Jump to content

svcjost.exe causing 100% cpu usage


Recommended Posts

I think my computer is infected. I found & removed "Malware Protection" virus but there must still be something causing problems. One of the problems is the svchost.exe process causing 100% cpu usage. I also have internet redirection problems. I downloaded & ran the Combofix.exe & here is the log file from that:

ComboFix 11-06-15.04 - Carol WS #5 06/16/2011 12:12:34.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.988 [GMT -5:00]

Running from: c:\documents and settings\Carol WS #5\Desktop\ComboFix.exe

AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Carol WS #5\Application Data\Sun\ddee.dat

c:\documents and settings\Carol WS #5\Application Data\Sun\mnj.dat

c:\documents and settings\Carol WS #5\Application Data\Sun\mxd1.txt

c:\documents and settings\Carol WS #5\Application Data\Sun\ppkk.dat

c:\documents and settings\Carol WS #5\Application Data\Sun\uuoo.dat

c:\documents and settings\Carol WS #5\WINDOWS

c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))

.

.

2011-06-16 12:29 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-16 12:29 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll

2011-06-15 19:39 . 1996-12-02 23:44 582144 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO350.DLL

2011-06-15 19:37 . 1999-12-17 16:57 26896 ----a-w- c:\windows\system32\Hh.exe

2011-06-15 14:28 . 2011-06-16 17:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-06-14 19:05 . 1996-12-02 23:44 582144 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\DAO350.DLL

2011-06-10 17:11 . 2011-06-10 17:11 -------- d-----w- C:\$AVG

2011-06-10 16:40 . 2011-06-10 16:40 -------- d-----w- c:\documents and settings\Carol WS #5\Application Data\AVG10

2011-06-10 16:34 . 2011-06-10 16:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-06-10 16:31 . 2011-06-16 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-06-10 16:29 . 2011-06-16 17:00 -------- d-----w- c:\program files\AVG

2011-06-10 16:24 . 2011-06-16 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-06-09 20:22 . 2011-06-09 20:22 -------- d-----w- c:\documents and settings\Carol WS #5\Application Data\Malwarebytes

2011-06-09 20:22 . 2011-06-09 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-02 15:31 . 2005-12-09 01:28 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2004-08-12 13:22 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 14:47 . 2004-08-12 13:33 667136 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47 . 2004-08-12 13:30 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-25 14:47 . 2004-08-12 13:19 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-04-25 12:56 . 2004-08-12 13:19 369664 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-12 13:23 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-13 18:30 . 2011-04-13 18:30 37027 ----a-w- c:\windows\atmoUn.exe

.

<pre>

c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe

c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe

c:\program files\ScanSoft\OmniPageSE4\OpwareSE4 .exe

</pre>

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-25 122939]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]

.

c:\documents and settings\Carol WS #5\Start Menu\Programs\Startup\

Eagle Listener.lnk - c:\3apps\Catapult\3listen.exe [2011-6-14 573440]

Eagle Scheduler.lnk - c:\3apps\Catapult\Sched.exe [2010-10-26 745472]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"23514:TCP"= 23514:TCP:spport

.

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 8:48 AM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 8:48 AM 135664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 13:48]

.

2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 13:48]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: Interfaces\{28CC0F2B-9A16-47BE-B4AD-A286619AFC77}: NameServer = 64.254.32.10,64.254.32.11

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-16 12:21

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST340014A rev.8.16 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8972131B

user & kernel MBR OK

.

**************************************************************************

.

Completion time: 2011-06-16 12:24:54

ComboFix-quarantined-files.txt 2011-06-16 17:24

.

Pre-Run: 25,578,061,824 bytes free

Post-Run: 25,694,121,984 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 284D46F54CA430F2D229836ACB79CD32

Link to post
Share on other sites

Hello carterhelp and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

***Note: In order for ComboFix to run properly AVG must be uninstalled. Please go here and follow the instructions to uninstall AVG.

You can reinstall it after the computer is clean.

-------------

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.

