2010-10-06 09:23 3182592 c:\windows\assembly\temp\BLU1AJR0AI\System.dll

+ 2011-05-07 18:41 . 2011-05-07 18:41 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f0d8c0a0781bbdb5514914d6ec0f3a0c\WindowsLive.Writer.PostEditor.ni.dll

+ 2011-05-07 18:41 . 2011-05-07 18:41 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8838a946789a32502371924d135fabbb\WindowsLive.Writer.CoreServices.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\67355ef89c82ff3bb9a5430fee9b1f14\WindowsLive.Writer.ApplicationFramework.ni.dll

+ 2011-05-07 14:13 . 2011-05-07 14:13 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll

+ 2011-05-07 14:18 . 2011-05-07 14:18 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll

+ 2011-05-07 14:11 . 2011-05-07 14:11 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll

+ 2011-05-07 14:18 . 2011-05-07 14:18 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f5ebeeb0a8aaba9db15ec3df591339ba\System.Web.Services.ni.dll

+ 2011-05-07 14:17 . 2011-05-07 14:17 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll

+ 2011-05-07 15:12 . 2011-05-07 15:12 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\85090bd451617e204ffda625b8d9fc30\System.Runtime.Serialization.ni.dll

+ 2011-05-07 14:17 . 2011-05-07 14:17 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll

+ 2011-05-07 15:12 . 2011-05-07 15:12 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\86c59378e9a43bf101a10ad452a4bb8e\System.IdentityModel.ni.dll

+ 2011-05-07 14:17 . 2011-05-07 14:17 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c05d9332116964104c721e97f7ce1058\System.DirectoryServices.ni.dll

+ 2011-05-07 18:41 . 2011-05-07 18:41 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0118c0c73ea5c77bda7b10b188102ab6\System.Deployment.ni.dll

+ 2011-05-07 14:16 . 2011-05-07 14:16 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll

+ 2011-05-07 18:41 . 2011-05-07 18:41 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ba3ca7a93e227c32ce7b50d0a7ba935f\System.Data.SqlXml.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\5018d7d39ee99a18c2c17d68837a7a6d\System.Data.OracleClient.ni.dll

+ 2011-05-07 14:17 . 2011-05-07 14:17 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll

+ 2011-05-07 14:16 . 2011-05-07 14:16 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll

+ 2011-05-07 14:16 . 2011-05-07 14:16 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll

+ 2011-05-07 14:16 . 2011-05-07 14:16 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll

+ 2011-05-07 14:12 . 2011-05-07 14:12 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b117bf63daa7e587f1bb2d975dccb4af\PresentationBuildTasks.ni.dll

+ 2010-10-06 09:23 . 2011-05-07 14:06 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2010-10-06 09:23 . 2011-05-07 14:06 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-05-07 14:06 . 2011-05-07 14:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2010-10-06 09:23 . 2010-10-06 09:23 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2010-10-06 09:23 . 2011-05-07 14:06 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2010-10-20 16:30 . 2011-05-07 14:08 42181064 c:\windows\system32\MRT.exe

- 2009-03-08 04:39 . 2010-12-21 05:29 11080704 c:\windows\system32\ieframe.dll

+ 2009-03-08 04:39 . 2011-02-22 23:06 11080704 c:\windows\system32\ieframe.dll

+ 2010-05-04 10:30 . 2011-02-22 23:06 11080704 c:\windows\system32\dllcache\ieframe.dll

- 2010-05-04 10:30 . 2010-12-21 05:29 11080704 c:\windows\system32\dllcache\ieframe.dll

+ 2011-05-07 14:15 . 2011-05-07 14:15 20314624 c:\windows\Installer\33a4f.msp

+ 2011-02-11 19:47 . 2011-02-11 19:47 12028928 c:\windows\Installer\33a44.msp

+ 2011-05-07 14:14 . 2010-12-21 05:29 11080704 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll

+ 2011-05-07 14:18 . 2011-05-07 14:18 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll

+ 2011-05-07 18:42 . 2011-05-07 18:42 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll

+ 2011-05-07 18:40 . 2011-05-07 18:40 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b5f24d96334ea08b99350421450d3ba4\System.ServiceModel.ni.dll

+ 2011-05-07 14:17 . 2011-05-07 14:17 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll

+ 2011-05-07 14:15 . 2011-05-07 14:15 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll

+ 2011-05-07 14:14 . 2011-05-07 14:14 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll

+ 2011-05-07 14:09 . 2011-05-07 14:09 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-31 399736]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-10-23 2937528]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-16 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-16 173592]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]

"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]

.

c:\documents and settings\Maria de fatima\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\Maximiliano\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

2010-04-08 04:18 908368 ----a-w- c:\program files\Launch Manager\LManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-11-16 14:56 141336 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]

2010-02-12 15:11 99712 ----a-w- c:\windows\PLFSetL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]

2010-02-12 15:11 202112 ----a-w- c:\windows\system32\csnp2uvc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snuvcdsm]

