Jump to content

Website redirecting & constant blocking of outgoing Malicious Websites


Recommended Posts

Thank you for any assistance on helping me get my lousy computer back up and running properly. That's the last time I'll click on a topless Brooklyn Decker pic!

Malwarebytes Anti-Malware log file:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6850

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/14/2011 3:05:13 PM

mbam-log-2011-06-14 (15-05-13).txt

Scan type: Quick scan

Objects scanned: 164135

Time elapsed: 8 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS LOG:

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Run by Brandon Becker at 14:27:51 on 2011-06-14

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1280 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciServiceHost.exe

C:\WINDOWS\system32\nvsvc32.exe

svchost.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\ATT-SST\McciTrayApp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mail.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: {e86e69ac-a2ce-415a-967e-70ded47d72e2}: 1 (0x1)

{10834e9a-d475-4a24-ad01-f3f24f71b28e}

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: $talisma_url$

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {7C9C5968-FA32-4724-AA58-7BF98B40005D} - hxxps://secure.riosalado.edu/riowebapps/techcheck/SystemRequirements.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{0AC78C40-CBE5-4168-85D5-D1EBF6FC73ED} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{303F6254-1607-4FB8-83EF-EF7E153465D0} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7F85C3C5-EA5B-495C-A252-67EAED979461} : DhcpNameServer = 10.0.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\brandon becker\application data\mozilla\firefox\profiles\jmzpdz7t.default\

FF - prefs.js: browser.search.selectedEngine - Good Search

FF - prefs.js: browser.startup.homepage - yahoo.com

FF - prefs.js: keyword.URL - hxxp://www.goodsearch.com/search.aspx?keywords=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - plugin: c:\documents and settings\brandon becker\application data\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-5 366640]

R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-5-17 315392]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-5 22712]

S0 qrxpcm;qrxpcm;c:\windows\system32\drivers\blyqo.sys --> c:\windows\system32\drivers\blyqo.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-5-5 17480]

.

=============== Created Last 30 ================

.

2011-12-28 18:26:52 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-06-06 19:26:50 -------- d-----w- c:\documents and settings\brandon becker\local settings\application data\{3C4F4184-6C96-4463-91C4-637648902ED6}

2011-06-06 18:41:48 148 ----a-w- c:\documents and settings\brandon becker\application data\80e71ai6.bat

2011-06-06 18:40:48 148 ----a-w- c:\documents and settings\brandon becker\application data\nftmgqxl.bat

2011-05-27 20:20:14 -------- d-----w- c:\documents and settings\brandon becker\local settings\application data\Temp

2011-05-27 20:20:03 -------- d-----w- c:\documents and settings\brandon becker\local settings\application data\Google

2011-05-20 13:32:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-18 16:06:41 -------- d-----w- c:\program files\iPod

2011-05-18 16:06:39 -------- d-----w- c:\program files\iTunes

2011-05-18 16:04:59 -------- d-----w- c:\program files\Bonjour

2011-05-18 14:30:32 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-18 14:30:32 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-18 14:30:32 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-18 14:30:32 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-05-18 14:30:32 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-18 14:30:32 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-18 14:30:32 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-05-18 14:30:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-17 14:24:46 -------- d-----w- c:\program files\ATT-SST

2011-05-17 14:22:49 -------- d-----w- c:\program files\common files\Motive

.

==================== Find3M ====================

.

2011-06-06 19:26:52 0 ----a-w- c:\windows\Imehis.bin

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-05 17:16:05 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-04-25 16:44:19 1377112 ----a-w- C:\tdsskiller.exe

2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-03-16 20:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD800HLFS-75G6U1 rev.04.04V03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A8CC31B

user & kernel MBR OK

.

============= FINISH: 14:34:59.18 ===============

attach.zip

ark.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hello & thanks!