It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

With that being said, please proceed with the following:

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Here are the results from the Security Check:

Results of screen317's Security Check version 0.99.14

Windows XP Service Pack 3

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

avast! Free Antivirus

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

``````````End of Log````````````

Here are the results from the TDSSKiller:

2011/06/20 11:07:44.0671 0784 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15

2011/06/20 11:07:45.0234 0784 ================================================================================

2011/06/20 11:07:45.0234 0784 SystemInfo:

2011/06/20 11:07:45.0234 0784

2011/06/20 11:07:45.0234 0784 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/20 11:07:45.0234 0784 Product type: Workstation

2011/06/20 11:07:45.0234 0784 ComputerName: CARTEROFFICEWS5

2011/06/20 11:07:45.0234 0784 UserName: Carol WS #5

2011/06/20 11:07:45.0234 0784 Windows directory: C:\WINDOWS

2011/06/20 11:07:45.0234 0784 System windows directory: C:\WINDOWS

2011/06/20 11:07:45.0234 0784 Processor architecture: Intel x86

2011/06/20 11:07:45.0234 0784 Number of processors: 1

2011/06/20 11:07:45.0234 0784 Page size: 0x1000

2011/06/20 11:07:45.0234 0784 Boot type: Normal boot

2011/06/20 11:07:45.0234 0784 ================================================================================

2011/06/20 11:07:47.0796 0784 Initialize success

2011/06/20 11:07:57.0359 1420 ================================================================================

2011/06/20 11:07:57.0359 1420 Scan started

2011/06/20 11:07:57.0359 1420 Mode: Manual;

2011/06/20 11:07:57.0359 1420 ================================================================================

2011/06/20 11:07:58.0250 1420 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/06/20 11:07:58.0937 1420 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/20 11:07:59.0125 1420 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/06/20 11:07:59.0703 1420 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/06/20 11:07:59.0859 1420 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/20 11:07:59.0984 1420 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/06/20 11:08:00.0468 1420 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/06/20 11:08:00.0750 1420 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/06/20 11:08:00.0906 1420 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/06/20 11:08:01.0015 1420 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/06/20 11:08:01.0187 1420 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys

2011/06/20 11:08:01.0390 1420 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys

2011/06/20 11:08:01.0578 1420 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/06/20 11:08:01.0750 1420 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/20 11:08:01.0890 1420 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/20 11:08:02.0093 1420 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/20 11:08:02.0343 1420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/20 11:08:02.0578 1420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/20 11:08:03.0140 1420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/20 11:08:03.0421 1420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/20 11:08:04.0125 1420 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/20 11:08:04.0359 1420 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/20 11:08:05.0140 1420 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/20 11:08:05.0328 1420 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/20 11:08:05.0937 1420 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/20 11:08:06.0078 1420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/20 11:08:06.0250 1420 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/20 11:08:06.0796 1420 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/20 11:08:07.0062 1420 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys

2011/06/20 11:08:07.0265 1420 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys

2011/06/20 11:08:07.0531 1420 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/06/20 11:08:07.0765 1420 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/20 11:08:07.0937 1420 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/06/20 11:08:08.0109 1420 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/20 11:08:08.0218 1420 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/06/20 11:08:08.0718 1420 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/06/20 11:08:08.0953 1420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/20 11:08:09.0078 1420 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/20 11:08:09.0218 1420 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/20 11:08:09.0531 1420 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/20 11:08:09.0812 1420 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/20 11:08:09.0984 1420 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/06/20 11:08:10.0187 1420 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/20 11:08:10.0468 1420 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/06/20 11:08:10.0640 1420 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/06/20 11:08:10.0765 1420 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/06/20 11:08:10.0890 1420 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/20 11:08:11.0015 1420 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/20 11:08:11.0296 1420 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/20 