Infected- kills MalwareBytes

[Westycat]

I am being redirected on google searches and have IE ads popping up even when I am not running it. When I try to run a quick scan or scan with malwarebytes, it closes immediately. Thanks.

[screen317]

Hi and welcome to Malwarebytes.

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

[Westycat]

Thanks for your help; sorry for the delay, I've been away for the weekend.

TDSSkiller log:

09:22:38.0692 3524 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06

09:22:39.0286 3524 ============================================================

09:22:39.0286 3524 Current date / time: 2011/10/10 09:22:39.0286

09:22:39.0286 3524 SystemInfo:

09:22:39.0286 3524

09:22:39.0286 3524 OS Version: 5.1.2600 ServicePack: 3.0

09:22:39.0286 3524 Product type: Workstation

09:22:39.0286 3524 ComputerName: BENJILKA

09:22:39.0286 3524 UserName: ben

09:22:39.0286 3524 Windows directory: C:\WINDOWS

09:22:39.0286 3524 System windows directory: C:\WINDOWS

09:22:39.0286 3524 Processor architecture: Intel x86

09:22:39.0286 3524 Number of processors: 2

09:22:39.0286 3524 Page size: 0x1000

09:22:39.0286 3524 Boot type: Normal boot

09:22:39.0286 3524 ============================================================

09:22:39.0661 3524 Initialize success

09:22:52.0676 2472 ============================================================

09:22:52.0676 2472 Scan started

09:22:52.0676 2472 Mode: Manual;

09:22:52.0676 2472 ============================================================

09:22:53.0192 2472 95ad7691 - ok

09:22:53.0223 2472 Abiosdsk - ok

09:22:53.0239 2472 abp480n5 - ok

09:22:53.0301 2472 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:22:53.0301 2472 ACPI - ok

09:22:53.0395 2472 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

09:22:53.0395 2472 ACPIEC - ok

09:22:53.0504 2472 ACPIVPC (5508e9f55799c6551d54dfbc4a068b68) C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys

09:22:53.0520 2472 ACPIVPC - ok

09:22:53.0583 2472 adpu160m - ok

09:22:53.0661 2472 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:22:53.0661 2472 aec - ok

09:22:53.0770 2472 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

09:22:53.0770 2472 AFD - ok

09:22:53.0833 2472 Aha154x - ok

09:22:53.0864 2472 aic78u2 - ok

09:22:53.0864 2472 aic78xx - ok

09:22:53.0879 2472 AliIde - ok

09:22:53.0895 2472 amsint - ok

09:22:53.0958 2472 ApfiltrService (0f83cb9bcb247869bcad28026b8f134b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

09:22:53.0973 2472 ApfiltrService - ok

09:22:54.0067 2472 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

09:22:54.0083 2472 Arp1394 - ok

09:22:54.0114 2472 asc - ok

09:22:54.0145 2472 asc3350p - ok

09:22:54.0145 2472 asc3550 - ok

09:22:54.0223 2472 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:22:54.0223 2472 AsyncMac - ok

09:22:54.0317 2472 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:22:54.0333 2472 atapi - ok

09:22:54.0411 2472 Atdisk - ok

09:22:54.0473 2472 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:22:54.0489 2472 Atmarpc - ok

09:22:54.0567 2472 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:22:54.0583 2472 audstub - ok

09:22:54.0708 2472 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

09:22:54.0708 2472 avgio - ok

09:22:54.0770 2472 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

09:22:54.0770 2472 avgntflt - ok

09:22:54.0848 2472 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

09:22:54.0848 2472 avipbb - ok

09:22:54.0958 2472 b57w2k (104860207ac574dee432f28c1fbb878a) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

09:22:54.0958 2472 b57w2k - ok

09:22:55.0051 2472 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:22:55.0067 2472 Beep - ok

09:22:55.0114 2472 catchme - ok

09:22:55.0192 2472 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:22:55.0208 2472 cbidf2k - ok

09:22:55.0270 2472 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

09:22:55.0286 2472 CCDECODE - ok

09:22:55.0333 2472 cd20xrnt - ok

09:22:55.0395 2472 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:22:55.0395 2472 Cdaudio - ok

09:22:55.0504 2472 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:22:55.0504 2472 Cdfs - ok

09:22:55.0536 2472 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:22:55.0536 2472 Cdrom - ok

09:22:55.0598 2472 Changer - ok

09:22:55.0676 2472 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

09:22:55.0676 2472 CmBatt - ok

09:22:55.0739 2472 CmdIde - ok

09:22:55.0833 2472 CnxtHdAudService (6d3c92d01de6e835e20d92a8366bcf26) C:\WINDOWS\system32\drivers\CHDAU32.sys

09:22:55.0848 2472 CnxtHdAudService - ok

09:22:55.0958 2472 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\WINDOWS\system32\Drivers\COH_Mon.sys

09:22:55.0958 2472 COH_Mon - ok

09:22:56.0067 2472 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

09:22:56.0067 2472 Compbatt - ok

09:22:56.0098 2472 Cpqarray - ok

09:22:56.0129 2472 dac2w2k - ok

09:22:56.0145 2472 dac960nt - ok

09:22:56.0208 2472 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:22:56.0208 2472 Disk - ok

09:22:56.0364 2472 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:22:56.0520 2472 dmboot - ok

09:22:56.0629 2472 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:22:56.0629 2472 dmio - ok

09:22:56.0708 2472 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:22:56.0708 2472 dmload - ok

09:22:56.0739 2472 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:22:56.0739 2472 DMusic - ok

