Jump to content

Recommended Posts

Good Afternoon,

I have been fighting this a few days and I cannot seem to eliminate the issues. I have used MBAM and MBAM tells me that these have been Deleted or Deleted upon reboot. However, when I run a new scan these items still appear. Any assistance would be greatly appreciated.

I have attached the requested logs per the instructions of the forum.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6598

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/17/2011 10:03:09 AM

mbam-log-2011-05-17 (10-02-58).txt

Scan type: Quick scan

Objects scanned: 150582

Time elapsed: 10 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 9

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{01AE8CA1-AD35-4B36-86DA-65E63DADCF95} (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01AE8CA1-AD35-4B36-86DA-65E63DADCF95} (Trojan.Agent) -> No action taken.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\localservice\application data\020000009f01e9981270c.manifest (Malware.Trace) -> No action taken.

c:\documents and settings\localservice\application data\020000009f01e9981270o.manifest (Malware.Trace) -> No action taken.

c:\documents and settings\localservice\application data\020000009f01e9981270p.manifest (Malware.Trace) -> No action taken.

c:\documents and settings\localservice\application data\020000009f01e9981270s.manifest (Malware.Trace) -> No action taken.

c:\WINDOWS\SYSTEM32\020000009f01e9981270c.manifest (Malware.Trace) -> No action taken.

c:\WINDOWS\SYSTEM32\020000009f01e9981270o.manifest (Malware.Trace) -> No action taken.

c:\WINDOWS\SYSTEM32\020000009f01e9981270p.manifest (Malware.Trace) -> No action taken.

c:\WINDOWS\SYSTEM32\020000009f01e9981270s.manifest (Malware.Trace) -> No action taken.

c:\WINDOWS\SYSTEM32\authz32.dll (Trojan.Agent) -> No action taken.

===============

===============

Here is the DDS.txt file:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Sharon at 10:06:56.14 on Tue 05/17/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.616 [GMT -5:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ooVoo\oovoo.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP Button Manager\BM.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\WINDOWS\system32\kbdjpn32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\moricons32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Sharon Redeker\My Documents\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.rr.com/

uInternet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080

uInternet Settings,ProxyOverride = ams-server*;localhost

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: {01ae8ca1-ad35-4b36-86da-65e63dadcf95} - c:\windows\system32\authz32.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: bcdae76f: {4da295f3-33c2-7fe2-9ba2-e8b36c24be5e} - c:\windows\system32\MP4SDMOD32.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110510094307.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit

uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [bCMSMMSG] BCMSMMSG.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [DVDSentry] c:\windows\system32\DSentry.exe

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"

mRun: [nwiz] nwiz.exe /install

mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpbutt~1.lnk - c:\program files\hp button manager\BM.exe

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\VTAgentReboot.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232825599562

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

AppInit_DLLs: c:\windows\system32\MP4SDMOD32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 387480]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-14 11608]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-19 84200]

R1 Odptdi;Odptdi;c:\windows\system32\drivers\odptdi.sys [2008-8-17 46744]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-14 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-14 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-14 61960]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-25 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-19 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-19 271480]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-19 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-19 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-19 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-19 141792]

R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2010-11-26 104960]

R2 w32time32;Windows Time ;c:\windows\system32\kbdjpn32.exe [2011-5-6 761856]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-11-26 14336]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-19 56064]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-25 153280]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-25 52320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-19 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-19 88736]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S0 rlwq;rlwq;c:\windows\system32\drivers\fqgpyo.sys --> c:\windows\system32\drivers\fqgpyo.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-19 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-19 84488]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-25 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-25 40552]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-8-29 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-05-16 18:35:19 348160 ----a-w- c:\windows\system32\authz32.dll

2011-05-14 23:29:55 -------- d-----w- c:\windows\system32\NtmsData

2011-05-14 23:27:31 -------- d-----w- c:\docume~1\sharon~1\applic~1\Avira

2011-05-14 23:11:56 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-05-14 23:11:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2011-05-14 23:11:53 -------- d-----w- c:\program files\Avira

2011-05-14 23:08:14 -------- d-----w- c:\docume~1\sharon~1\applic~1\Windows Search

2011-05-14 21:18:41 0 ---ha-w- c:\documents and settings\sharon redeker\uceeoolbbn.tmp

2011-05-14 21:15:52 -------- d-----w- c:\docume~1\sharon~1\applic~1\Windows Desktop Search

2011-05-14 21:15:09 -------- d-----w- c:\program files\Windows Desktop Search

2011-05-14 21:13:10 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2011-05-14 21:13:10 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2011-05-14 21:13:09 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2011-05-14 20:38:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-14 20:38:09 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-14 20:10:19 -------- d-----w- c:\docume~1\sharon~1\locals~1\applic~1\Temp

2011-05-14 20:09:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-14 16:50:09 -------- d-sha-r- C:\cmdcons

2011-05-14 16:48:16 89088 ----a-w- c:\windows\MBR.exe

2011-05-14 16:48:13 256512 ----a-w- c:\windows\PEV.exe

2011-05-14 16:48:12 98816 ----a-w- c:\windows\sed.exe

2011-05-14 16:48:12 161792 ----a-w- c:\windows\SWREG.exe

2011-05-13 19:06:15 -------- d-----w- c:\windows\system32\winrm

2011-05-13 19:06:15 -------- d-----w- c:\windows\system32\GroupPolicy

2011-05-13 18:29:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-05-13 18:29:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2011-05-06 15:09:43 761856 ----a-w- c:\windows\system32\moricons32.exe

2011-05-06 15:09:41 171520 ----a-w- c:\windows\system32\MP4SDMOD32.dll

2011-05-06 15:09:35 761856 ----a-w- c:\windows\system32\kbdjpn32.exe

.

==================== Find3M ====================

.

2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

.

============= FINISH: 10:08:53.29 ===============

I have also attached the .zip file per the request of the forums.

I appreciate your time and assistance.

Thank you.

RandyDDS 2011-05-17.zip

Link to post
Share on other sites

Hello and :welcome:

TWO ANTIVIRUS PROGRAMS

---------------------------------------

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Avira or McAfee.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi elise025,

First I like to thank you for assisting me.

I un-installed avira as it was just installed a few days prior in the attempt to remove this pesky malware. McAfee is the primary virus protection on this PC so I left it installed on this PC. The removal of Avira was done before I ran ComboFix.

I ran ComboFix per your request and have attached and enclosed the log file for your review. I attempted to shutdown all of McAfee processes as possible but I could not get two services to shut down prior to running ComboFix.

Note: I am going to split the log file because the forum is telling me the post is to long. I apologize for the incovenience. I also attached a copy of the ComboFix log file if that makes it easier for you.