2010-02-12 15:11 30080 ----a-w- c:\windows\snuvcdsm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Starcraft\\StarCraft.exe"=

"c:\\Program Files\\REACTOR\\REACTOR.exe"=

"c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\CAVEDOG\\TOTALA\\TotalA.exe"=

"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56856:TCP"= 56856:TCP:Pando Media Booster

"56856:UDP"= 56856:UDP:Pando Media Booster

"2970:TCP"= 2970:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

"25513:TCP"= 25513:TCP:spport

"27325:TCP"= 27325:TCP:spport

"18123:TCP"= 18123:TCP:spport

"11989:TCP"= 11989:TCP:spport

"5929:TCP"= 5929:TCP:spport

"28459:TCP"= 28459:TCP:spport

"14322:TCP"= 14322:TCP:spport

"27482:TCP"= 27482:TCP:spport

"14483:TCP"= 14483:TCP:spport

"27960:TCP"= 27960:TCP:spport

"13270:TCP"= 13270:TCP:spport

"13576:TCP"= 13576:TCP:spport

"11670:TCP"= 11670:TCP:spport

"13451:TCP"= 13451:TCP:spport

"12122:TCP"= 12122:TCP:spport

"18830:TCP"= 18830:TCP:spport

"29163:TCP"= 29163:TCP:spport

"8929:TCP"= 8929:TCP:spport

"27784:TCP"= 27784:TCP:spport

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/10/2010 22:09 691696]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [05/03/2011 22:10 22504]

R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [04/05/2010 19:26 312400]

R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [04/05/2010 12:15 243232]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/05/2010 19:26 60456]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\MAXIMI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\MAXIMI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\MAXIMI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\MAXIMI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/09/2010 14:12 135664]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04/05/2010 12:00 1691480]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [01/03/2011 21:23 183560]

S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [04/05/2010 12:03 108752]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/09/2010 14:12 135664]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]

S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-EMACHMKH-Maximiliano.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-10-06 02:44]

.

2011-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 13:12]

.

2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 13:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&m=em350&r=0xph0910n925l0444wum5r46n2r32p

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\Maximiliano\Application Data\Mozilla\Firefox\Profiles\6yq2bz5c.default\

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-07 19:45

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3340)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-05-07 19:48:33

ComboFix-quarantined-files.txt 2011-05-07 18:48

ComboFix2.txt 2011-05-06 22:03

ComboFix3.txt 2011-05-06 20:11

ComboFix4.txt 2011-05-03 08:08

.

Pre-Run: 5,308,985,344 bytes free

Post-Run: 5,265,190,912 bytes free

.

- - End Of File - - 1219AE1E054961233B13C18D6A26ED9A

Link to post
Share on other sites

Hi, I'm glad to hear that!

P2P WARNING

-------------------

Going over your logs I noticed that you have uTorrent installed.

  • [*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6528

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

07/05/2011 23:17:39

mbam-log-2011-05-07 (23-17-39).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 296422

Time elapsed: 1 hour(s), 34 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\maximiliano\application data\microsoft\installer\{dd8408e9-9421-484f-979d-db6361e3e828}\icondd8408e95.txt (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\maximiliano\application data\Sun\Java\deployment\cache\6.0\4\7c6df484-4fa8d603 (Trojan.FakeMS) -> Quarantined and deleted successfully.

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 20/09/2010 20:48:21

System Uptime: 07/05/2011 23:19:54 (0 hours ago)

.

Motherboard: Acer | | eM350

Processor: Intel® Atom CPU N450 @ 1.66GHz | CPU | 1662/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 138 GiB total, 5.67 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 03/05/2011 08:29:51 - System Checkpoint

RP2: 04/05/2011 10:48:54 - System Checkpoint

RP3: 06/05/2011 12:51:13 - System Checkpoint

RP4: 07/05/2011 15:00:49 - Software Distribution Service 3.0

RP5: 07/05/2011 21:22:08 - Removed Adobe Reader 9.1 MUI.

RP6: 07/05/2011 21:23:52 - Removed Acrobat.com

RP7: 07/05/2011 21:25:07 - Removed Bing Bar

RP8: 07/05/2011 21:30:47 - Installed Adobe Reader X (10.0.1).

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader X (10.0.1)

Annihilator

Apple Application Support

Apple Software Update

Arcanum

AssaultCube v1.1.0.4

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Brain 1.0

CCleaner

CodeBlocks

Command & Conquer

Link to post
Share on other sites

Hi, that looks good, a few final steps.

INSTALL ANTIVIRUS

---------------------------

I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 25 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-6u25-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

  • 2 weeks later...

Forgot about this, sorry...

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\57\34d95379-60392458 Java/TrojanDownloader.OpenStream.NBV trojan deleted - quarantined

C:\Documents and Settings\Maximiliano\Application Data\Sun\Java\Deployment\cache\6.0\26\7855f21a-4ae2a2c7 Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined

Link to post
Share on other sites

No problem. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.