09:22:56.0754 2472 dpti2o - ok

09:22:56.0754 2472 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:22:56.0754 2472 drmkaud - ok

09:22:56.0911 2472 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

09:22:56.0911 2472 eeCtrl - ok

09:22:56.0942 2472 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

09:22:56.0942 2472 EraserUtilRebootDrv - ok

09:22:57.0020 2472 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:22:57.0036 2472 Fastfat - ok

09:22:57.0083 2472 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

09:22:57.0083 2472 Fdc - ok

09:22:57.0129 2472 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:22:57.0129 2472 Fips - ok

09:22:57.0145 2472 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

09:22:57.0145 2472 Flpydisk - ok

09:22:57.0208 2472 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:22:57.0208 2472 FltMgr - ok

09:22:57.0254 2472 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:22:57.0254 2472 Fs_Rec - ok

09:22:57.0348 2472 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:22:57.0379 2472 Ftdisk - ok

09:22:57.0426 2472 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

09:22:57.0426 2472 GEARAspiWDM - ok

09:22:57.0458 2472 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:22:57.0473 2472 Gpc - ok

09:22:57.0504 2472 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:22:57.0504 2472 HDAudBus - ok

09:22:57.0520 2472 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:22:57.0520 2472 HidUsb - ok

09:22:57.0583 2472 hpn - ok

09:22:57.0661 2472 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:22:57.0676 2472 HTTP - ok

09:22:57.0676 2472 i2omgmt - ok

09:22:57.0692 2472 i2omp - ok

09:22:57.0739 2472 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:22:57.0739 2472 i8042prt - ok

09:22:58.0020 2472 ialm (1312e0141a7bd409afadd52fa565927e) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

09:22:58.0254 2472 ialm - ok

09:22:58.0364 2472 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys

09:22:58.0364 2472 iaStor - ok

09:22:58.0458 2472 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:22:58.0473 2472 Imapi - ok

09:22:58.0536 2472 ini910u - ok

09:22:58.0614 2472 IntcHdmiAddService (64c301d73db18ebdc8680ca82d82af2d) C:\WINDOWS\system32\drivers\IntcHdmi.sys

09:22:58.0614 2472 IntcHdmiAddService - ok

09:22:58.0676 2472 IntelIde - ok

09:22:58.0754 2472 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:22:58.0754 2472 intelppm - ok

09:22:58.0864 2472 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:22:58.0864 2472 Ip6Fw - ok

09:22:58.0942 2472 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:22:58.0942 2472 IpFilterDriver - ok

09:22:59.0020 2472 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:22:59.0020 2472 IpInIp - ok

09:22:59.0083 2472 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:22:59.0098 2472 IpNat - ok

09:22:59.0161 2472 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:22:59.0161 2472 IPSec - ok

09:22:59.0239 2472 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:22:59.0254 2472 IRENUM - ok

09:22:59.0348 2472 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys

09:22:59.0348 2472 is3srv - ok

09:22:59.0458 2472 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:22:59.0458 2472 isapnp - ok

09:22:59.0567 2472 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\Iviaspi.sys

09:22:59.0567 2472 Iviaspi - ok

09:22:59.0676 2472 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:22:59.0676 2472 Kbdclass - ok

09:22:59.0786 2472 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:22:59.0786 2472 kmixer - ok

09:22:59.0879 2472 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:22:59.0879 2472 KSecDD - ok

09:23:00.0004 2472 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

09:23:00.0004 2472 Lavasoft Kernexplorer - ok

09:23:00.0114 2472 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

09:23:00.0114 2472 Lbd - ok

09:23:00.0176 2472 lbrtfdc - ok

09:23:00.0270 2472 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:23:00.0270 2472 mnmdd - ok

09:23:00.0411 2472 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:23:00.0426 2472 Modem - ok

09:23:00.0520 2472 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:23:00.0520 2472 Mouclass - ok

09:23:00.0598 2472 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:23:00.0598 2472 mouhid - ok

09:23:00.0661 2472 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:23:00.0661 2472 MountMgr - ok

09:23:00.0676 2472 mraid35x - ok

09:23:00.0676 2472 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:23:00.0692 2472 MRxDAV - ok

09:23:00.0739 2472 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:23:00.0739 2472 MRxSmb - ok

09:23:00.0848 2472 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:23:00.0848 2472 Msfs - ok

09:23:00.0911 2472 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:23:00.0911 2472 MSKSSRV - ok

09:23:00.0973 2472 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:23:00.0973 2472 MSPCLOCK - ok

09:23:01.0004 2472 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:23:01.0004 2472 MSPQM - ok

09:23:01.0067 2472 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:23:01.0067 2472 mssmbios - ok

09:23:01.0161 2472 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

09:23:01.0161 2472 MSTEE - ok

09:23:01.0239 2472 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:23:01.0239 2472 Mup - ok

09:23:01.0286 2472 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

09:23:01.0286 2472 NABTSFEC - ok

09:23:01.0458 2472 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110919.025\NAVENG.SYS

09:23:01.0473 2472 NAVENG - ok

09:23:01.0676 2472 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110919.025\NAVEX15.SYS

09:23:01.0692 2472 NAVEX15 - ok

09:23:01.0801 2472 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:23:01.0817 2472 NDIS - ok

09:23:01.0911 2472 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

09:23:01.0911 2472 NdisIP - ok

09:23:02.0004 2472 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:23:02.0004 2472 NdisTapi - ok