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6877

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/17/2011 10:50:30 AM

mbam-log-2011-06-17 (10-50-30).txt

Scan type: Quick scan

Objects scanned: 151820

Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

-------------------------------------------------------------------------------------------------------------------------------

ComboFix 11-06-16.02 - Brandon Becker 06/17/2011 11:18:36.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1646 [GMT -4:00]

Running from: c:\documents and settings\Brandon Becker\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Brandon Becker\Application Data\Adobe\plugs

c:\documents and settings\Brandon Becker\Application Data\Adobe\shed

c:\documents and settings\Brandon Becker\Local Settings\Application Data\{3C4F4184-6C96-4463-91C4-637648902ED6}

c:\documents and settings\Brandon Becker\Local Settings\Application Data\{3C4F4184-6C96-4463-91C4-637648902ED6}\chrome.manifest

c:\documents and settings\Brandon Becker\Local Settings\Application Data\{3C4F4184-6C96-4463-91C4-637648902ED6}\chrome\content\_cfg.js

c:\documents and settings\Brandon Becker\Local Settings\Application Data\{3C4F4184-6C96-4463-91C4-637648902ED6}\chrome\content\overlay.xul

c:\documents and settings\Brandon Becker\Local Settings\Application Data\{3C4F4184-6C96-4463-91C4-637648902ED6}\install.rdf

c:\windows\AutoRun.ini

c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK

c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MOUSEDRIVER

.

.

((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))

.

.

2011-12-28 18:26 . 2010-11-12 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-06-06 18:41 . 2011-06-06 18:41 148 ----a-w- c:\documents and settings\Brandon Becker\Application Data\80e71ai6.bat

2011-06-06 18:40 . 2011-06-06 18:40 148 ----a-w- c:\documents and settings\Brandon Becker\Application Data\nftmgqxl.bat

2011-05-27 20:25 . 2011-05-27 20:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2011-05-27 20:20 . 2011-05-27 20:20 -------- d-----w- c:\documents and settings\Brandon Becker\Local Settings\Application Data\Temp

2011-05-27 20:20 . 2011-05-27 20:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2011-05-27 20:20 . 2011-05-27 20:21 -------- d-----w- c:\documents and settings\Brandon Becker\Local Settings\Application Data\Google

2011-05-27 20:20 . 2011-05-27 20:20 -------- d-----w- c:\program files\Google

2011-05-20 13:32 . 2011-05-20 13:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-18 16:06 . 2011-05-18 16:06 -------- d-----w- c:\program files\iPod

2011-05-18 16:06 . 2011-05-18 16:07 -------- d-----w- c:\program files\iTunes

2011-05-18 16:04 . 2011-05-18 16:04 -------- d-----w- c:\program files\Bonjour

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2011-05-05 15:42 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2011-05-05 15:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-05 17:16 . 2011-05-05 17:11 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-04-25 16:44 . 2011-03-10 16:27 1377112 ----a-w- C:\tdsskiller.exe

2011-04-25 16:06 . 2011-04-25 16:06 1263721 ----a-w- C:\tdsskiller.zip

2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-14 16:26 . 2011-05-18 14:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]

"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKLM\~\startupfolder\C:^Documents and Settings^Brandon Becker^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Brandon Becker\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

2006-12-12 17:46 19456 ----a-w- c:\windows\system32\CtHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]

2006-12-12 17:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-09-17 12:07 8491008 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"sprtsvc_ddoctorv2"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NVSvc"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"idsvc"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/5/2011 11:42 AM 366640]

R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [5/17/2011 10:24 AM 315392]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/5/2011 11:42 AM 22712]

S0 qrxpcm;qrxpcm;c:\windows\system32\drivers\blyqo.sys --> c:\windows\system32\drivers\blyqo.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2011 4:20 PM 136176]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 4:21 AM 171032]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 4:21 AM 1324056]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 4:21 AM 72728]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [5/5/2011 1:11 PM 17480]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 20:20]

.

2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 20:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mail.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: $talisma_url$

TCP: DhcpNameServer = 192.168.1.254

DPF: {7C9C5968-FA32-4724-AA58-7BF98B40005D} - hxxps://secure.riosalado.edu/riowebapps/techcheck/SystemRequirements.cab

FF - ProfilePath - c:\documents and settings\Brandon Becker\Application Data\Mozilla\Firefox\Profiles\jmzpdz7t.default\

FF - prefs.js: browser.search.selectedEngine - Good Search

FF - prefs.js: browser.startup.homepage - yahoo.com

FF - prefs.js: keyword.URL - hxxp://www.goodsearch.com/search.aspx?keywords=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

MSConfigStartUp-ddoctorv2 - c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-17 11:29

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD800HLFS-75G6U1 rev.04.04V03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17

.

device: opened successfully

user: MBR read successfully

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A8C331B

user & kernel MBR OK

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(652)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'lsass.exe'(712)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(3340)

c:\windows\system32\WININET.dll

c:\program files\iTunes\iTunesMiniPlayer.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-06-17 11:35:18 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-17 15:35

.