ComboFix 11-05-17.03 - Sharon 05/18/2011 16:29:16.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.667 [GMT -5:00]

Running from: c:\documents and settings\Sharon \Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\LocalService\Application Data\020000009f01e9981270C.manifest

c:\documents and settings\LocalService\Application Data\020000009f01e9981270O.manifest

c:\documents and settings\LocalService\Application Data\020000009f01e9981270P.manifest

c:\documents and settings\LocalService\Application Data\020000009f01e9981270S.manifest

.

.

((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))

.

.

2011-05-14 23:29 . 2011-05-18 20:26 -------- d-----w- c:\windows\system32\NtmsData

2011-05-14 23:08 . 2011-05-14 23:08 -------- d-----w- c:\documents and settings\Sharon Redeker\Application Data\Windows Search

2011-05-14 21:18 . 2011-05-14 21:18 0 ---ha-w- c:\documents and settings\Sharon Redeker\uceeoolbbn.tmp

2011-05-14 21:15 . 2011-05-14 21:15 -------- d-----w- c:\documents and settings\Sharon Redeker\Application Data\Windows Desktop Search

2011-05-14 21:15 . 2011-05-15 15:02 -------- d-----w- c:\program files\Windows Desktop Search

2011-05-14 21:13 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2011-05-14 21:13 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2011-05-14 21:13 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2011-05-14 20:48 . 2011-05-14 20:48 -------- d-----w- c:\program files\Microsoft.NET

2011-05-14 20:38 . 2011-05-14 20:37 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-14 20:38 . 2011-05-14 20:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-14 20:10 . 2011-05-14 20:10 -------- d-----w- c:\documents and settings\Sharon Redeker\Local Settings\Application Data\Temp

2011-05-14 20:09 . 2011-05-14 20:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-14 19:58 . 2011-05-14 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2011-05-14 19:58 . 2011-05-14 19:58 -------- d-----w- c:\program files\NOS

2011-05-14 19:24 . 2011-05-14 19:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-05-13 19:06 . 2011-05-13 19:06 -------- d-----w- c:\windows\system32\winrm

2011-05-13 19:06 . 2011-05-13 19:06 -------- d-----w- c:\windows\system32\GroupPolicy

2011-05-13 18:29 . 2011-05-13 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-05-13 18:29 . 2011-05-13 18:32 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-05-06 15:09 . 2011-05-06 15:09 761856 ----a-w- c:\windows\system32\moricons32.exe

2011-05-06 15:09 . 2011-05-06 15:09 171520 ----a-w- c:\windows\system32\MP4SDMOD32.dll

2011-05-06 15:09 . 2011-05-06 15:09 761856 ----a-w- c:\windows\system32\kbdjpn32.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-14 19:01 . 2010-08-19 20:11 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 19:01 . 2010-08-19 20:10 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 19:01 . 2010-08-19 20:10 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-04-14 19:01 . 2010-08-19 20:10 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 19:01 . 2010-08-19 20:10 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 19:01 . 2010-08-19 20:10 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 19:01 . 2010-08-19 20:10 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 19:01 . 2009-03-25 15:43 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 19:01 . 2009-03-25 15:43 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-04-14 19:01 . 2009-01-17 01:04 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-03-11 14:10 . 2002-08-29 11:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-07 05:33 . 2004-06-07 19:19 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2002-08-29 11:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2002-08-29 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((( SnapShot@2011-05-14_17.03.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-01-11 04:03 . 2011-01-11 04:03 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662\vcomp.dll

+ 2011-01-11 03:32 . 2011-01-11 03:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll

+ 2011-01-11 03:32 . 2011-01-11 03:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll

+ 2011-01-11 03:32 . 2011-01-11 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll

+ 2011-01-11 03:32 . 2011-01-11 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll

+ 2011-01-11 03:32 . 2011-01-11 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll

+ 2011-01-11 03:32 . 2011-01-11 03:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll

+ 2011-01-11 03:32 . 2011-01-11 03:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll

+ 2011-01-11 03:32 . 2011-01-11 03:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll

+ 2011-01-11 03:32 . 2011-01-11 03:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll

+ 2011-01-11 09:05 . 2011-01-11 09:05 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll

+ 2011-01-11 09:23 . 2011-01-11 09:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll

+ 2011-01-11 02:21 . 2011-01-11 02:21 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll

+ 2011-05-18 21:19 . 2011-05-18 21:19 16384 c:\windows\temp\Perflib_Perfdata_1b8.dat

+ 2008-05-27 03:18 . 2008-05-27 03:18 56320 c:\windows\SYSTEM32\xmlfilter.dll

+ 2008-05-27 03:19 . 2008-05-27 03:19 97792 c:\windows\SYSTEM32\UncCplExt.dll

+ 2008-05-27 02:59 . 2008-05-27 02:59 18904 c:\windows\SYSTEM32\structuredqueryschematrivial.bin

+ 2004-08-28 20:42 . 2009-05-12 20:12 26144 c:\windows\SYSTEM32\spupdsvc.exe

- 2004-08-28 20:42 . 2009-01-07 23:21 26144 c:\windows\SYSTEM32\spupdsvc.exe

+ 2007-10-30 16:26 . 2009-05-12 20:12 16928 c:\windows\SYSTEM32\spmsg.dll

- 2007-10-30 16:26 . 2009-01-07 23:20 16928 c:\windows\SYSTEM32\spmsg.dll

+ 2008-05-27 03:17 . 2008-05-27 03:17 87552 c:\windows\SYSTEM32\searchfilterhost.exe

+ 2008-05-27 03:18 . 2008-05-27 03:18 38400 c:\windows\SYSTEM32\rtffilt.dll

+ 2008-05-27 03:18 . 2008-05-27 03:18 71680 c:\windows\SYSTEM32\propdefs.dll

+ 2003-11-24 12:27 . 2011-05-14 21:15 87746 c:\windows\SYSTEM32\PERFC009.DAT

+ 2008-05-27 03:19 . 2008-05-27 03:19 11264 c:\windows\SYSTEM32\oephRes.dll

- 2002-08-29 11:00 . 2008-04-14 00:12 98304 c:\windows\SYSTEM32\nlhtml.dll

+ 2002-08-29 11:00 . 2008-03-07 17:02 98304 c:\windows\SYSTEM32\nlhtml.dll

+ 2008-05-27 03:18 . 2008-05-27 03:18 44032 c:\windows\SYSTEM32\msstrc.dll

+ 2008-05-27 03:17 . 2008-05-27 03:17 32768 c:\windows\SYSTEM32\mssprxy.dll

+ 2008-05-27 03:17 . 2008-05-27 03:17 87552 c:\windows\SYSTEM32\mssitlb.dll

+ 2008-05-27 03:17 . 2008-05-27 03:17 11776 c:\windows\SYSTEM32\msshooks.dll

+ 2008-05-27 03:17 . 2008-05-27 03:17 60416 c:\windows\SYSTEM32\msscntrs.dll

+ 2008-05-27 03:17 . 2008-05-27 03:17 34816 c:\windows\SYSTEM32\msscb.dll

+ 2002-08-29 11:00 . 2008-03-07 17:02 29696 c:\windows\SYSTEM32\mimefilt.dll

- 2002-08-29 11:00 . 2008-04-14 00:11 29696 c:\windows\SYSTEM32\mimefilt.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 70472 c:\windows\SYSTEM32\dxva2.dll