09:23:02.0114 2472 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:23:02.0114 2472 Ndisuio - ok

09:23:02.0208 2472 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:23:02.0223 2472 NdisWan - ok

09:23:02.0301 2472 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:23:02.0301 2472 NDProxy - ok

09:23:02.0395 2472 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:23:02.0395 2472 NetBIOS - ok

09:23:02.0473 2472 NetBT (e3062c4d88d2bc15f7ea73fab9ede3c9) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:23:02.0473 2472 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: e3062c4d88d2bc15f7ea73fab9ede3c9, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d

09:23:02.0473 2472 NetBT ( Rootkit.Win32.ZAccess.g ) - infected

09:23:02.0473 2472 NetBT - detected Rootkit.Win32.ZAccess.g (0)

09:23:02.0692 2472 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

09:23:02.0786 2472 NETw5x32 - ok

09:23:02.0879 2472 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

09:23:02.0895 2472 NIC1394 - ok

09:23:03.0004 2472 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:23:03.0020 2472 Npfs - ok

09:23:03.0051 2472 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:23:03.0067 2472 Ntfs - ok

09:23:03.0145 2472 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:23:03.0145 2472 Null - ok

09:23:03.0176 2472 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:23:03.0192 2472 NwlnkFlt - ok

09:23:03.0270 2472 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:23:03.0270 2472 NwlnkFwd - ok

09:23:03.0442 2472 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

09:23:03.0458 2472 ohci1394 - ok

09:23:03.0567 2472 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

09:23:03.0567 2472 Parport - ok

09:23:03.0661 2472 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:23:03.0661 2472 PartMgr - ok

09:23:03.0754 2472 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:23:03.0754 2472 ParVdm - ok

09:23:03.0833 2472 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:23:03.0833 2472 PCI - ok

09:23:03.0895 2472 PCIDump - ok

09:23:03.0973 2472 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:23:03.0973 2472 PCIIde - ok

09:23:04.0083 2472 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

09:23:04.0098 2472 Pcmcia - ok

09:23:04.0145 2472 PDCOMP - ok

09:23:04.0176 2472 PDFRAME - ok

09:23:04.0192 2472 PDRELI - ok

09:23:04.0192 2472 PDRFRAME - ok

09:23:04.0208 2472 perc2 - ok

09:23:04.0208 2472 perc2hib - ok

09:23:04.0286 2472 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:23:04.0286 2472 PptpMiniport - ok

09:23:04.0395 2472 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:23:04.0395 2472 PSched - ok

09:23:04.0504 2472 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:23:04.0504 2472 Ptilink - ok

09:23:04.0661 2472 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:23:04.0661 2472 PxHelp20 - ok

09:23:04.0708 2472 ql1080 - ok

09:23:04.0723 2472 Ql10wnt - ok

09:23:04.0739 2472 ql12160 - ok

09:23:04.0739 2472 ql1240 - ok

09:23:04.0754 2472 ql1280 - ok

09:23:04.0801 2472 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:23:04.0801 2472 RasAcd - ok

09:23:04.0911 2472 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:23:04.0911 2472 Rasl2tp - ok

09:23:05.0083 2472 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:23:05.0083 2472 RasPppoe - ok

09:23:05.0176 2472 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:23:05.0176 2472 Raspti - ok

09:23:05.0317 2472 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:23:05.0317 2472 Rdbss - ok

09:23:05.0458 2472 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:23:05.0458 2472 RDPCDD - ok

09:23:05.0567 2472 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

09:23:05.0583 2472 rdpdr - ok

09:23:05.0661 2472 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

09:23:05.0676 2472 RDPWD - ok

09:23:05.0817 2472 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:23:05.0817 2472 redbook - ok

09:23:05.0895 2472 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys

09:23:05.0895 2472 regi - ok

09:23:06.0036 2472 RSUSBSTOR (030442f08aec1a5d7cf035cc514374b9) C:\WINDOWS\system32\Drivers\RTS5121.sys

09:23:06.0051 2472 RSUSBSTOR - ok

09:23:06.0161 2472 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

09:23:06.0161 2472 rtl8139 - ok

09:23:06.0223 2472 Rts516xIR - ok

09:23:06.0379 2472 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

09:23:06.0379 2472 SASDIFSV - ok

09:23:06.0426 2472 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

09:23:06.0426 2472 SASKUTIL - ok

09:23:06.0598 2472 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

09:23:06.0598 2472 sdbus - ok

09:23:06.0692 2472 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:23:06.0708 2472 Secdrv - ok

09:23:06.0848 2472 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

09:23:06.0848 2472 Serial - ok

09:23:06.0958 2472 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

09:23:06.0958 2472 Sfloppy - ok

09:23:07.0067 2472 Simbad - ok

09:23:07.0176 2472 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

09:23:07.0192 2472 SLIP - ok

09:23:07.0317 2472 Sparrow - ok

09:23:07.0473 2472 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

09:23:07.0598 2472 SPBBCDrv - ok

09:23:07.0754 2472 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:23:07.0754 2472 splitter - ok

09:23:07.0864 2472 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:23:07.0864 2472 sr - ok

09:23:08.0020 2472 SRTSP (522651a0e7dc6415e083317370b609cc) C:\WINDOWS\system32\Drivers\SRTSP.SYS

09:23:08.0020 2472 SRTSP - ok

09:23:08.0098 2472 SRTSPL (34e823b8d730099d032608fcccbc6a25) C:\WINDOWS\system32\Drivers\SRTSPL.SYS