Pre-Run: 29,301,518,336 bytes free

Post-Run: 29,308,301,312 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 6C2F96F12D9236F4AF4E76CF2D0F184B

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Driver::
qrxpcm

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

Here they are...thanks!

ComboFix 11-06-19.0r1 - Brandon Becker 06/20/2011 8:46.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1676 [GMT -4:00]

Running from: c:\documents and settings\Brandon Becker\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Brandon Becker\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_qrxpcm

.

.

((((((((((((((((((((((((( Files Created from 2011-05-20 to 2011-06-20 )))))))))))))))))))))))))))))))

.

.

2011-12-28 18:26 . 2010-11-12 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-06-17 14:48 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-06 18:41 . 2011-06-06 18:41 148 ----a-w- c:\documents and settings\Brandon Becker\Application Data\80e71ai6.bat

2011-06-06 18:40 . 2011-06-06 18:40 148 ----a-w- c:\documents and settings\Brandon Becker\Application Data\nftmgqxl.bat

2011-05-27 20:25 . 2011-05-27 20:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2011-05-27 20:20 . 2011-05-27 20:20 -------- d-----w- c:\documents and settings\Brandon Becker\Local Settings\Application Data\Temp

2011-05-27 20:20 . 2011-05-27 20:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2011-05-27 20:20 . 2011-05-27 20:21 -------- d-----w- c:\documents and settings\Brandon Becker\Local Settings\Application Data\Google

2011-05-27 20:20 . 2011-05-27 20:20 -------- d-----w- c:\program files\Google

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2011-05-05 15:42 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2011-05-05 15:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-20 13:32 . 2011-05-20 13:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-05 17:16 . 2011-05-05 17:11 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-05-02 15:31 . 2009-05-14 00:21 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2004-08-10 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:44 . 2011-03-10 16:27 1377112 ----a-w- C:\tdsskiller.exe

2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 16:06 . 2011-04-25 16:06 1263721 ----a-w- C:\tdsskiller.zip

2011-04-25 12:01 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-10 11:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-14 16:26 . 2011-05-18 14:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.29.24 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll

+ 2011-05-14 00:17 . 2011-05-14 00:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll

+ 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll

+ 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll

+ 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll

+ 2004-08-10 11:00 . 2011-06-17 17:37 70542 c:\windows\system32\perfc009.dat

- 2004-08-10 11:00 . 2011-05-05 17:45 70542 c:\windows\system32\perfc009.dat

+ 2006-03-04 03:33 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll

- 2006-03-04 03:33 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll

- 2009-03-08 11:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll

+ 2009-03-08 11:31 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll

- 2004-08-10 11:00 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-10 11:00 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll

- 2009-06-10 23:55 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2009-06-10 23:55 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2006-03-04 03:33 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll

- 2006-03-04 03:33 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2009-07-28 21:19 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2009-07-28 21:19 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2004-08-10 11:00 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2004-08-10 11:00 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2004-08-10 11:00 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2004-08-10 11:00 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2010-04-27 23:40 . 2011-05-11 13:00 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

+ 2010-04-27 23:40 . 2011-06-17 17:35 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

+ 2010-04-27 23:40 . 2011-06-17 17:35 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

- 2010-04-27 23:40 . 2011-05-11 13:00 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

- 2010-04-27 23:40 . 2011-05-11 13:00 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

+ 2010-04-27 23:40 . 2011-06-17 17:35 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

+ 2010-06-03 23:46 . 2011-06-17 17:33 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

- 2010-06-03 23:46 . 2011-04-23 12:46 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-06-17 17:31 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll

+ 2011-06-17 17:31 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll

+ 2011-06-17 17:31 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll

+ 2011-06-17 17:31 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll

+ 2011-06-17 17:31 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll

+ 2011-06-17 20:58 . 2011-06-17 20:58 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\61c3b1e170de97a8d418b610bd9b0c77\System.Windows.Presentation.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a4173f12a0fea30f95bc56ab04f64cae\System.Web.DynamicData.Design.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ab5802527ce15dbcc25e301dbbb4d666\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll

+ 2011-06-17 20:56 . 2011-06-17 20:56 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e9bb32c656a2f80b629f129d738c392b\PresentationFontCache.ni.exe

+ 2011-06-17 20:55 . 2011-06-17 20:55 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\d54d318ae1eb0667badea576d0534f9d\PresentationCFFRasterizer.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\87fe1d01b568b3bc9c750b7cf7802516\Microsoft.Vsa.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe

+ 2011-06-18 09:13 . 2011-06-18 09:13 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-04-15 23:36 . 2011-04-15 23:36 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll

+ 2011-05-14 05:17 . 2011-05-14 05:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll

+ 2011-05-14 05:12 . 2011-05-14 05:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll

+ 2011-05-14 05:11 . 2011-05-14 05:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll

- 2004-08-10 11:00 . 2011-05-05 17:45 440222 c:\windows\system32\perfh009.dat

+ 2004-08-10 11:00 . 2011-06-17 17:37 440222 c:\windows\system32\perfh009.dat

- 2004-08-10 11:00 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll

+ 2004-08-10 11:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll

+ 2004-08-10 11:00 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll

- 2004-08-10 11:00 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll

+ 2006-03-04 03:33 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll

- 2006-03-04 03:33 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll

- 2009-03-08 11:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll

+ 2009-03-08 11:32 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll

+ 2006-03-04 03:33 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll

- 2006-03-04 03:33 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll

+ 2004-08-10 11:00 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll

- 2004-08-10 11:00 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll

- 2004-08-10 11:00 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe

+ 2004-08-10 11:00 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe

+ 2004-08-10 11:00 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys

- 2004-08-10 11:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys

+ 2006-03-04 03:33 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll

- 2006-03-04 03:33 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll

+ 2009-05-14 00:21 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll

+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll

- 2004-08-10 11:00 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll

+ 2004-08-10 11:00 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll

+ 2006-03-04 03:33 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll

- 2006-03-04 03:33 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll

+ 2009-07-28 21:19 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll

- 2009-07-28 21:19 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-05-15 17:59 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys

- 2009-05-15 17:57 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2009-05-15 17:57 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll

- 2009-06-10 23:55 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2009-06-10 23:55 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2006-03-04 03:33 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2006-03-04 03:33 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2010-06-09 00:55 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2010-06-09 00:55 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2004-08-10 11:00 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2004-08-10 11:00 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2004-08-10 11:00 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe

+ 2004-08-10 11:00 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe

+ 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys

- 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys

- 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

- 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2011-06-17 17:33 . 2011-06-17 17:33 223744 c:\windows\Installer\6d02d0.msi

+ 2011-06-17 17:29 . 2011-06-17 17:29 467456 c:\windows\Installer\6d02a8.msi

- 2010-04-27 23:40 . 2011-05-11 13:00 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

+ 2010-04-27 23:40 . 2011-06-17 17:35 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-04-27 23:40 . 2011-05-11 13:00 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

+ 2010-04-27 23:40 . 2011-06-17 17:35 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

- 2010-04-27 23:40 . 2011-05-11 13:00 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

+ 2010-04-27 23:40 . 2011-06-17 17:35 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

- 2010-04-27 23:40 . 2011-05-11 13:00 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

+ 2010-04-27 23:40 . 2011-06-17 17:35 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

+ 2011-06-17 17:27 . 2009-03-08 11:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll

+ 2011-06-17 17:27 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll

+ 2011-06-17 17:27 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe

+ 2011-06-17 17:31 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2530548-IE8\wininet.dll

+ 2011-06-17 17:31 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll

+ 2011-06-17 17:31 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe

+ 2011-06-17 17:31 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2530548-IE8\occache.dll

+ 2011-06-17 17:31 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll

+ 2011-06-17 17:31 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll

+ 2011-06-17 17:31 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll

+ 2011-06-17 17:31 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2530548-IE8\iepeers.dll