+ 2011-05-14 21:38 . 2011-05-18 16:24 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2002-09-03 08:08 . 2011-05-14 15:41 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT

+ 2002-09-03 08:08 . 2011-05-18 16:24 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT

- 2002-09-03 08:08 . 2011-05-14 15:41 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT

+ 2011-05-14 21:38 . 2011-05-18 16:24 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat

+ 2009-05-11 14:23 . 2011-05-14 20:33 87699 c:\windows\SYSTEM32\Adobe\Shockwave 11\uninstaller.exe

+ 2011-04-26 06:51 . 2011-04-26 06:51 98304 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwMenu.dll

+ 2011-04-26 06:07 . 2011-04-26 06:07 73408 c:\windows\SYSTEM32\Adobe\Shockwave 11\gtapi.dll

+ 2011-04-26 06:07 . 2011-04-26 06:07 64512 c:\windows\SYSTEM32\Adobe\Shockwave 11\gcapi_dll.dll

+ 2011-02-02 13:55 . 2011-02-02 13:55 68536 c:\windows\SYSTEM32\Adobe\Director\SWDNLD.EXE

+ 2010-03-18 18:16 . 2010-03-18 18:16 87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 67912 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 31576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 45952 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll

+ 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUtility.exe

+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe

+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3082\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3076\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2070\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2052\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1055\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1053\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1049\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1046\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1045\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1044\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1043\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1042\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1041\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1040\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1038\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1037\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1036\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1035\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1033\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1032\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1031\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1030\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1029\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1028\SetupResources.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1025\SetupResources.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 58192 c:\windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 52040 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 21336 c:\windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll

+ 2011-02-10 09:10 . 2011-02-10 09:10 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 40784 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 20816 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 36168 c:\windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 58200 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 27992 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 42312 c:\windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 11592 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 88904 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 31048 c:\windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 95048 c:\windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 29008 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 29528 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 29016 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 10064 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 24400 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorlib.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-05-14 20:32 . 2011-05-14 20:32 28160 c:\windows\Installer\64c50.msi

+ 2011-05-15 19:25 . 2011-05-15 19:25 15086 c:\windows\Installer\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\_D9A08C9B220D8A829C84A8.exe

+ 2011-05-15 19:25 . 2011-05-15 19:25 15086 c:\windows\Installer\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\_7D2E43E33C16ACC58821C2.exe

- 2010-11-26 15:58 . 2011-01-29 19:48 15086 c:\windows\Installer\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\_6FEFF9B68218417F98F549.exe

+ 2010-11-26 15:58 . 2011-05-15 19:25 15086 c:\windows\Installer\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\_6FEFF9B68218417F98F549.exe

+ 2010-11-10 17:49 . 2010-11-10 17:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll

+ 2010-11-10 17:49 . 2010-11-10 17:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe

+ 2010-11-10 17:49 . 2010-11-10 17:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll

+ 2010-11-10 17:49 . 2010-11-10 17:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe

+ 2010-11-10 17:49 . 2010-11-10 17:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe

+ 2010-11-10 17:49 . 2010-11-10 17:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe

+ 2010-11-10 17:49 . 2010-11-10 17:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll

+ 2010-11-10 17:49 . 2010-11-10 17:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll

+ 2010-11-10 17:49 . 2010-11-10 17:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9824b202ffe88c945577effdc7fc8fc3\UIAutomationProvider.ni.dll

+ 2011-05-14 21:52 . 2011-05-14 21:52 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\6474ae2cebac637025eab3cbcdc9ffe6\System.Windows.Presentation.ni.dll

+ 2011-05-14 21:52 . 2011-05-14 21:52 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\50cbf014f60fa88f67a763dfbead1fee\System.Web.ApplicationServices.ni.dll

+ 2011-05-14 21:52 . 2011-05-14 21:52 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f472171edc898ea876f14b97b4f332b8\System.ServiceModel.Channels.ni.dll

+ 2011-05-14 21:48 . 2011-05-14 21:48 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\473102f936b4a823e5e2b2e6282c5104\System.AddIn.Contract.ni.dll

+ 2011-05-14 21:46 . 2011-05-14 21:46 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\1a21a54acf18fabfddb0b94d40e509a1\Microsoft.VisualC.ni.dll

+ 2011-05-14 21:45 . 2011-05-14 21:45 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\7600f9d2a3bc01ba15674667283c2e53\Accessibility.ni.dll

+ 2008-05-27 03:19 . 2008-05-27 03:19 2048 c:\windows\SYSTEM32\UncRes.dll

+ 2011-04-26 06:52 . 2011-04-26 06:52 9216 c:\windows\SYSTEM32\Adobe\Shockwave 11\DynaPlayer.dll

- 2009-04-28 10:26 . 2009-04-28 10:26 9216 c:\windows\SYSTEM32\Adobe\Shockwave 11\DynaPlayer.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3082.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3076.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.2070.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8024 c:\windows\Microsoft.NET\NETFXRepair.2052.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1055.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1053.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1049.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1046.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1045.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1044.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1043.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1042.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1041.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1040.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1038.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1037.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1036.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1035.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1033.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1032.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1031.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1030.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1029.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8024 c:\windows\Microsoft.NET\NETFXRepair.1028.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1025.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8040 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll

+ 2011-05-14 21:45 . 2011-05-14 21:45 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\1a4701c5a061d081b78353bd04349c3e\dfsvc.ni.exe

+ 2011-05-14 21:00 . 2011-05-14 21:00 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll

+ 2011-01-11 09:27 . 2011-01-11 09:27 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll

+ 2011-01-11 09:24 . 2011-01-11 09:24 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll

+ 2011-01-11 09:08 . 2011-01-11 09:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll

+ 2008-05-27 03:19 . 2008-05-27 03:19 131072 c:\windows\SYSTEM32\UncPH.dll

+ 2008-05-27 03:19 . 2008-05-27 03:19 108032 c:\windows\SYSTEM32\UncNE.dll

+ 2008-05-27 03:19 . 2008-05-27 03:19 143872 c:\windows\SYSTEM32\UncDMS.dll

+ 2008-05-27 02:59 . 2008-05-27 02:59 106605 c:\windows\SYSTEM32\structuredqueryschema.bin