09:23:08.0114 2472 SRTSPL - ok

09:23:08.0317 2472 SRTSPX (469006e15f5b0fe8ae94184a18a81586) C:\WINDOWS\system32\Drivers\SRTSPX.SYS

09:23:08.0317 2472 SRTSPX - ok

09:23:08.0364 2472 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:23:08.0364 2472 Srv - ok

09:23:08.0473 2472 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

09:23:08.0473 2472 ssmdrv - ok

09:23:08.0614 2472 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

09:23:08.0629 2472 streamip - ok

09:23:08.0708 2472 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:23:08.0723 2472 swenum - ok

09:23:08.0848 2472 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:23:08.0848 2472 swmidi - ok

09:23:08.0958 2472 symc810 - ok

09:23:09.0036 2472 symc8xx - ok

09:23:09.0098 2472 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

09:23:09.0098 2472 SymEvent - ok

09:23:09.0208 2472 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

09:23:09.0223 2472 SYMREDRV - ok

09:23:09.0395 2472 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

09:23:09.0395 2472 SYMTDI - ok

09:23:09.0504 2472 sym_hi - ok

09:23:09.0567 2472 sym_u3 - ok

09:23:09.0661 2472 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:23:09.0661 2472 sysaudio - ok

09:23:09.0817 2472 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\szkg.sys

09:23:09.0817 2472 szkg5 - ok

09:23:09.0973 2472 szkgfs (2b8581dc75d6d043e273eb0244632bcb) C:\WINDOWS\system32\drivers\szkgfs.sys

09:23:09.0973 2472 szkgfs - ok

09:23:10.0098 2472 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:23:10.0114 2472 Tcpip - ok

09:23:10.0254 2472 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:23:10.0254 2472 TDPIPE - ok

09:23:10.0411 2472 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:23:10.0426 2472 TDTCP - ok

09:23:10.0567 2472 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:23:10.0583 2472 TermDD - ok

09:23:10.0614 2472 TosIde - ok

09:23:10.0661 2472 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:23:10.0676 2472 Udfs - ok

09:23:10.0723 2472 ultra - ok

09:23:10.0817 2472 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:23:10.0817 2472 Update - ok

09:23:10.0926 2472 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:23:10.0942 2472 usbccgp - ok

09:23:10.0989 2472 USBCCID - ok

09:23:11.0067 2472 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:23:11.0067 2472 usbehci - ok

09:23:11.0129 2472 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:23:11.0145 2472 usbhub - ok

09:23:11.0223 2472 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:23:11.0239 2472 usbscan - ok

09:23:11.0301 2472 usbsmi (57cc4af4651551f1bbc46e9f40acdbc7) C:\WINDOWS\system32\DRIVERS\SMIksdrv.sys

09:23:11.0317 2472 usbsmi - ok

09:23:11.0364 2472 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:23:11.0364 2472 USBSTOR - ok

09:23:11.0520 2472 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:23:11.0520 2472 usbuhci - ok

09:23:11.0676 2472 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

09:23:11.0692 2472 usbvideo - ok

09:23:11.0833 2472 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:23:11.0833 2472 VgaSave - ok

09:23:11.0895 2472 ViaIde - ok

09:23:11.0958 2472 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:23:11.0958 2472 VolSnap - ok

09:23:12.0114 2472 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:23:12.0129 2472 Wanarp - ok

09:23:12.0239 2472 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

09:23:12.0254 2472 Wdf01000 - ok

09:23:12.0348 2472 WDICA - ok

09:23:12.0504 2472 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:23:12.0520 2472 wdmaud - ok

09:23:12.0614 2472 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys

09:23:12.0614 2472 WimFltr - ok

09:23:12.0739 2472 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

09:23:12.0739 2472 WmiAcpi - ok

09:23:12.0848 2472 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

09:23:12.0864 2472 WSTCODEC - ok

09:23:12.0989 2472 WSVD (5d0a08ebf9660e07865907fb1ab022b5) C:\WINDOWS\system32\drivers\WSVD.sys

09:23:12.0989 2472 WSVD - ok

09:23:13.0129 2472 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:23:13.0145 2472 WudfPf - ok

09:23:13.0301 2472 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:23:13.0317 2472 WudfRd - ok

09:23:13.0348 2472 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

09:23:13.0364 2472 \Device\Harddisk0\DR0 - ok

09:23:13.0364 2472 Boot (0x1200) (5de433a1bd13591b85511535b98963ee) \Device\Harddisk0\DR0\Partition0

09:23:13.0364 2472 \Device\Harddisk0\DR0\Partition0 - ok

09:23:13.0395 2472 Boot (0x1200) (b9ccaf642df3548cb1f03bccc8b5569b) \Device\Harddisk0\DR0\Partition1

09:23:13.0395 2472 \Device\Harddisk0\DR0\Partition1 - ok

09:23:13.0395 2472 ============================================================

09:23:13.0395 2472 Scan finished

09:23:13.0395 2472 ============================================================

09:23:13.0411 3348 Detected object count: 1

09:23:13.0411 3348 Actual detected object count: 1

09:25:20.0583 3348 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine

09:25:20.0598 3348 NetBT ( Rootkit.Win32.ZAccess.g ) - User select action: Quarantine

09:25:26.0614 3300 Deinitialize success

[Westycat]

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

DDS.txt log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by ben at 9:33:41 on 2011-10-10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2320 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE

C:\Program Files\Lenovo\Energy Management\utility.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Lenovo\Energy Management\Energy Management.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Napster\napster.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.foxnews.com/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

uRun: [voowire] "c:\program files\voowire\VooWire.exe" -h

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Fw1iLUBX] c:\docume~1\alluse~1\applic~1\Fw1iLUBX.exe

uRun: [OMOJlCVrCXqmAKaE] c:\docume~1\alluse~1\applic~1\OMOJlCVrCXqmAKaE.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [smartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c

mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe

mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NapsterShell] c:\program files\napster\napster.exe /systray

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: mswsock.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273215159843

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{1138A820-5645-4827-8E70-F9C3961C570F} : DhcpNameServer = 192.168.1.254

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

Notify: TPSvc - TPSvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\ben\application data\mozilla\firefox\profiles\obyqhg8h.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-14 64288]

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2011-8-16 59080]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-9-26 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-26 136360]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-26 66616]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-6-2 108392]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-6-2 108392]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-9-21 9472]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-29 105592]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-21 110080]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110919.025\NAVENG.SYS [2011-9-20 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110919.025\NAVEX15.SYS [2011-9-20 1576312]

R3 usbsmi;Lenovo EasyCamera;c:\windows\system32\drivers\SMIksdrv.sys [2009-9-21 164992]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]

S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-26 269480]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2152152]

S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]

S2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-6-2 2440120]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-6-2 23888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-8-19 160256]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-8-19 81192]

.

=============== Created Last 30 ================

.

2011-10-10 14:25:20 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-03 14:37:21 -------- d-----w- c:\documents and settings\ben\application data\Avira

2011-09-28 21:55:09 -------- d-----w- C:\1294069863569b1a2a54d6

2011-09-26 20:47:20 -------- d-----w- c:\program files\Trend Micro

2011-09-26 20:46:06 -------- d-----w- c:\windows\system32\NtmsData

2011-09-26 20:42:24 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-09-26 20:42:23 -------- d-----w- c:\program files\Avira

2011-09-26 20:42:23 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-09-21 13:15:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-20 20:50:11 -------- d-----w- c:\program files\STOPzilla!

2011-09-20 19:56:48 -------- d-----w- c:\program files\common files\iS3

2011-09-20 19:56:48 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!

2011-09-19 23:16:14 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll

2011-09-19 23:16:12 546256 ----a-r- c:\windows\system32\SZComp5.dll

2011-09-19 23:16:12 22992 ----a-r- c:\windows\system32\SZIO5.dll

2011-09-19 23:16:10 480720 ----a-r- c:\windows\system32\SZBase5.dll

2011-09-19 23:16:10 28624 ----a-r- c:\windows\system32\IS3XDat5.dll

2011-09-19 23:16:08 398800 ----a-r- c:\windows\system32\IS3DBA5.dll

2011-09-19 23:16:06 99792 ----a-r- c:\windows\system32\IS3Svc5.dll

2011-09-19 23:16:06 67024 ----a-r- c:\windows\system32\IS3Hks5.dll

2011-09-19 23:16:04 99792 ----a-r- c:\windows\system32\IS3Inet5.dll

2011-09-19 23:16:04 390608 ----a-r- c:\windows\system32\IS3UI5.dll

2011-09-19 23:16:04 230864 ----a-r- c:\windows\system32\IS3Win325.dll

2011-09-19 23:16:02 738768 ----a-r- c:\windows\system32\IS3Base5.dll

.

==================== Find3M ====================

.

2011-09-28 21:32:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-16 22:48:30 59080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

============= FINISH: 9:34:11.75 ===============

[screen317]

Hi,

I notice that you are using more than one antivirus program (Lavasoft and Antivir, and Symantec). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[Westycat]

I uninstalled Lavasoft and avira.

When I try to save the combofix.exe file, I get a warning that says "The above file name is invalid."

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[Westycat]

Hi,

I notice that you are using more than one antivirus program (Lavasoft and Antivir, and Symantec). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

ComboFix Log:

ComboFix 11-10-13.03 - ben 10/13/2011 11:00:24.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2590 [GMT -5:00]

Running from: c:\documents and settings\ben\Desktop\ComboFFix.exe

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\ben\My Documents\ComboFix.exe

c:\windows\$NtUninstallKB7363$\2511173265\@

c:\windows\$NtUninstallKB7363$\2511173265\click.tlb

c:\windows\$NtUninstallKB7363$\2511173265\L\akgtzqoj

c:\windows\$NtUninstallKB7363$\2511173265\loader.tlb

c:\windows\$NtUninstallKB7363$\2511173265\U\@00000001

c:\windows\$NtUninstallKB7363$\2511173265\U\@000000c0

c:\windows\$NtUninstallKB7363$\2511173265\U\@000000cb

c:\windows\$NtUninstallKB7363$\2511173265\U\@000000cf

c:\windows\$NtUninstallKB7363$\2511173265\U\@80000000

c:\windows\$NtUninstallKB7363$\2511173265\U\@800000c0

c:\windows\$NtUninstallKB7363$\2511173265\U\@800000cb

c:\windows\$NtUninstallKB7363$\2511173265\U\@800000cf

c:\windows\$NtUninstallKB7363$\764630124

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\2440474005

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\system32\

c:\windows\system32\d3d9caps.dat

c:\windows\$NtUninstallKB7363$ . . . . Failed to delete

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_95ad7691

.

.

((((((((((((((((((((((((( Files Created from 2011-09-13 to 2011-10-13 )))))))))))))))))))))))))))))))

.

.