+ 2011-06-17 17:31 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll

+ 2011-06-17 17:31 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll

+ 2011-06-17 17:31 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe

+ 2009-05-15 17:59 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2011-06-18 09:14 . 2011-06-18 09:14 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\8ba27eaa0f7d987f92319c64aefd2e98\WsatConfig.ni.exe

+ 2011-06-17 20:58 . 2011-06-17 20:58 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\431d5dc1cfcc0c0530e813f370931670\WindowsFormsIntegration.ni.dll

+ 2011-06-17 20:58 . 2011-06-17 20:58 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll

+ 2011-06-17 20:58 . 2011-06-17 20:58 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\00dfe5563886a1f69c96b3acb839107b\UIAutomationClient.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\80187a9cfed4fd0ec82746495be76764\System.Xml.Linq.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\58c421c537b1c3f3878458ad306b2a42\System.Web.Routing.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\dc26fff00ce95d24fd190f38904bb2b3\System.Web.RegularExpressions.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4e3dd4d7f9aeda74a2fcefee036e5070\System.Web.Extensions.Design.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4fb1c0c07f40248b463f2e33444b9477\System.Web.Entity.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4dfcffc6e6d02bdcdc185d5527a8097e\System.Web.Entity.Design.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b921d1cffcd5e80ea14c51db967edd6\System.Web.DynamicData.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\702b506e56d3a7051aea7822cd915c7f\System.Web.Abstractions.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\503ccbb50e9c06c2f0b02ad8c3f2d100\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\ac53723e41898bc0e8a591c2e4f6f39b\System.Net.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\4a3a674008d8102c1aa5b3fc18251ef7\System.Management.Instrumentation.ni.dll

+ 2011-06-18 09:13 . 2011-06-18 09:13 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7f5f5bfd5f8d6587c96870751a6eb44d\System.IO.Log.ni.dll

+ 2011-06-18 09:13 . 2011-06-18 09:13 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\de1bf796614ca11afd9fab95edb1b4e2\System.IdentityModel.Selectors.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.Wrapper.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll

+ 2011-06-17 20:57 . 2011-06-17 20:57 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\1af8683e05c42eb32f46578fe5a8f83f\System.Drawing.Design.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\791a6643b70542b148d977ff42f2f2ef\System.DirectoryServices.Protocols.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\31759ad8be21735f0a369c37514c2efc\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\df507a4500e73fa4cfc13f65a1c9055e\System.Data.Services.Client.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d1778fffc09d783bc90512b65d35be66\System.Data.Services.Design.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a47a8bf16370c93b3c6a471e48cc67a\System.Data.Entity.Design.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\50492d147392c238edc5a614beccb91b\System.Data.DataSetExtensions.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\77015cc1e6d9e7d20e63903777afd6df\System.AddIn.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6ca41c7917119c3a9de0bcdca525001d\SMSvcHost.ni.exe

+ 2011-06-18 09:14 . 2011-06-18 09:14 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8ff6d395f8861384bc9bfbe34cafb64e\SMDiagnostics.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\67dc00c24e551003f6dacb73fe9cf881\ServiceModelReg.ni.exe

+ 2011-06-17 20:56 . 2011-06-17 20:56 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e468e9265c844f74577530e4df71f120\PresentationFramework.Aero.ni.dll

+ 2011-06-17 20:56 . 2011-06-17 20:56 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\959709491c71caef88fb41b0eb159714\PresentationFramework.Classic.ni.dll

+ 2011-06-17 20:56 . 2011-06-17 20:56 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\807b62468c2893ee943dffff63a34d8d\PresentationFramework.Royale.ni.dll

+ 2011-06-17 20:56 . 2011-06-17 20:56 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6cf82f370413a2cd1e6bc54060334753\PresentationFramework.Luna.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\0add35a0fbe0c381c998b651c5979902\MSBuild.ni.exe

+ 2011-06-18 09:14 . 2011-06-18 09:14 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\667dc256d9eb3577f2514c89c5974aff\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d5561a4ad04c22f0eb5acf4736c7936e\Microsoft.Build.Utilities.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1a0623063225521aa43044314cc5e721\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\530f98922474a31636c34fa3db9a63ba\Microsoft.Build.Engine.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\7e75fca3ca1f36df8ac624190d9cd283\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\c0f5f3c318a92212bbe3b413eeb2b374\ComSvcConfig.ni.exe