+ 2008-05-27 03:17 . 2008-05-27 03:17 301568 c:\windows\SYSTEM32\srchadmin.dll

+ 2008-05-27 03:18 . 2008-05-27 03:18 184832 c:\windows\SYSTEM32\searchprotocolhost.exe

+ 2008-05-27 03:18 . 2008-05-27 03:18 439808 c:\windows\SYSTEM32\searchindexer.exe

+ 2008-05-27 03:17 . 2008-05-27 03:17 754176 c:\windows\SYSTEM32\propsys.dll

+ 2003-11-24 12:27 . 2011-05-14 21:15 504332 c:\windows\SYSTEM32\PERFH009.DAT

- 2002-08-29 11:00 . 2008-04-14 00:12 192000 c:\windows\SYSTEM32\offfilt.dll

+ 2002-08-29 11:00 . 2008-03-07 17:02 192000 c:\windows\SYSTEM32\offfilt.dll

+ 2008-05-27 03:19 . 2008-05-27 03:19 273408 c:\windows\SYSTEM32\oeph.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 771424 c:\windows\SYSTEM32\msvcr100_clr0400.dll

+ 2008-05-27 03:18 . 2008-05-27 03:18 203776 c:\windows\SYSTEM32\mssphtb.dll

+ 2008-05-27 03:18 . 2009-05-25 05:24 350208 c:\windows\SYSTEM32\mssph.dll

+ 2008-05-27 03:18 . 2008-05-27 03:18 231936 c:\windows\SYSTEM32\msshsq.dll

+ 2009-09-24 05:30 . 2009-09-24 05:30 156488 c:\windows\SYSTEM32\mscorier.dll

+ 2011-05-14 20:09 . 2011-05-14 20:09 240288 c:\windows\SYSTEM32\Macromed\Flash\FlashUtil10q_ActiveX.exe

+ 2011-05-14 20:09 . 2011-05-14 20:09 321184 c:\windows\SYSTEM32\Macromed\Flash\FlashUtil10q_ActiveX.dll

+ 2011-05-14 20:38 . 2011-05-14 20:37 157472 c:\windows\SYSTEM32\javaws.exe

+ 2011-05-14 20:38 . 2011-05-14 20:37 145184 c:\windows\SYSTEM32\javaw.exe

+ 2011-05-14 20:38 . 2011-05-14 20:37 145184 c:\windows\SYSTEM32\java.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 486216 c:\windows\SYSTEM32\evr.dll

+ 2009-10-22 18:53 . 2011-05-18 16:24 262144 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat

- 2009-10-22 18:53 . 2011-04-16 16:23 262144 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat

- 2009-04-28 10:24 . 2009-04-28 10:24 114688 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwInit.exe

+ 2011-04-26 06:51 . 2011-04-26 06:51 114688 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwInit.exe

+ 2011-04-26 07:00 . 2011-04-26 07:00 469944 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwHelper_1159620.exe

+ 2011-04-26 06:07 . 2011-04-26 06:07 136568 c:\windows\SYSTEM32\Adobe\Shockwave 11\SCC.dll

- 2009-04-28 10:26 . 2009-04-28 10:26 446464 c:\windows\SYSTEM32\Adobe\Shockwave 11\Proj.dll

+ 2011-04-26 06:53 . 2011-04-26 06:53 446464 c:\windows\SYSTEM32\Adobe\Shockwave 11\Proj.dll

- 2009-04-28 10:24 . 2009-04-28 10:24 372736 c:\windows\SYSTEM32\Adobe\Shockwave 11\Plugin.dll

+ 2011-04-26 06:52 . 2011-04-26 06:52 372736 c:\windows\SYSTEM32\Adobe\Shockwave 11\Plugin.dll

+ 2011-04-26 06:53 . 2011-04-26 06:53 880640 c:\windows\SYSTEM32\Adobe\Shockwave 11\gi.dll

+ 2011-04-26 06:51 . 2011-04-26 06:51 503808 c:\windows\SYSTEM32\Adobe\Shockwave 11\Control.dll

+ 2011-02-02 13:55 . 2011-02-02 13:55 215992 c:\windows\SYSTEM32\Adobe\Director\SwDir.dll

+ 2011-04-26 06:52 . 2011-04-26 06:52 135168 c:\windows\SYSTEM32\Adobe\Director\np32dsw.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 114520 c:\windows\Microsoft.NET\NETFXRepair.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 915800 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 753504 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 350592 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 163168 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 675672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 334688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 581464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 832856 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 801136 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 181096 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 194424 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 478576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 167288 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 232304 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 807264 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 138592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 699224 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 857960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 269672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 113512 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 129912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 390008 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 505208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 261472 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 122264 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 291184 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 349568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 231760 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 253280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 134528 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 378720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 123736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 125816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 392552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll

+ 2010-03-18 05:51 . 2010-03-18 05:51 109568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 246128 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 120152 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 607064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 182144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 395120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 285072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 829280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 747360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 436600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 683872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 409448 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.configuration.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 210816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 149848 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 122248 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 525704 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 112976 c:\windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll

+ 2011-02-10 09:10 . 2011-02-10 09:10 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 124240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

+ 2009-08-31 10:44 . 2009-08-31 10:44 144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\sqmapi.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUi.dll

+ 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupEngine.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 173920 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 121688 c:\windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 150856 c:\windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 130384 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 335184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 110936 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 372048 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 145752 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 413008 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll

+ 2011-02-10 09:10 . 2011-02-10 09:10 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 661352 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 349576 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 170368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 387960 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 746336 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 505184 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 794464 c:\windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 688472 c:\windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 129880 c:\windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll

+ 2011-02-10 09:10 . 2011-02-10 09:10 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 105808 c:\windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 105288 c:\windows\Microsoft.NET\Framework\v4.0.30319\alink.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 139088 c:\windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 255304 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 255896 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 182088 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2011-05-14 21:05 . 2011-05-14 21:05 459264 c:\windows\Installer\fe95f.msi

+ 2011-05-14 20:38 . 2011-05-14 20:38 180224 c:\windows\Installer\64c5e.msi

+ 2011-05-14 20:37 . 2011-05-14 20:37 675840 c:\windows\Installer\64c59.msi

+ 2011-05-15 19:25 . 2011-05-15 19:25 224768 c:\windows\Installer\4fa4d.msi

+ 2010-11-10 17:49 . 2010-11-10 17:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll

+ 2010-11-10 17:49 . 2010-11-10 17:49 101288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe

+ 2010-11-10 17:49 . 2010-11-10 17:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll

+ 2010-11-10 17:49 . 2010-11-10 17:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll

+ 2010-11-10 17:49 . 2010-11-10 17:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll

+ 2010-11-10 17:49 . 2010-11-10 17:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll

+ 2010-11-10 17:49 . 2010-11-10 17:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe

+ 2010-11-10 17:49 . 2010-11-10 17:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll

+ 2011-05-14 21:52 . 2011-05-14 21:52 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\c854ff737035c79fdf1b56b95e28fdbc\WindowsFormsIntegration.ni.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\c085fc0d222fb39afe14cc8e5eb32eee\UIAutomationTypes.ni.dll

+ 2011-05-14 21:52 . 2011-05-14 21:52 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\974f99cb0c5b67484ce5a3fd1fc5e7dd\UIAutomationClient.ni.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6d7c87b19bf40f2bc57ec4429b628c9a\System.Xml.Linq.ni.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\21eb4743be4fdd8df5f0a9cd0dd52f5d\System.Windows.Input.Manipulations.ni.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\1fac5b5769af4e4dd0aa3f09d9834734\System.Transactions.ni.dll

+ 2011-05-14 21:52 . 2011-05-14 21:52 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\4e5c6a1e261c43961b19f4712359234f\System.ServiceProcess.ni.dll

+ 2011-05-14 21:52 . 2011-05-14 21:52 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9fc58e83505ef6bf05a4529665c7737d\System.ServiceModel.Routing.ni.dll

+ 2011-05-14 21:03 . 2011-05-14 21:03 721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\df00a90a0ca189eb49b071dfd9530347\System.Security.ni.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7de8fccb064fff0d219e8594a014b600\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 758784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\30b7ffac8d9d7ba0364dd19c158fe291\System.Runtime.Remoting.ni.dll

+ 2011-05-14 21:02 . 2011-05-14 21:02 144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\f2304201110addb8170997ff442e87fc\System.Numerics.ni.dll

+ 2011-05-14 21:51 . 2011-05-14 21:51 651264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\56158e581a3dfce8f930fe7388cfe156\System.Net.ni.dll

+ 2011-05-14 21:51 . 2011-05-14 21:51 625152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\8b3e59239912537657fc7f9c6b88dd8a\System.Messaging.ni.dll

+ 2011-05-14 21:50 . 2011-05-14 21:50 392704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\117067671949b80852b0a7c112888b7b\System.Management.Instrumentation.ni.dll

+ 2011-05-14 21:50 . 2011-05-14 21:50 405504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\a483116d4df8444911c9d47fd99b8b95\System.IO.Log.ni.dll

+ 2011-05-14 21:50 . 2011-05-14 21:50 228352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\3891b868ee83ca630686d547c328da31\System.IdentityModel.Selectors.ni.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\547669d593c2ac7c94391e153ea6068f\System.EnterpriseServices.Wrapper.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\547669d593c2ac7c94391e153ea6068f\System.EnterpriseServices.ni.dll

+ 2011-05-14 21:03 . 2011-05-14 21:03 373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\f9b335b9f86afcae5a54949288010a0f\System.Dynamic.ni.dll

+ 2011-05-14 21:50 . 2011-05-14 21:50 911872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8a7ceaec74327e2be758e7291b8a5849\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-05-14 21:50 . 2011-05-14 21:50 461824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\698dd101afeceb8ffc4a435b9be82038\System.DirectoryServices.Protocols.ni.dll

+ 2011-05-14 21:50 . 2011-05-14 21:50 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\65b4592d5d04a0c5b6f102f8d1e065e8\System.Device.ni.dll

+ 2011-05-14 21:48 . 2011-05-14 21:48 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\ee0a48c4f9340f1002baa71004a14932\System.Data.DataSetExtensions.ni.dll

+ 2011-05-14 21:02 . 2011-05-14 21:02 973312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f7f7d2aa985906327e256d05472bdeb3\System.Configuration.ni.dll

+ 2011-05-14 21:48 . 2011-05-14 21:48 145920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\9a074aee02c2c27bd8a64bd39bb0f954\System.Configuration.Install.ni.dll

+ 2011-05-14 21:48 . 2011-05-14 21:48 193536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\f02a6c23986ba9eee3699717437b0f94\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-05-14 21:03 . 2011-05-14 21:03 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\50925baa7781cd6b13b345750b78cac2\System.ComponentModel.Composition.ni.dll

+ 2011-05-14 21:48 . 2011-05-14 21:48 613888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\d5de48c1c29a8498c89ed5da48e40690\System.AddIn.ni.dll

+ 2011-05-14 21:48 . 2011-05-14 21:48 402944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\d60de251f6401ab42fe195f6bf25ca73\System.Activities.DurableInstancing.ni.dll

+ 2011-05-14 21:46 . 2011-05-14 21:46 316928 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\d42aded7e797fe07a002cec27071b509\SMSvcHost.ni.exe

+ 2011-05-14 21:47 . 2011-05-14 21:47 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\22f477b2dad8700e564daead57f5b825\SMDiagnostics.ni.dll

+ 2011-05-14 21:03 . 2011-05-14 21:03 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ea81a1bfc0d3e8840be37dffb83fc12e\PresentationFramework.Luna.ni.dll

+ 2011-05-14 21:03 . 2011-05-14 21:03 327168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e4498a63f9913a5d47d26de0da220fdc\PresentationFramework.Royale.ni.dll

+ 2011-05-14 21:03 . 2011-05-14 21:03 283648 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\debfd1ead83df514b9a663bf3601669f\PresentationFramework.Classic.ni.dll

+ 2011-05-14 21:02 . 2011-05-14 21:02 450048 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bc6292c4e40c4bf27d35ec5a8065893f\PresentationFramework.Aero.ni.dll

+ 2011-05-14 21:46 . 2011-05-14 21:46 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e6c8530bfd8c9a39e07a5401b3acba04\Microsoft.VisualBasic.Compatibility.Data.ni.dll

+ 2011-05-14 21:46 . 2011-05-14 21:46 418304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\a78fa250714cf42472bc22d0b7ea14e5\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-05-14 21:46 . 2011-05-14 21:46 193024 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e665571fbfd43f6f3f715b715dd01f14\CustomMarshalers.ni.dll

+ 2011-01-11 03:50 . 2011-01-11 03:50 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll

+ 2011-01-11 03:50 . 2011-01-11 03:50 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll

+ 2008-05-27 03:21 . 2008-05-27 03:21 1582592 c:\windows\SYSTEM32\tquery.dll

+ 2008-05-27 03:21 . 2008-05-27 03:21 1418240 c:\windows\SYSTEM32\mssrch.dll

+ 2011-04-26 06:44 . 2011-04-26 06:44 1019904 c:\windows\SYSTEM32\Adobe\Shockwave 11\iml32.dll