11:08:11.0500 1420 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/20 11:08:11.0750 1420 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/20 11:08:11.0921 1420 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/20 11:08:12.0093 1420 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/20 11:08:12.0281 1420 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/20 11:08:12.0468 1420 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/20 11:08:12.0734 1420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/20 11:08:12.0890 1420 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/20 11:08:13.0062 1420 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/20 11:08:13.0250 1420 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/20 11:08:13.0406 1420 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys

2011/06/20 11:08:14.0156 1420 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/20 11:08:14.0609 1420 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/20 11:08:14.0859 1420 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/20 11:08:15.0031 1420 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/20 11:08:15.0187 1420 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/20 11:08:15.0359 1420 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/20 11:08:15.0515 1420 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/20 11:08:15.0656 1420 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/20 11:08:15.0875 1420 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/20 11:08:16.0031 1420 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/20 11:08:16.0203 1420 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/20 11:08:16.0375 1420 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/20 11:08:16.0484 1420 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/20 11:08:16.0656 1420 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/20 11:08:16.0796 1420 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/20 11:08:17.0015 1420 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/06/20 11:08:17.0171 1420 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/20 11:08:17.0406 1420 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/20 11:08:17.0609 1420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/20 11:08:17.0781 1420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/20 11:08:17.0953 1420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/20 11:08:18.0093 1420 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/06/20 11:08:18.0234 1420 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

2011/06/20 11:08:18.0390 1420 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/06/20 11:08:18.0562 1420 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/20 11:08:18.0718 1420 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/20 11:08:18.0890 1420 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/20 11:08:19.0062 1420 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/20 11:08:19.0234 1420 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/06/20 11:08:19.0796 1420 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/20 11:08:19.0953 1420 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/20 11:08:20.0062 1420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/20 11:08:20.0531 1420 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/20 11:08:20.0656 1420 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/20 11:08:20.0796 1420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/20 11:08:20.0968 1420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/20 11:08:21.0125 1420 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/20 11:08:21.0421 1420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/20 11:08:21.0609 1420 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/20 11:08:21.0765 1420 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/20 11:08:21.0890 1420 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/20 11:08:22.0093 1420 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys

2011/06/20 11:08:22.0250 1420 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/20 11:08:22.0390 1420 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/20 11:08:22.0484 1420 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/06/20 11:08:22.0640 1420 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/06/20 11:08:22.0859 1420 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys

2011/06/20 11:08:23.0078 1420 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/20 11:08:23.0234 1420 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/20 11:08:23.0390 1420 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/20 11:08:23.0593 1420 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys

2011/06/20 11:08:23.0968 1420 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys

2011/06/20 11:08:24.0171 1420 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

2011/06/20 11:08:24.0375 1420 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/20 11:08:24.0546 1420 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/20 11:08:25.0046 1420 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/20 11:08:25.0203 1420 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/20 11:08:25.0375 1420 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/20 11:08:25.0515 1420 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/20 11:08:25.0656 1420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/20 11:08:25.0796 1420 tfsnboio (1f6035dee9f748071c2a4cd0270edea5) C:\WINDOWS\system32\dla\tfsnboio.sys