2011-10-13 15:33 . 2011-09-29 06:53 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-10-13 15:32 . 2011-09-29 06:53 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-10-13 15:32 . 2011-09-29 06:53 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-10-13 15:32 . 2011-09-29 06:53 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-10-13 15:32 . 2011-09-29 06:53 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-10-13 15:32 . 2011-09-29 06:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-10-13 15:32 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-10-13 15:32 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-10-10 14:25 . 2011-10-10 14:25 -------- d-----w- C:\TDSSKiller_Quarantine

2011-09-28 21:55 . 2011-09-28 21:56 -------- d-----w- C:\1294069863569b1a2a54d6

2011-09-26 20:47 . 2011-09-26 20:47 -------- d-----w- c:\program files\Trend Micro

2011-09-26 20:46 . 2011-09-26 20:46 -------- d-----w- c:\windows\system32\NtmsData

2011-09-26 20:42 . 2011-09-26 20:42 -------- d-----w- c:\program files\Avira

2011-09-26 20:42 . 2011-09-26 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-09-21 13:15 . 2011-09-27 21:47 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-20 20:50 . 2011-09-20 20:50 -------- d-----w- c:\program files\STOPzilla!

2011-09-20 19:56 . 2011-09-21 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2011-09-20 19:56 . 2011-09-20 19:56 -------- d-----w- c:\program files\Common Files\iS3

2011-09-19 23:16 . 2011-09-19 23:16 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll

2011-09-19 23:16 . 2011-09-19 23:16 546256 ----a-r- c:\windows\system32\SZComp5.dll

2011-09-19 23:16 . 2011-09-19 23:16 22992 ----a-r- c:\windows\system32\SZIO5.dll

2011-09-19 23:16 . 2011-09-19 23:16 480720 ----a-r- c:\windows\system32\SZBase5.dll

2011-09-19 23:16 . 2011-09-19 23:16 28624 ----a-r- c:\windows\system32\IS3XDat5.dll

2011-09-19 23:16 . 2011-09-19 23:16 398800 ----a-r- c:\windows\system32\IS3DBA5.dll

2011-09-19 23:16 . 2011-09-19 23:16 99792 ----a-r- c:\windows\system32\IS3Svc5.dll

2011-09-19 23:16 . 2011-09-19 23:16 67024 ----a-r- c:\windows\system32\IS3Hks5.dll

2011-09-19 23:16 . 2011-09-19 23:16 99792 ----a-r- c:\windows\system32\IS3Inet5.dll

2011-09-19 23:16 . 2011-09-19 23:16 390608 ----a-r- c:\windows\system32\IS3UI5.dll

2011-09-19 23:16 . 2011-09-19 23:16 230864 ----a-r- c:\windows\system32\IS3Win325.dll

2011-09-19 23:16 . 2011-09-19 23:16 738768 ----a-r- c:\windows\system32\IS3Base5.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-28 21:32 . 2011-05-24 22:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12 . 2004-08-04 20:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 22:00 . 2011-01-04 22:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-16 22:48 . 2011-08-16 22:48 59080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys

2011-09-29 06:53 . 2011-10-13 15:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Fw1iLUBX"="c:\docume~1\ALLUSE~1\APPLIC~1\Fw1iLUBX.exe" [bU]

"OMOJlCVrCXqmAKaE"="c:\docume~1\ALLUSE~1\APPLIC~1\OMOJlCVrCXqmAKaE.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-27 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-27 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-27 150040]

"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2009-04-23 2742840]

"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-06-12 4464640]

"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-10 1282048]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-06-02 115560]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"NapsterShell"="c:\program files\Napster\napster.exe" [2010-01-19 323280]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Documents and Settings\\ben\\My Documents\\tdsskiller\\TDSSKiller.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8014:TCP"= 8014:TCP:192.168.1.254/255.255.255.255:Disabled:SEP-8014

"39999:UDP"= 39999:UDP:192.168.1.254/255.255.255.255:Disabled:SEP-39999

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/14/2011 4:30 PM 64288]

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [8/16/2011 5:48 PM 59080]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 10:09 PM 11032]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [9/21/2009 12:48 PM 9472]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/29/2011 4:10 PM 105592]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [9/21/2009 12:42 PM 110080]

R3 usbsmi;Lenovo EasyCamera;c:\windows\system32\drivers\SMIksdrv.sys [9/21/2009 12:43 PM 164992]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]

S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [6/2/2009 10:54 AM 23888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [8/19/2009 4:53 AM 160256]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [8/19/2009 5:08 AM 81192]

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2011-10-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\ben\Application Data\Mozilla\Firefox\Profiles\obyqhg8h.default\

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-voowire - c:\program files\VooWire\VooWire.exe

Notify-TPSvc - TPSvc.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-13 11:09

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2852)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Apoint2K\ApMsgFwd.exe

c:\program files\Apoint2K\Apntex.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-10-13 11:13:13 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-13 16:13

.

Pre-Run: 247,902,089,216 bytes free

Post-Run: 248,939,765,760 bytes free

.