+ 2011-04-26 06:07 . 2011-04-26 06:07 2314416 c:\windows\SYSTEM32\Adobe\Shockwave 11\gt.exe

+ 2011-04-26 06:46 . 2011-04-26 06:46 1802240 c:\windows\SYSTEM32\Adobe\Shockwave 11\dirapi.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 1303896 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 6346600 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 3545952 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 2650464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 4881752 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 2199880 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

+ 2010-03-18 18:16 . 2010-03-18 18:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 4982120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 1711496 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 6067048 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 1026936 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 3481928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 4464480 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 2970968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 1339736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 1462648 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 1199968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll

+ 2010-03-18 20:26 . 2010-03-18 20:26 1163264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\netfx_core_x86.msi

+ 2011-02-10 09:10 . 2011-02-10 09:10 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll

+ 2011-02-10 09:10 . 2011-02-10 09:10 1142104 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 2989456 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2010-03-18 18:16 . 2010-03-18 18:16 1972552 c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

+ 2011-02-10 09:10 . 2011-02-10 09:10 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2011-05-14 21:00 . 2011-05-14 21:00 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-05-14 21:01 . 2011-05-14 21:01 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2011-05-14 20:30 . 2011-05-14 20:30 2283008 c:\windows\Installer\64c3b.msi

+ 2011-05-14 20:50 . 2011-05-14 20:50 1160192 c:\windows\Installer\58621.msi

+ 2010-11-10 17:49 . 2010-11-10 17:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll

+ 2010-11-10 17:49 . 2010-11-10 17:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll

+ 2010-11-10 17:49 . 2010-11-10 17:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll

+ 2010-11-10 17:49 . 2010-11-10 17:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe

+ 2010-11-10 17:49 . 2010-11-10 17:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe

+ 2011-05-14 21:03 . 2011-05-14 21:03 3779072 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8d8cf1d60737d945a526fb11577d4b8a\WindowsBase.ni.dll

+ 2011-05-14 21:52 . 2011-05-14 21:52 1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\28121866e3d6d8b0dc72d9e250b0af1c\UIAutomationClientsideProviders.ni.dll

+ 2011-05-14 21:02 . 2011-05-14 21:02 9000960 c:\windows\assembly\NativeImages_v4.0.30319_32\System\7abfd34ae39103ceccdfb8b262ed6a97\System.ni.dll

+ 2011-05-14 21:02 . 2011-05-14 21:02 5571584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\eb45dda4b68ae7f29995c3a3d909fbe7\System.Xml.ni.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 1776640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\738a078bc59722d6b06b5ae5e99569f9\System.Xaml.ni.dll

+ 2011-05-14 21:52 . 2011-05-14 21:52 4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\eec21f9b08bbed54d9e36038badaf289\System.Windows.Forms.DataVisualization.ni.dll

+ 2011-05-14 21:52 . 2011-05-14 21:52 1828352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\46f59c5b9fee41849705f2b5f1102d66\System.Web.Services.ni.dll

+ 2011-05-14 21:52 . 2011-05-14 21:52 1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\01a3b3bf7fadd971e17400c8502ec886\System.Speech.ni.dll

+ 2011-05-14 21:52 . 2011-05-14 21:52 1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6856341eadab4c3ace0e39182649bba2\System.ServiceModel.Discovery.ni.dll

+ 2011-05-14 21:51 . 2011-05-14 21:51 1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4048a5620b0fa66a7414cff30155d30c\System.ServiceModel.Activities.ni.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 2625024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\c46375bba06671d2a9369e630752987a\System.Runtime.Serialization.ni.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 1011200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\6b6309a2e7f384bac4ccbdf1eca34c30\System.Runtime.DurableInstancing.ni.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 1047040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\24f97354b0a95ef77b2db8de9e7374fe\System.Printing.ni.dll

+ 2011-05-14 21:50 . 2011-05-14 21:50 1159168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\05a0937d76f565aa728348fc24f6c2eb\System.Management.ni.dll

+ 2011-05-14 21:50 . 2011-05-14 21:50 1065984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1f045fc92d6402b27f6b9fb9291d44c3\System.IdentityModel.ni.dll

+ 2011-05-14 21:03 . 2011-05-14 21:03 1651200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\526f0a9717cbd8a50d09a10b5ce81c0d\System.Drawing.ni.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 1151488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6dc0ed081400ec315f895bdc7fd016c4\System.DirectoryServices.ni.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 1872384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\2a2a921350a9651e9bd681197edeb88d\System.Deployment.ni.dll

+ 2011-05-14 21:03 . 2011-05-14 21:03 6754816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\adc8f2f7dff3233f2d72bcef8e58226a\System.Data.ni.dll

+ 2011-05-14 21:03 . 2011-05-14 21:03 2538496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\c25dda9b477a33f9f235292114bb535c\System.Data.SqlXml.ni.dll

+ 2011-05-14 21:50 . 2011-05-14 21:50 1332736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\aa778d274523b93d389e581e58698918\System.Data.Services.Client.ni.dll

+ 2011-05-14 21:03 . 2011-05-14 21:03 2499072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\8e0d083a7ad85b579d176e3594b5f3b8\System.Data.Linq.ni.dll

+ 2011-05-14 21:03 . 2011-05-14 21:03 7025664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\69b1f8a15cdfb26e30c8761fa4f96940\System.Core.ni.dll

+ 2011-05-14 21:48 . 2011-05-14 21:48 4103168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\ec488a50a47246a625159744ad8e0931\System.Activities.ni.dll

+ 2011-05-14 21:48 . 2011-05-14 21:48 3691520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\00fb4f96c610880aeee34d8670347a6d\System.Activities.Presentation.ni.dll

+ 2011-05-14 21:48 . 2011-05-14 21:48 1506304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\a965a0f825fb91ce7cf78d99263968b4\System.Activities.Core.Presentation.ni.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 2842624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\3f04b2ab8961aceac03f8ae2ccabe947\ReachFramework.ni.dll

+ 2011-05-14 21:47 . 2011-05-14 21:47 1622528 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3aebfb1497141c9466ee8ce68a3bf805\PresentationUI.ni.dll

+ 2011-05-14 21:46 . 2011-05-14 21:46 1819648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ff572ca3a119cd72903df8c6ed667b62\Microsoft.VisualBasic.ni.dll

+ 2011-05-14 21:46 . 2011-05-14 21:46 1134080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\c9bbe042f095b833c13bf65d50aa54b6\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2011-05-14 21:46 . 2011-05-14 21:46 1167872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\320f1578082f1de1f8562ce92c0c2dab\Microsoft.VisualBasic.Activities.Compiler.ni.dll