2011/06/20 11:08:25.0984 1420 tfsncofs (2e5b4d4281e78922d8f31c3392f14f25) C:\WINDOWS\system32\dla\tfsncofs.sys

2011/06/20 11:08:26.0171 1420 tfsndrct (e12baa62a9746992e3ca6fd653af295d) C:\WINDOWS\system32\dla\tfsndrct.sys

2011/06/20 11:08:26.0406 1420 tfsndres (87a31923f6ec5cf4bd2dd2557a0c4c2f) C:\WINDOWS\system32\dla\tfsndres.sys

2011/06/20 11:08:26.0609 1420 tfsnifs (9e3b79db06b62222b3b2a9bf3d0cd4de) C:\WINDOWS\system32\dla\tfsnifs.sys

2011/06/20 11:08:26.0796 1420 tfsnopio (af567c6b7d527e0d08352d25c11027fb) C:\WINDOWS\system32\dla\tfsnopio.sys

2011/06/20 11:08:27.0000 1420 tfsnpool (d123ca23c33ff2dab456162d1d4f7d09) C:\WINDOWS\system32\dla\tfsnpool.sys

2011/06/20 11:08:27.0203 1420 tfsnudf (14558f878b70e73a1800b257e5bbf2ae) C:\WINDOWS\system32\dla\tfsnudf.sys

2011/06/20 11:08:27.0421 1420 tfsnudfa (2d06979d0c9d44090995bb09b4820c8d) C:\WINDOWS\system32\dla\tfsnudfa.sys

2011/06/20 11:08:27.0687 1420 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/20 11:08:27.0953 1420 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/20 11:08:28.0125 1420 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/20 11:08:28.0281 1420 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/20 11:08:28.0390 1420 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/20 11:08:28.0531 1420 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/20 11:08:28.0703 1420 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/20 11:08:29.0125 1420 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/20 11:08:29.0468 1420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/20 11:08:29.0781 1420 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/20 11:08:30.0000 1420 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/06/20 11:08:30.0093 1420 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0

2011/06/20 11:08:30.0093 1420 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/06/20 11:08:30.0109 1420 ================================================================================

2011/06/20 11:08:30.0109 1420 Scan finished

2011/06/20 11:08:30.0109 1420 ================================================================================

2011/06/20 11:08:30.0125 1692 Detected object count: 1

2011/06/20 11:08:30.0125 1692 Actual detected object count: 1

2011/06/20 11:08:39.0578 1692 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/06/20 11:08:39.0578 1692 \Device\Harddisk0\DR0 - ok

2011/06/20 11:08:39.0578 1692 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/06/20 11:08:49.0062 0828 Deinitialize success

I haven't noticed the svchost.exe causing 100% cpu usage so far. I was also having problems with the internet redirecting to pages I wasn't "requesting" but I haven't had the opportunity to "check" that problem since running the TDSSKiller.

Link to post
Share on other sites

I haven't noticed the svchost.exe causing 100% cpu usage so far.

I am glad to hear that! :)

I was also having problems with the internet redirecting to pages I wasn't "requesting" but I haven't had the opportunity to "check" that problem since running the TDSSKiller.

Okay, let me know if you encounter anything unusual. ;)

We still have some more to do:

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please delete the following file (in bold): c:\documents and settings\Carol WS #5\Desktop\ComboFix.exe

Then, please download ComboFix.exe again, and save it to your Desktop. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (AVG must be uninstalled to run ComboFix proplerly).

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

Link to post
Share on other sites

Here is the txt file from the Combofix:

ComboFix 11-06-19.0r1 - Carol WS #5 06/20/2011 12:40:57.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.898 [GMT -5:00]

Running from: c:\documents and settings\Carol WS #5\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

.

.

((((((((((((((((((((((((( Files Created from 2011-05-20 to 2011-06-20 )))))))))))))))))))))))))))))))

.

.

2011-06-17 18:16 . 2011-06-17 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}

2011-06-17 18:11 . 2011-06-17 18:11 -------- d-----w- c:\documents and settings\Carol WS #5\Application Data\Uniblue

2011-06-17 18:11 . 2011-06-17 18:11 -------- d-----w- c:\program files\Uniblue

2011-06-17 18:11 . 2011-06-17 18:11 -------- d-----w- c:\documents and settings\Carol WS #5\Local Settings\Application Data\PackageAware

2011-06-17 18:06 . 2011-06-20 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2011-06-17 18:05 . 2011-06-20 16:45 -------- d-----w- c:\program files\Security Task Manager

2011-06-17 16:27 . 2011-06-17 16:27 -------- d-----w- c:\documents and settings\Carol WS #5\Application Data\DriverCure

2011-06-17 16:27 . 2011-06-17 16:27 -------- d-----w- c:\documents and settings\Carol WS #5\Application Data\ParetoLogic

2011-06-17 16:26 . 2011-06-17 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

2011-06-16 19:17 . 1996-12-02 23:44 582144 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\DAO350.DLL

2011-06-16 18:21 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-06-16 18:21 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-06-16 18:20 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-06-16 18:20 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-06-16 18:20 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-06-16 18:20 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-06-16 18:20 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-06-16 18:20 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-06-16 18:20 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr

2011-06-16 18:20 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-06-16 12:29 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-16 12:29 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll

2011-06-15 19:37 . 1999-12-17 16:57 26896 ----a-w- c:\windows\system32\Hh.exe

2011-06-15 14:28 . 2011-06-17 18:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-06-10 17:11 . 2011-06-10 17:11 -------- d-----w- C:\$AVG

2011-06-10 16:40 . 2011-06-10 16:40 -------- d-----w- c:\documents and settings\Carol WS #5\Application Data\AVG10

2011-06-10 16:34 . 2011-06-10 16:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-06-10 16:31 . 2011-06-16 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-06-10 16:29 . 2011-06-16 17:00 -------- d-----w- c:\program files\AVG

2011-06-10 16:24 . 2011-06-16 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-06-09 20:22 . 2011-06-09 20:22 -------- d-----w- c:\documents and settings\Carol WS #5\Application Data\Malwarebytes

2011-06-09 20:22 . 2011-06-09 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-02 15:31 . 2005-12-09 01:28 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2004-08-12 13:22 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 14:47 . 2004-08-12 13:33 667136 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47 . 2004-08-12 13:30 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-25 14:47 . 2004-08-12 13:19 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-04-25 12:56 . 2004-08-12 13:19 369664 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-12 13:23 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-13 18:30 . 2011-04-13 18:30 37027 ----a-w- c:\windows\atmoUn.exe

.

<pre>
c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\ScanSoft\OmniPageSE4\OpwareSE4 .exe
</pre>

.

((((((((((((((((((((((((((((( SnapShot@2011-06-16_17.22.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-12 13:26 . 2011-06-20 16:36 68454 c:\windows\system32\perfc009.dat

+ 2010-10-06 16:57 . 1998-10-09 21:02 75776 c:\windows\system32\Dwspy36.dll

+ 2004-08-12 13:19 . 2008-04-14 00:12 10752 c:\windows\system32\dllcache\hh.exe

+ 2011-06-20 16:41 . 2011-06-20 16:41 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\61c3b1e170de97a8d418b610bd9b0c77\System.Windows.Presentation.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a4173f12a0fea30f95bc56ab04f64cae\System.Web.DynamicData.Design.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ab5802527ce15dbcc25e301dbbb4d666\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll

+ 2011-06-20 16:39 . 2011-06-20 16:39 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e9bb32c656a2f80b629f129d738c392b\PresentationFontCache.ni.exe

+ 2011-06-20 16:36 . 2011-06-20 16:36 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\d54d318ae1eb0667badea576d0534f9d\PresentationCFFRasterizer.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\87fe1d01b568b3bc9c750b7cf7802516\Microsoft.Vsa.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe

+ 2011-06-20 17:01 . 2011-06-20 17:01 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-04-16 08:07 . 2011-04-16 08:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-04-16 08:07 . 2011-04-16 08:07 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2004-08-12 13:26 . 2011-06-20 16:36 435558 c:\windows\system32\perfh009.dat

+ 2005-12-08 17:34 . 2011-06-16 19:22 139648 c:\windows\system32\FNTCACHE.DAT

- 2005-12-08 17:34 . 2011-06-15 19:42 139648 c:\windows\system32\FNTCACHE.DAT

- 2011-01-18 09:39 . 2011-01-18 09:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2011-03-25 11:15 . 2011-03-25 11:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2011-01-18 09:39 . 2011-01-18 09:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2011-03-25 11:15 . 2011-03-25 11:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2011-03-25 11:15 . 2011-03-25 11:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2011-01-18 09:39 . 2011-01-18 09:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\8ba27eaa0f7d987f92319c64aefd2e98\WsatConfig.ni.exe

+ 2011-06-20 16:41 . 2011-06-20 16:41 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\431d5dc1cfcc0c0530e813f370931670\WindowsFormsIntegration.ni.dll

+ 2011-06-20 16:41 . 2011-06-20 16:41 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll

+ 2011-06-20 16:41 . 2011-06-20 16:41 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\00dfe5563886a1f69c96b3acb839107b\UIAutomationClient.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\80187a9cfed4fd0ec82746495be76764\System.Xml.Linq.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\58c421c537b1c3f3878458ad306b2a42\System.Web.Routing.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\dc26fff00ce95d24fd190f38904bb2b3\System.Web.RegularExpressions.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4e3dd4d7f9aeda74a2fcefee036e5070\System.Web.Extensions.Design.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4fb1c0c07f40248b463f2e33444b9477\System.Web.Entity.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4dfcffc6e6d02bdcdc185d5527a8097e\System.Web.Entity.Design.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b921d1cffcd5e80ea14c51db967edd6\System.Web.DynamicData.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\702b506e56d3a7051aea7822cd915c7f\System.Web.Abstractions.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll

+ 2011-06-20 17:03 . 2011-06-20 17:03 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\503ccbb50e9c06c2f0b02ad8c3f2d100\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\ac53723e41898bc0e8a591c2e4f6f39b\System.Net.ni.dll

+ 2011-06-20 17:03 . 2011-06-20 17:03 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll

+ 2011-06-20 17:03 . 2011-06-20 17:03 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\4a3a674008d8102c1aa5b3fc18251ef7\System.Management.Instrumentation.ni.dll

+ 2011-06-20 17:01 . 2011-06-20 17:01 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7f5f5bfd5f8d6587c96870751a6eb44d\System.IO.Log.ni.dll

+ 2011-06-20 17:01 . 2011-06-20 17:01 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\de1bf796614ca11afd9fab95edb1b4e2\System.IdentityModel.Selectors.ni.dll

+ 2011-06-20 17:03 . 2011-06-20 17:03 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.Wrapper.dll

+ 2011-06-20 17:03 . 2011-06-20 17:03 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll

+ 2011-06-20 16:40 . 2011-06-20 16:40 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\1af8683e05c42eb32f46578fe5a8f83f\System.Drawing.Design.ni.dll

+ 2011-06-20 17:03 . 2011-06-20 17:03 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\791a6643b70542b148d977ff42f2f2ef\System.DirectoryServices.Protocols.ni.dll

+ 2011-06-20 17:03 . 2011-06-20 17:03 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\31759ad8be21735f0a369c37514c2efc\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-06-20 17:03 . 2011-06-20 17:03 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\df507a4500e73fa4cfc13f65a1c9055e\System.Data.Services.Client.ni.dll

+ 2011-06-20 17:03 . 2011-06-20 17:03 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d1778fffc09d783bc90512b65d35be66\System.Data.Services.Design.ni.dll

+ 2011-06-20 17:03 . 2011-06-20 17:03 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a47a8bf16370c93b3c6a471e48cc67a\System.Data.Entity.Design.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\50492d147392c238edc5a614beccb91b\System.Data.DataSetExtensions.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll

+ 2011-06-20 17:03 . 2011-06-20 17:03 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\77015cc1e6d9e7d20e63903777afd6df\System.AddIn.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6ca41c7917119c3a9de0bcdca525001d\SMSvcHost.ni.exe

+ 2011-06-20 17:02 . 2011-06-20 17:02 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8ff6d395f8861384bc9bfbe34cafb64e\SMDiagnostics.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\67dc00c24e551003f6dacb73fe9cf881\ServiceModelReg.ni.exe

+ 2011-06-20 16:39 . 2011-06-20 16:39 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e468e9265c844f74577530e4df71f120\PresentationFramework.Aero.ni.dll

+ 2011-06-20 16:39 . 2011-06-20 16:39 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\959709491c71caef88fb41b0eb159714\PresentationFramework.Classic.ni.dll

+ 2011-06-20 16:39 . 2011-06-20 16:39 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\807b62468c2893ee943dffff63a34d8d\PresentationFramework.Royale.ni.dll

+ 2011-06-20 16:39 . 2011-06-20 16:39 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6cf82f370413a2cd1e6bc54060334753\PresentationFramework.Luna.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\0add35a0fbe0c381c998b651c5979902\MSBuild.ni.exe

+ 2011-06-20 17:02 . 2011-06-20 17:02 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\667dc256d9eb3577f2514c89c5974aff\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d5561a4ad04c22f0eb5acf4736c7936e\Microsoft.Build.Utilities.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1a0623063225521aa43044314cc5e721\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\530f98922474a31636c34fa3db9a63ba\Microsoft.Build.Engine.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\7e75fca3ca1f36df8ac624190d9cd283\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\c0f5f3c318a92212bbe3b413eeb2b374\ComSvcConfig.ni.exe

+ 2011-06-20 17:01 . 2011-06-20 17:01 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\0524928cbd0a686db3960ef688d0d37e\AspNetMMCExt.ni.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2011-03-25 11:15 . 2011-03-25 11:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

- 2008-07-25 16:17 . 2008-07-25 16:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2011-01-18 09:39 . 2011-01-18 09:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

- 2010-03-23 10:32 . 2010-03-23 10:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2011-03-25 11:15 . 2011-03-25 11:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2011-01-18 09:39 . 2011-01-18 09:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-03-25 11:15 . 2011-03-25 11:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-01-19 04:36 . 2011-01-19 04:36 2687488 c:\windows\Installer\12d01b.msp

+ 2011-06-20 16:38 . 2011-06-20 16:38 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsBase.ni.dll

+ 2011-06-20 16:41 . 2011-06-20 16:41 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\901c3796073853746fecd8979c679494\UIAutomationClientsideProviders.ni.dll

+ 2011-06-20 16:36 . 2011-06-20 16:36 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll

+ 2011-06-20 16:41 . 2011-06-20 16:41 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\2877dda3e0f0faeba527b4bf1efe9cb5\System.WorkflowServices.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d7cb3697989fe6fa3a08d2821d38aa5e\System.Workflow.Runtime.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\4ac04107c35485d415f9e1bebfd155dd\System.Workflow.ComponentModel.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\2169feb8bd57d96e621fa26d9391d463\System.Workflow.Activities.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\bdad1c0f4eb846543b234353fd2b926f\System.Web.Mobile.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\647bfe6da40e8160b967c41424901dc8\System.Web.Extensions.ni.dll