+ 2011-06-18 09:13 . 2011-06-18 09:13 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\0524928cbd0a686db3960ef688d0d37e\AspNetMMCExt.ni.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-06-17 17:36 . 2011-06-17 17:36 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll

+ 2011-05-14 00:04 . 2011-05-14 00:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll

+ 2011-05-14 00:04 . 2011-05-14 00:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll

+ 2006-03-18 11:09 . 2011-04-25 16:11 1211904 c:\windows\system32\urlmon.dll

+ 2006-03-23 17:32 . 2011-05-30 22:19 5964800 c:\windows\system32\mshtml.dll

- 2009-03-08 11:32 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll

+ 2009-03-08 11:32 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll

+ 2006-03-18 11:09 . 2011-04-25 16:11 1211904 c:\windows\system32\dllcache\urlmon.dll

+ 2006-03-23 17:32 . 2011-05-30 22:19 5964800 c:\windows\system32\dllcache\mshtml.dll

- 2009-06-10 23:55 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll

+ 2009-06-10 23:55 . 2011-04-25 16:11 1991680 c:\windows\system32\dllcache\iertutil.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

- 2008-07-25 15:17 . 2008-07-25 15:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

- 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2011-01-18 08:39 . 2011-01-18 08:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2011-03-25 10:15 . 2011-03-25 10:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

- 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-04-29 16:31 . 2011-04-29 16:31 9006080 c:\windows\Installer\6d02f1.msp

+ 2011-04-29 16:28 . 2011-04-29 16:28 1995264 c:\windows\Installer\6d02e0.msp

+ 2011-04-29 16:33 . 2011-04-29 16:33 8173568 c:\windows\Installer\6d02bf.msp

+ 2011-01-19 03:36 . 2011-01-19 03:36 2687488 c:\windows\Installer\6d02ae.msp

+ 2010-04-27 23:40 . 2011-06-17 17:35 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

- 2010-04-27 23:40 . 2011-05-11 13:00 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

+ 2011-06-17 17:31 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll

+ 2011-06-17 17:31 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll

+ 2011-06-17 17:31 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll

+ 2011-06-17 20:56 . 2011-06-17 20:56 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsBase.ni.dll

+ 2011-06-17 20:58 . 2011-06-17 20:58 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\901c3796073853746fecd8979c679494\UIAutomationClientsideProviders.ni.dll

+ 2011-06-17 20:55 . 2011-06-17 20:55 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll

+ 2011-06-17 20:57 . 2011-06-17 20:57 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\2877dda3e0f0faeba527b4bf1efe9cb5\System.WorkflowServices.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d7cb3697989fe6fa3a08d2821d38aa5e\System.Workflow.Runtime.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\4ac04107c35485d415f9e1bebfd155dd\System.Workflow.ComponentModel.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\2169feb8bd57d96e621fa26d9391d463\System.Workflow.Activities.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\bdad1c0f4eb846543b234353fd2b926f\System.Web.Mobile.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\647bfe6da40e8160b967c41424901dc8\System.Web.Extensions.ni.dll

+ 2011-06-17 20:57 . 2011-06-17 20:57 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2047e63293e067b351b8f0e038253f33\System.Speech.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ead07662976fb7094811461c568643d5\System.ServiceModel.Web.ni.dll

+ 2011-06-18 09:13 . 2011-06-18 09:13 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c889a45c82004537f1620dd3b211af66\System.Runtime.Serialization.ni.dll

+ 2011-06-17 20:57 . 2011-06-17 20:57 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\c64aa916251a45206a805ab6488b9255\System.Printing.ni.dll

+ 2011-06-18 09:13 . 2011-06-18 09:13 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a8039af85f459c19c041313f9fe0d7e8\System.IdentityModel.ni.dll

+ 2011-06-17 20:57 . 2011-06-17 20:57 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\55211bc8f4fcff47c05bfc3020d97148\System.DirectoryServices.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f9ff2fb342cd5102e2d95883b3433a5d\System.Deployment.ni.dll