+ 2011-05-14 21:46 . 2011-05-14 21:46 1079808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\ac03be8a96bd10965da87208d81eb07d\Microsoft.Transactions.Bridge.ni.dll

+ 2011-05-14 21:51 . 2011-05-14 21:51 2441728 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\d4572ad085979b16261058f1433e73e9\Microsoft.JScript.ni.dll

+ 2011-05-14 21:03 . 2011-05-14 21:03 1612288 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\32454400da56267e19961852345d7a62\Microsoft.CSharp.ni.dll

+ 2011-02-11 13:43 . 2011-02-11 13:43 10951168 c:\windows\Installer\fe959.msp

+ 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\64c3c.msp

+ 2010-11-10 17:49 . 2010-11-10 17:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll

+ 2011-05-14 21:04 . 2011-05-14 21:04 13006336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\85b61e27d3c08c0c8ff19deb75912e1d\System.Windows.Forms.ni.dll

+ 2011-05-14 21:51 . 2011-05-14 21:51 17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8964b15d32028ef9dfe776216af8524d\System.ServiceModel.ni.dll

+ 2011-05-14 21:50 . 2011-05-14 21:50 13273600 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\38409bc0ee7cdb9fbc981fefea83ab23\System.Data.Entity.ni.dll

+ 2011-05-14 21:04 . 2011-05-14 21:04 17629184 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f1e3e74b135fcd61fa30090a2c2596a6\PresentationFramework.ni.dll

+ 2011-05-14 21:03 . 2011-05-14 21:03 11058176 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3fe193ac81b9eafd76aafeec99bdbf6a\PresentationCore.ni.dll

+ 2011-05-14 21:02 . 2011-05-14 21:02 14415872 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\eb4e1e70734f6efb9c7de7ec5f452c9e\mscorlib.ni.dll

.

ComboFixLog20110518.txt

Link to post
Share on other sites

Part 2 of the ComboFix Log.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DA295F3-33C2-7FE2-9BA2-E8B36C24BE5E}]

2011-05-06 15:09 171520 ----a-w- c:\windows\SYSTEM32\MP4SDMOD32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]

"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-05-11 22631608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]

"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]

"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-12-03 118784]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-11-24 151597]

"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-03 270336]

"nwiz"="nwiz.exe" [2003-10-06 741376]

"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-12-03 53248]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-07-19 98304]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2003-11-30 209016]

HP Button Manager.lnk - c:\program files\HP Button Manager\BM.exe [2010-11-26 266240]

VTAgentReboot.exe [2000-5-31 131072]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SYSTEM32\MP4SDMOD32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

Domestic Security Version 4.87

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-07-19 14:33 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\ooVoo\\ooVoo.exe"=

"c:\\WINDOWS\\SYSTEM32\\kbdjpn32.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [8/19/2010 3:10 PM 84200]

R1 Odptdi;Odptdi;c:\windows\SYSTEM32\DRIVERS\odptdi.sys [8/17/2008 9:37 AM 46744]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/19/2010 3:10 PM 141792]

R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [11/26/2010 10:52 AM 104960]

R2 w32time32;Windows Time ;c:\windows\SYSTEM32\kbdjpn32.exe [5/6/2011 10:09 AM 761856]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\SYSTEM32\DRIVERS\ArcSoftKsUFilter.sys [11/26/2010 10:52 AM 14336]

R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [8/19/2010 3:10 PM 88736]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S0 rlwq;rlwq;c:\windows\system32\drivers\fqgpyo.sys --> c:\windows\system32\drivers\fqgpyo.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/25/2009 10:47 AM 88176]

S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/19/2010 3:10 PM 271480]

S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/19/2010 3:10 PM 271480]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/19/2010 3:11 PM 188136]

S3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [8/19/2010 3:10 PM 56064]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [8/19/2010 3:10 PM 314088]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [8/19/2010 3:10 PM 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [8/19/2010 3:10 PM 84488]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/29/2002 6:00 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.rr.com/

uInternet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080

uInternet Settings,ProxyOverride = ams-server*;localhost

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-18 16:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2011-05-18 16:42:30

ComboFix-quarantined-files.txt 2011-05-18 21:42

ComboFix2.txt 2011-05-14 19:09

ComboFix3.txt 2011-05-14 17:05

.

Pre-Run: 60,558,524,416 bytes free

Post-Run: 60,628,291,584 bytes free

.

- - End Of File - - 14500014C8078943616286A3D247EE24

**********

I appreciate your time and waiting for further instructions.

Thank you.

Randy

Link to post
Share on other sites

Hi Randy, there are a few more things here that need removal through a script. Please let me know how things are running afterwards.

CF-SCRIPT

-------------

Open notepad and copy/paste the text in the quotebox below into it:

<http://forums.malwarebytes.org/index.php?showtopic=84931&view=findpost&p=430782>

Collect::
c:\windows\system32\moricons32.exe
c:\windows\system32\MP4SDMOD32.dll
c:\windows\system32\kbdjpn32.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DA295F3-33C2-7FE2-9BA2-E8B36C24BE5E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

DDS::
uInternet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

Link to post
Share on other sites

Hi Elise025

I may have made a mistake with your directions. I copied and pasted your text from the text box per your instructions; however it may not have had the entire bottom line when I moved the file into ComboFix. Despite shutting down the services for McAfee, it briefly showed a virus message. It wasn't up long enough for me to capture the information. After ComboFix finished, I followed the instructions. I thought the information would be uploaded into the message thread but I didn't see any additions. I saved the log.

Because I wasn't sure if I had copy and pasted your entire text box, I re-did it and ran ComboFix a second time. I didn't see any uploads again, I saved the log file as 2nd run. I will attach both files for your review.

As far as performance, I don't notice much difference.

ComboFixLog20110519 1st Run.txtComboFixLog20110519 2nd Run.txt

Link to post
Share on other sites

Still some stuff that needs to go. Please let me know how things are running after the following fix.

Please run the following as a CFScript (instructions the same as last time).

<http://forums.malwarebytes.org/index.php?showtopic=84931&view=findpost&p=431195>

Collect::
c:\windows\system32\authz32.exe
c:\documents and settings\Sharon Redeker\uceeoolbbn.tmp

Driver::
rlwq

Link to post
Share on other sites

Hi Elise,

I followed your instructions and I have attached the log as "ComboFixLog20110519 3rd Run.txt". I have also included it in the body of this post. I haven't noticed any changes in performance but I am trying to limit the use of this computer until we are finished.

I look forward to your response for the next course of action.

Thanks.

Randy

======

======

ComboFix 11-05-18.04 - Sharon Redeker 05/19/2011 16:34:52.6.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.724 [GMT -5:00]

Running from: c:\documents and settings\Sharon Redeker\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Sharon Redeker\Desktop\Malware Files\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Resident AV is active

.