+ 2011-06-20 16:40 . 2011-06-20 16:40 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2047e63293e067b351b8f0e038253f33\System.Speech.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ead07662976fb7094811461c568643d5\System.ServiceModel.Web.ni.dll

+ 2011-06-20 17:01 . 2011-06-20 17:01 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c889a45c82004537f1620dd3b211af66\System.Runtime.Serialization.ni.dll

+ 2011-06-20 16:40 . 2011-06-20 16:40 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\c64aa916251a45206a805ab6488b9255\System.Printing.ni.dll

+ 2011-06-20 17:01 . 2011-06-20 17:01 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a8039af85f459c19c041313f9fe0d7e8\System.IdentityModel.ni.dll

+ 2011-06-20 16:40 . 2011-06-20 16:40 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll

+ 2011-06-20 17:03 . 2011-06-20 17:03 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\55211bc8f4fcff47c05bfc3020d97148\System.DirectoryServices.ni.dll

+ 2011-06-20 17:03 . 2011-06-20 17:03 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f9ff2fb342cd5102e2d95883b3433a5d\System.Deployment.ni.dll

+ 2011-06-20 16:40 . 2011-06-20 16:40 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef31ab37b0d7c3c1a6d72646966c8911\System.Data.SqlXml.ni.dll

+ 2011-06-20 17:03 . 2011-06-20 17:03 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f945e9c32c775bb604ab83d8933f1b2c\System.Data.Services.ni.dll

+ 2011-06-20 16:40 . 2011-06-20 16:40 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\283e9bf48e17bdb34acdc93bd5721be0\System.Data.Linq.ni.dll

+ 2011-06-20 17:03 . 2011-06-20 17:03 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\368c85cccea8a1206be5c849fd6614e3\System.Data.Entity.ni.dll

+ 2011-06-20 16:40 . 2011-06-20 16:40 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd2e04dfab2993479ae17ea3fa4f6222\System.Core.ni.dll

+ 2011-06-20 16:39 . 2011-06-20 16:39 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4f82a0a1b4405ef61dfa088d11161e35\ReachFramework.ni.dll

+ 2011-06-20 16:39 . 2011-06-20 16:39 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\148505f5b0307230de5d355f10d30a20\PresentationUI.ni.dll

+ 2011-06-20 16:36 . 2011-06-20 16:36 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\1fab86af683c04bdb0aaf65ce7fcd9e5\PresentationBuildTasks.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7292ca9d793cb71cf3d41ae663e7139b\Microsoft.VisualBasic.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\abaf7a180354ed5ec099fb69339b538a\Microsoft.Transactions.Bridge.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b41db9f2897f538203911026bb0abd5d\Microsoft.JScript.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a91940f9033c7910f3f64c061571cec9\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\5195a94327ccef45d202776e932e847b\Microsoft.Build.Tasks.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3efbca53acdd34586bd7f6f87e71ed62\Microsoft.Build.Engine.ni.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2011-04-16 08:07 . 2011-04-16 08:07 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-06-20 16:35 . 2011-06-20 16:35 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-03-28 08:27 . 2011-03-28 08:27 15456256 c:\windows\Installer\12d014.msp

+ 2011-06-20 16:41 . 2011-06-20 16:41 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll

+ 2011-06-20 17:04 . 2011-06-20 17:04 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.Web.ni.dll

+ 2011-06-20 17:02 . 2011-06-20 17:02 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll

+ 2011-06-20 16:40 . 2011-06-20 16:40 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\ee914f59ad8211e0b6734dccffd9986e\System.Design.ni.dll

+ 2011-06-20 16:39 . 2011-06-20 16:39 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\999df2b262da53356dda514512bb7bb8\PresentationFramework.ni.dll

+ 2011-06-20 16:39 . 2011-06-20 16:39 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\caafa254739e326b0cf55eed815b4333\PresentationCore.ni.dll

+ 2011-06-20 16:34 . 2011-06-20 16:34 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-25 122939]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]

.

c:\documents and settings\Carol WS #5\Start Menu\Programs\Startup\

Eagle Listener.lnk - c:\3apps\Catapult\3listen.exe [2011-6-16 573440]

Eagle Scheduler.lnk - c:\3apps\Catapult\Sched.exe [2010-10-26 745472]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"23514:TCP"= 23514:TCP:spport

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/16/2011 1:20 PM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/16/2011 1:21 PM 307928]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/16/2011 1:21 PM 19544]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 8:48 AM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 8:48 AM 135664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 13:48]

.

2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 13:48]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: Interfaces\{28CC0F2B-9A16-47BE-B4AD-A286619AFC77}: NameServer = 64.254.32.10,64.254.32.11

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-20 12:52

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-06-20 12:55:37

ComboFix-quarantined-files.txt 2011-06-20 17:55

ComboFix2.txt 2011-06-16 17:24

.

Pre-Run: 28,754,501,632 bytes free

Post-Run: 29,114,327,040 bytes free

.

- - End Of File - - 232B40C06F317BB8E9BCD3B2C3C60B45

I haven't notice any other issues, but the computer with the problem is not my computer (and the person who uses it is not using it today) so I'm not sure if everything is fixed. I forgot one of the other problems I had was not being able to go to the windows update webpage so I tried that again this morning & that is working now too.