+ 2011-06-17 20:57 . 2011-06-17 20:57 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef31ab37b0d7c3c1a6d72646966c8911\System.Data.SqlXml.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f945e9c32c775bb604ab83d8933f1b2c\System.Data.Services.ni.dll

+ 2011-06-17 20:57 . 2011-06-17 20:57 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\283e9bf48e17bdb34acdc93bd5721be0\System.Data.Linq.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\368c85cccea8a1206be5c849fd6614e3\System.Data.Entity.ni.dll

+ 2011-06-17 20:57 . 2011-06-17 20:57 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd2e04dfab2993479ae17ea3fa4f6222\System.Core.ni.dll

+ 2011-06-17 20:57 . 2011-06-17 20:57 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4f82a0a1b4405ef61dfa088d11161e35\ReachFramework.ni.dll

+ 2011-06-17 20:56 . 2011-06-17 20:56 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\148505f5b0307230de5d355f10d30a20\PresentationUI.ni.dll

+ 2011-06-17 20:55 . 2011-06-17 20:55 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\1fab86af683c04bdb0aaf65ce7fcd9e5\PresentationBuildTasks.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7292ca9d793cb71cf3d41ae663e7139b\Microsoft.VisualBasic.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\abaf7a180354ed5ec099fb69339b538a\Microsoft.Transactions.Bridge.ni.dll

+ 2011-06-18 09:15 . 2011-06-18 09:15 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b41db9f2897f538203911026bb0abd5d\Microsoft.JScript.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a91940f9033c7910f3f64c061571cec9\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\5195a94327ccef45d202776e932e847b\Microsoft.Build.Tasks.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3efbca53acdd34586bd7f6f87e71ed62\Microsoft.Build.Engine.ni.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2011-06-17 17:36 . 2011-06-17 17:36 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-06-17 17:37 . 2011-06-17 17:37 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-04-15 23:36 . 2011-04-15 23:36 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2009-05-15 22:01 . 2011-06-17 17:34 47716296 c:\windows\system32\MRT.exe

+ 2009-03-08 11:39 . 2011-04-26 14:11 11081728 c:\windows\system32\ieframe.dll

+ 2009-06-10 23:55 . 2011-04-26 14:11 11081728 c:\windows\system32\dllcache\ieframe.dll

+ 2011-03-28 07:27 . 2011-03-28 07:27 15456256 c:\windows\Installer\6d02fd.msp

+ 2011-06-17 17:32 . 2011-06-17 17:32 20333056 c:\windows\Installer\6d02ca.msp

+ 2011-06-17 17:31 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll

+ 2011-06-17 20:57 . 2011-06-17 20:57 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll

+ 2011-06-18 09:16 . 2011-06-18 09:16 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.Web.ni.dll

+ 2011-06-18 09:14 . 2011-06-18 09:14 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll

+ 2011-06-17 20:57 . 2011-06-17 20:57 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\ee914f59ad8211e0b6734dccffd9986e\System.Design.ni.dll

+ 2011-06-17 20:56 . 2011-06-17 20:56 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\999df2b262da53356dda514512bb7bb8\PresentationFramework.ni.dll

+ 2011-06-17 20:56 . 2011-06-17 20:56 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\caafa254739e326b0cf55eed815b4333\PresentationCore.ni.dll

+ 2011-06-17 20:55 . 2011-06-17 20:55 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]

"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKLM\~\startupfolder\C:^Documents and Settings^Brandon Becker^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Brandon Becker\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

2006-12-12 17:46 19456 ----a-w- c:\windows\system32\CtHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]

2006-12-12 17:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-09-17 12:07 8491008 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"sprtsvc_ddoctorv2"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NVSvc"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"idsvc"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/5/2011 11:42 AM 366640]

R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [5/17/2011 10:24 AM 315392]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/5/2011 11:42 AM 22712]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2011 4:20 PM 136176]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 4:21 AM 171032]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 4:21 AM 1324056]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 4:21 AM 72728]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [5/5/2011 1:11 PM 17480]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 20:20]

.