.

file zipped: c:\documents and settings\Sharon Redeker\uceeoolbbn.tmp

file zipped: c:\windows\system32\authz32.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Sharon Redeker\uceeoolbbn.tmp

c:\windows\system32\authz32.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_rlwq

.

.

((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))

.

.

2011-05-14 23:29 . 2011-05-18 20:26 -------- d-----w- c:\windows\system32\NtmsData

2011-05-14 23:08 . 2011-05-14 23:08 -------- d-----w- c:\documents and settings\Sharon Redeker\Application Data\Windows Search

2011-05-14 21:15 . 2011-05-14 21:15 -------- d-----w- c:\documents and settings\Sharon Redeker\Application Data\Windows Desktop Search

2011-05-14 21:15 . 2011-05-15 15:02 -------- d-----w- c:\program files\Windows Desktop Search

2011-05-14 21:13 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll

2011-05-14 21:13 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll

2011-05-14 21:13 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

2011-05-14 20:48 . 2011-05-14 20:48 -------- d-----w- c:\program files\Microsoft.NET

2011-05-14 20:38 . 2011-05-14 20:37 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-14 20:38 . 2011-05-14 20:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-14 20:10 . 2011-05-14 20:10 -------- d-----w- c:\documents and settings\Sharon Redeker\Local Settings\Application Data\Temp

2011-05-14 20:09 . 2011-05-14 20:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-14 19:58 . 2011-05-14 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2011-05-14 19:58 . 2011-05-14 19:58 -------- d-----w- c:\program files\NOS

2011-05-14 19:24 . 2011-05-14 19:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-05-13 19:06 . 2011-05-13 19:06 -------- d-----w- c:\windows\system32\winrm

2011-05-13 19:06 . 2011-05-13 19:06 -------- d-----w- c:\windows\system32\GroupPolicy

2011-05-13 18:29 . 2011-05-13 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-05-13 18:29 . 2011-05-13 18:32 -------- d-----w- c:\program files\Spybot - Search & Destroy

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-14 19:01 . 2010-08-19 20:11 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 19:01 . 2010-08-19 20:10 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 19:01 . 2010-08-19 20:10 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-04-14 19:01 . 2010-08-19 20:10 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 19:01 . 2010-08-19 20:10 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 19:01 . 2010-08-19 20:10 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 19:01 . 2010-08-19 20:10 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 19:01 . 2009-03-25 15:43 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 19:01 . 2009-03-25 15:43 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-04-14 19:01 . 2009-01-17 01:04 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-03-11 14:10 . 2002-08-29 11:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-07 05:33 . 2004-06-07 19:19 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2002-08-29 11:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2002-08-29 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]

"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-05-11 22631608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]

"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]

"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-12-03 118784]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-11-24 151597]

"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-03 270336]

"nwiz"="nwiz.exe" [2003-10-06 741376]

"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-12-03 53248]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-07-19 98304]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2003-11-30 209016]

HP Button Manager.lnk - c:\program files\HP Button Manager\BM.exe [2010-11-26 266240]

VTAgentReboot.exe [2000-5-31 131072]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

Domestic Security Version 4.87

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-07-19 14:33 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\ooVoo\\ooVoo.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [8/19/2010 3:10 PM 84200]

R1 Odptdi;Odptdi;c:\windows\SYSTEM32\DRIVERS\odptdi.sys [8/17/2008 9:37 AM 46744]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/25/2009 10:47 AM 88176]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/19/2010 3:10 PM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/19/2010 3:10 PM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/19/2010 3:11 PM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/19/2010 3:10 PM 141792]

R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [11/26/2010 10:52 AM 104960]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\SYSTEM32\DRIVERS\ArcSoftKsUFilter.sys [11/26/2010 10:52 AM 14336]

R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [8/19/2010 3:10 PM 56064]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [8/19/2010 3:10 PM 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [8/19/2010 3:10 PM 88736]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [8/19/2010 3:10 PM 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [8/19/2010 3:10 PM 84488]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/29/2002 6:00 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.rr.com/

uInternet Settings,ProxyOverride = ams-server*;localhost

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-19 16:46

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3164)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\System32\nvsvc32.exe

c:\windows\BCMSMMSG.exe

c:\program files\Dell AIO Printer A920\dlbkbmon.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\SearchIndexer.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe

c:\progra~1\McAfee\MSM\McSmtFwk.exe

c:\progra~1\COMMON~1\McAfee\MSC\McUICnt.exe

.

**************************************************************************

.

Completion time: 2011-05-19 16:52:18 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-19 21:52

ComboFix2.txt 2011-05-19 19:06

ComboFix3.txt 2011-05-19 18:36

ComboFix4.txt 2011-05-18 21:42

ComboFix5.txt 2011-05-19 21:33

.

Pre-Run: 60,504,981,504 bytes free

Post-Run: 60,504,014,848 bytes free

.

- - End Of File - - 793259E229D4E1952DAA0C307F349F7B

Upload was successful

ComboFixLog20110519 3rd Run.txt

Link to post
Share on other sites

Please use the computer a bit to see how everything is running.

Also, launch MBAM, update it and run a full scan. Post me the resulting log (if the same items get detected, run a quick scan afterwards to verify if they still come back).

Link to post
Share on other sites

HI Elise,

I apologize for the delay but I was at work today.

Ran a full MBAM scan and it showed the infection and was promtptly cleaned.

Files Infected:

c:\WINDOWS\SYSTEM32\020000009f01e9981270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\SYSTEM32\020000009f01e9981270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\SYSTEM32\020000009f01e9981270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\SYSTEM32\020000009f01e9981270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

Ran a Quick Scan and the malware traces did not appear in the scan.

Rebooted the computer. I ran another full MBAM scan and it was clean. I have attached the log from the last scan.

I had the primary user operate the computer for a bit. She says the computer is back to the speed prior to the malware infestation.

It looks like your corrective actions did the thing! I appreciate all of your help on this matter!! Please let me know if there is anything else that you would like me to do as a wrap-up.

Thank you.

Randy

mbam-log-2011-05-20 (16-40-59).txt

Link to post
Share on other sites

I'm glad to hear that! :)

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

Hi,

Adobe Reader is now at 10.0.1 and I un-installed Acrobat.

I ran the ESET scan per your request. This is the log file:

C:\Documents and Settings\Sharon Redeker\My Documents\DellSupportSilentInstall.EXE probably a variant of Win32/Adware.Agent.LCKGTSG application deleted - quarantined

Please let me know if there is anything else you would like to me to do.

Thank you.

Randy

Link to post
Share on other sites

Hi Randy, that was just a harmless leftover, which means everything is clean. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS and GMER (this is a random named file)

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.