Link to post
Share on other sites

I haven't notice any other issues, but the computer with the problem is not my computer (and the person who uses it is not using it today) so I'm not sure if everything is fixed. I forgot one of the other problems I had was not being able to go to the windows update webpage so I tried that again this morning & that is working now too.

Good to hear! Please hold off on installing any updates for now until we verify that you are clean. ;)

-------------

**I see you have installed UniBlue Registry Booster.

These so-called "Registry Boosters" and "Registry Cleaners" can actually do more harm than good.

Some registry cleaners make no distinction as to the severity of the errors, and many that do may erroneously categorize errors as "critical" with little basis to support it, and can end up severely harming your Operating System.

I strongly suggest you uninstall the following program: UniBlue Registry Booster.

Please go to Start -> Control Panel -> Add or Remove Programs. Select the name of the program, and click Remove. Afterwards, please reboot your computer.

-------------

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file/s for analysis: You will only be able to have one file scanned at a time.

c:\windows\system32\Hh.exe

c:\windows\system32\dllcache\hh.exe

Then click Submit. Allow the file to be scanned, and then please copy/paste the results here for me to see.

If Jotti is busy, please go to http://www.virustotal.com.

Please include both of the online file scan results in your next reply.

Link to post
Share on other sites

I thought I had deleted the UniBlue already. I did a file search for that name & found a folder under Program Files still so I deleted that. If I need to do something else, let me know. It's not listed in Add/Remove programs. Here are the results from the file scan.

Filename: Hh.exe

Status: Scan finished. 0 out of 20 scanners reported malware.

Scan taken on: Mon 20 Jun 2011 20:56:27 (CET) Permalink

--------------------------------------------------------------------------------

Additional info

File size: 26896 bytes

Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5: a21a0bd60740694f1458445a3a35feff

SHA1: 8f2d217b2399b9a9185efc76a64e9d6d859e5543

This file has been scanned before. The results for this previous scan are listed below.

--------------------------------------------------------------------------------

Filename: hh.exe

Status: Scan finished. 0 out of 19 scanners reported malware.

Scan taken on: Tue 16 Nov 2010 04:48:06 (CET) Permalink

--------------------------------------------------------------------------------

Link to post
Share on other sites

I thought I had deleted the UniBlue already. I did a file search for that name & found a folder under Program Files still so I deleted that. If I need to do something else, let me know. It's not listed in Add/Remove programs. Here are the results from the file scan.

Let's try removing it with Revo: (if it doesn't show up there, don't worry about it)

Please download and install Revo Uninstaller (Freeware) from here. Then please run Revo Uninstaller and select UniBlue.

Please click Uninstall icon to uninstall the selected program.

2ev563d.gif

Please choose Advanced.

aubbd2.gif

Then click Next and follow the prompts.

Please click Select All (1.) and Delete (2.)

2hdphqf.gif

to delete all registry items, folders and files listed by Revo.

If asked to restart the computer, please do so immediately.

-------------

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

I download the Revo Uninstaller & UniBlue was not listed.

Here is the file from the ESET scan:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6526

# api_version=3.0.2

# EOSSerial=07ab1386982ea04ab1b4809f8522e342

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-20 10:12:12

# local_time=2011-06-20 05:12:12 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=768 16777215 100 0 34771827 34771827 0 0

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=43034

# found=0

# cleaned=0

# scan_time=1452

Link to post
Share on other sites

I download the Revo Uninstaller & UniBlue was not listed.

Okay, glad to hear its gone. ;)

Let's move on.

You are using Internet Explorer version 7. The latest version is 8. Using an outdated version of a web browser leaves you extremley vulnerable to malware!

Please see this link to download the latest version: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

-------------

At one point, you had multiple Antivirus/Antispyware programs installed on your computer (AVG, McAfee, and Avast).

It is very important that you only keep one Antivirus program running in resident mode and one Antispyware running in resident mode. Having multiple protection programs of the same type can cause them to conflict, causing further problems.

My suggestion is that you keep Avast installed, as it provides you with both antivirus and antispyware support.

(If you wish to uninstall McAfee, you will need to download and run the McAfee Consumer Product Removal Tool)

-------------

Your logs appear to be clean. If you have any more problems or concerns, please let me know. :) If not, please proceed with the following.

I will provide you with some suggestions for security software, but first, ComboFix must be uninstalled

-------------

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

**You may now reinstall AVG AntiVirus if you haven't already.

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.