2011-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 20:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mail.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: $talisma_url$

TCP: DhcpNameServer = 192.168.1.254

DPF: {7C9C5968-FA32-4724-AA58-7BF98B40005D} - hxxps://secure.riosalado.edu/riowebapps/techcheck/SystemRequirements.cab

FF - ProfilePath - c:\documents and settings\Brandon Becker\Application Data\Mozilla\Firefox\Profiles\jmzpdz7t.default\

FF - prefs.js: browser.search.selectedEngine - Good Search

FF - prefs.js: browser.startup.homepage - yahoo.com

FF - prefs.js: keyword.URL - hxxp://www.goodsearch.com/search.aspx?keywords=

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-20 08:57

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD800HLFS-75G6U1 rev.04.04V03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17

.

device: opened successfully

user: MBR read successfully

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A8BF31B

user & kernel MBR OK

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(656)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'lsass.exe'(716)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(3840)

c:\windows\system32\WININET.dll

c:\program files\iTunes\iTunesMiniPlayer.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-06-20 09:01:23 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-20 13:01

ComboFix2.txt 2011-06-17 15:35

.

Pre-Run: 28,303,388,672 bytes free

Post-Run: 28,765,671,424 bytes free

.

- - End Of File - - 5C13B901E2A570D1E3ACA9C9A849AFCA

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Run by Brandon Becker at 9:03:27 on 2011-06-20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1519 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\ATT-SST\McciTrayApp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciServiceHost.exe

C:\WINDOWS\system32\nvsvc32.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\ctfmon.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mail.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: {e86e69ac-a2ce-415a-967e-70ded47d72e2}: 1 (0x1)

{10834e9a-d475-4a24-ad01-f3f24f71b28e}

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjE1MjcwMDEyLUJBKzEtS1YzKzctWEwrMS1UNC1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzE"&"prod=90"&"ver=10.0.1382

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: $talisma_url$

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {7C9C5968-FA32-4724-AA58-7BF98B40005D} - hxxps://secure.riosalado.edu/riowebapps/techcheck/SystemRequirements.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{0AC78C40-CBE5-4168-85D5-D1EBF6FC73ED} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{303F6254-1607-4FB8-83EF-EF7E153465D0} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7F85C3C5-EA5B-495C-A252-67EAED979461} : DhcpNameServer = 10.0.0.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\brandon becker\application data\mozilla\firefox\profiles\jmzpdz7t.default\

FF - prefs.js: browser.search.selectedEngine - Good Search

FF - prefs.js: browser.startup.homepage - yahoo.com

FF - prefs.js: keyword.URL - hxxp://www.goodsearch.com/search.aspx?keywords=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-5 366640]

R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-5-17 315392]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-5 22712]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-5-5 17480]

.

=============== Created Last 30 ================

.

2011-12-28 18:26:52 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-06-17 15:12:33 -------- d-sha-r- C:\cmdcons

2011-06-17 15:09:14 98816 ----a-w- c:\windows\sed.exe

2011-06-17 15:09:14 518144 ----a-w- c:\windows\SWREG.exe

2011-06-17 15:09:14 256512 ----a-w- c:\windows\PEV.exe

2011-06-17 15:09:14 208896 ----a-w- c:\windows\MBR.exe

2011-06-17 14:48:15 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-06 18:41:48 148 ----a-w- c:\documents and settings\brandon becker\application data\80e71ai6.bat

2011-06-06 18:40:48 148 ----a-w- c:\documents and settings\brandon becker\application data\nftmgqxl.bat

2011-05-27 20:20:14 -------- d-----w- c:\documents and settings\brandon becker\local settings\application data\Temp

2011-05-27 20:20:03 -------- d-----w- c:\documents and settings\brandon becker\local settings\application data\Google

.

==================== Find3M ====================

.

2011-06-06 19:26:52 0 ----a-w- c:\windows\Imehis.bin

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-20 13:32:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-05 17:16:05 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:44:19 1377112 ----a-w- C:\tdsskiller.exe

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD800HLFS-75G6U1 rev.04.04V03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A8BF4D0]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a8c57f0]; MOV EAX, [0x8a8c586c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A947AB8]

3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A922B50]

\Driver\atapi[0x8A958500] -> IRP_MJ_CREATE -> 0x8A8BF4D0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A8BF31B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 9:04:42.53 ===============

Link to post
Share on other sites

  • Staff

Hi,

Delete these two files:

C:\tdsskiller.exe

C:\tdsskiller.zip

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.