- - End Of File - - AC1D79471AC3DF2D72250A448E4BC34F

[screen317]

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

[Westycat]

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

Eset Online Scanner results:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=e7ca8cc5cc7f5f4c81640e5b2672b568

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-17 02:34:25

# local_time=2011-10-17 09:34:25 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1797 16774142 0 1 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=58400

# found=69

# cleaned=68

# scan_time=3197

C:\Documents and Settings\ben\Local Settings\Application Data\95ad7691\X Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP260\A0046857.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP260\A0046858.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP260\A0046877.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP260\A0046878.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP263\A0047877.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP263\A0047878.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP263\A0048877.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP263\A0048878.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP263\A0048899.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP263\A0048900.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP263\A0048954.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP263\A0048955.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP264\A0049135.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP264\A0049199.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP264\A0049200.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP264\A0050199.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP264\A0050200.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP265\A0050276.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP265\A0050277.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP266\A0050348.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP266\A0050349.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP266\A0050425.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP266\A0050426.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP266\A0050463.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP266\A0050464.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP266\A0050495.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP266\A0050496.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP267\A0050554.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP267\A0050555.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP267\A0050588.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP267\A0050589.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP268\A0050811.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP268\A0050812.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP268\A0050833.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP268\A0050834.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP269\A0050968.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP269\A0050969.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP270\A0051968.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP270\A0051969.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP271\A0052968.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP271\A0052969.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP271\A0053968.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP271\A0053969.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP271\A0053996.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP271\A0053997.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP272\A0054060.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP272\A0054061.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0054098.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0054099.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0054130.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0054131.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0055130.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0055131.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0056130.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0056131.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0056199.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0056200.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0056367.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0056368.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0056549.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0056550.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0057549.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0057550.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0057569.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP273\A0057570.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D76A016C-016B-49B4-A663-B226FB1A7D50}\RP274\A0057841.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\10.10.2011_09.22.39\rtkt0000\svc0000\tsk0000.dta Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\drivers\netbt.sys Win32/Rootkit.Agent.NUT trojan (unable to clean) 00000000000000000000000000000000 I

Security Check Log:

esults of screen317's Security Check version 0.99.24

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

ESET Online Scanner v3

Symantec Endpoint Protection

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

``````````End of Log````````````

The redirects and pop-ups have been eliminated, but currently I cannot connect to the network printer or the server files. Thanks for your help.

[screen317]

Hi,

Please grab a fresh copy of ComboFix, run it, and post its log.

[Westycat]

Hi,

Please grab a fresh copy of ComboFix, run it, and post its log.

It said my Symantec End point protection was still running, but I did not have the shield in the task bar, and when I tried to start Symantec, I received a warning that it did and start and had "error code 0x80070005", so I ran combofix.

ComboFix 11-10-20.03 - ben 10/20/2011 8:37.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2534 [GMT -5:00]

Running from: c:\documents and settings\ben\Desktop\ComboFFFix.exe

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\ben\Local Settings\Application Data\95ad7691\U

c:\documents and settings\ben\Local Settings\Application Data\95ad7691\U\80000000.@

c:\documents and settings\ben\Local Settings\Application Data\95ad7691\U\800000cb.@

.

.

((((((((((((((((((((((((( Files Created from 2011-09-20 to 2011-10-20 )))))))))))))))))))))))))))))))

.

.

2011-10-17 13:35 . 2011-10-17 13:35 -------- d-----w- c:\program files\ESET

2011-10-14 18:26 . 2011-10-20 13:41 -------- d-sh--w- c:\documents and settings\ben\Local Settings\Application Data\95ad7691

2011-10-13 19:03 . 2011-10-13 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ErrorEND

2011-10-10 14:25 . 2011-10-10 14:25 -------- d-----w- C:\TDSSKiller_Quarantine

2011-09-28 21:55 . 2011-09-28 21:56 -------- d-----w- C:\1294069863569b1a2a54d6

2011-09-26 20:47 . 2011-09-26 20:47 -------- d-----w- c:\program files\Trend Micro

2011-09-26 20:46 . 2011-10-13 21:55 -------- d-----w- c:\windows\system32\NtmsData

2011-09-26 20:42 . 2011-09-26 20:42 -------- d-----w- c:\program files\Avira

2011-09-26 20:42 . 2011-09-26 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-09-20 20:50 . 2011-09-20 20:50 -------- d-----w- c:\program files\STOPzilla!

2011-09-20 19:56 . 2011-09-21 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2011-09-20 19:56 . 2011-09-20 19:56 -------- d-----w- c:\program files\Common Files\iS3

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-28 21:32 . 2011-05-24 22:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 16:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2004-08-04 20:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2004-08-04 20:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-19 23:16 . 2011-09-19 23:16 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll

2011-09-19 23:16 . 2011-09-19 23:16 546256 ----a-r- c:\windows\system32\SZComp5.dll

2011-09-19 23:16 . 2011-09-19 23:16 22992 ----a-r- c:\windows\system32\SZIO5.dll

2011-09-19 23:16 . 2011-09-19 23:16 480720 ----a-r- c:\windows\system32\SZBase5.dll

2011-09-19 23:16 . 2011-09-19 23:16 28624 ----a-r- c:\windows\system32\IS3XDat5.dll

2011-09-19 23:16 . 2011-09-19 23:16 398800 ----a-r- c:\windows\system32\IS3DBA5.dll

2011-09-19 23:16 . 2011-09-19 23:16 99792 ----a-r- c:\windows\system32\IS3Svc5.dll

2011-09-19 23:16 . 2011-09-19 23:16 67024 ----a-r- c:\windows\system32\IS3Hks5.dll

2011-09-19 23:16 . 2011-09-19 23:16 99792 ----a-r- c:\windows\system32\IS3Inet5.dll

2011-09-19 23:16 . 2011-09-19 23:16 390608 ----a-r- c:\windows\system32\IS3UI5.dll

2011-09-19 23:16 . 2011-09-19 23:16 230864 ----a-r- c:\windows\system32\IS3Win325.dll

2011-09-19 23:16 . 2011-09-19 23:16 738768 ----a-r- c:\windows\system32\IS3Base5.dll

2011-09-09 09:12 . 2004-08-04 20:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2004-08-05 04:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00 . 2011-01-04 22:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48 . 2004-08-04 20:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2004-08-04 20:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2004-08-04 20:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2004-08-04 20:00 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2004-08-04 20:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-16 22:48 . 2011-08-16 22:48 59080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys

2011-09-29 06:53 . 2011-10-14 13:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-13_16.09.04 )))))))))))))))))))))))))))))))))))))))))

.

- 2010-05-08 11:18 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll

+ 2010-05-08 11:18 . 2011-08-12 18:51 17272 c:\windows\system32\spmsg.dll

+ 2004-08-04 20:00 . 2011-10-13 22:01 72696 c:\windows\system32\perfc009.dat

- 2004-08-04 20:00 . 2011-08-10 12:56 72696 c:\windows\system32\perfc009.dat

+ 2004-08-04 20:00 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll

- 2004-08-04 20:00 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll

+ 2009-08-19 10:12 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll

- 2009-08-19 10:12 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll

- 2004-08-04 20:00 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-04 20:00 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll

- 2010-05-08 10:09 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2010-05-08 10:09 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll

- 2004-08-04 20:00 . 2009-10-08 21:56 20480 c:\windows\system32\dllcache\oleaccrc.dll

+ 2004-08-04 20:00 . 2011-09-26 16:41 20480 c:\windows\system32\dllcache\oleaccrc.dll

- 2009-08-19 10:12 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2009-08-19 10:12 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2010-05-08 10:09 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2010-05-08 10:09 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2009-08-19 10:12 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2009-08-19 10:12 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2009-08-19 10:12 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2009-08-19 10:12 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2011-07-08 19:00 . 2011-07-08 19:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

- 2010-09-23 20:55 . 2010-09-23 20:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

- 2010-09-23 07:26 . 2010-09-23 07:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2011-07-07 17:04 . 2011-07-07 17:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2011-07-07 17:04 . 2011-07-07 17:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2010-09-23 07:26 . 2010-09-23 07:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

+ 2011-07-07 17:03 . 2011-07-07 17:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2010-09-23 07:26 . 2010-09-23 07:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2010-09-23 08:17 . 2010-09-23 08:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2011-07-07 18:09 . 2011-07-07 18:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2011-07-07 18:09 . 2011-07-07 18:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

- 2010-09-23 08:17 . 2010-09-23 08:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

+ 2009-08-19 09:59 . 2011-10-13 21:57 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-08-19 09:59 . 2011-09-19 17:01 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-08-19 09:59 . 2011-09-19 17:01 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-08-19 09:59 . 2011-10-13 21:57 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe

- 2009-08-19 09:59 . 2011-09-19 17:01 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-08-19 09:59 . 2011-10-13 21:57 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe

+ 2010-09-14 03:40 . 2011-10-13 22:02 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

- 2010-09-14 03:40 . 2011-06-20 17:07 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-10-13 21:57 . 2011-06-23 18:36 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll

+ 2011-10-13 21:57 . 2011-06-23 18:36 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll

+ 2011-10-13 21:57 . 2011-06-23 18:36 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll

+ 2011-10-13 21:57 . 2011-06-23 18:36 43520 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll

+ 2011-10-13 21:57 . 2011-06-23 18:36 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll

+ 2011-10-13 21:57 . 2011-10-13 21:57 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6ae4aa03\System.Drawing.Design.dll

+ 2011-10-13 21:56 . 2011-10-13 21:56 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_33f99bf1\CustomMarshalers.dll

+ 2011-10-14 13:00 . 2011-10-14 13:00 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a54a122f1070ab71931dd9679ddd8e90\System.Web.DynamicData.Design.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll

+ 2011-10-14 13:00 . 2011-10-14 13:00 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe

+ 2011-10-13 22:02 . 2011-10-13 22:02 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll

+ 2011-10-14 13:00 . 2011-10-14 13:00 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\539f409d18b58b546a6ca68637cdbcfe\Microsoft.SqlServer.CustomControls.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fed28cbcdce16c91e2e45676d13b2e19\Microsoft.PowerShell.Commands.Management.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fbbbd3bdef6dae16400b70a2f2ad3720\Microsoft.PowerShell.Commands.Management.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 35840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fa0a536812625ab69e52071f06282f55\Microsoft.PowerShell.Commands.Utility.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ee61c0b8b6b4ad84f3b167b76d8eadb8\Microsoft.PowerShell.Commands.Management.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 33280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e7c491ceef9613fd6a6adf0b1c1d9ceb\Microsoft.PowerShell.ConsoleHost.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e60fcb2bfc1086f8dc41584fd2a372cb\Microsoft.PowerShell.Commands.Management.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 16896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d93cbfcaa668b2b53db534f12ffd362f\Microsoft.PowerShell.Security.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 20992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d88da99ecfa388475f402d8e531a67f2\Microsoft.PowerShell.Commands.Management.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 18432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c730db3ee09d7981f9389626c9f14196\Microsoft.PowerShell.Commands.Management.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 30720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c1aeb2b76cbafba6515e605b42818a2b\Microsoft.PowerShell.Commands.Utility.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\af2b666789ee8dafa48411236380b730\Microsoft.PowerShell.Commands.Utility.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\aabcc06945dd92c9baeba7c60d381652\Microsoft.PowerShell.ConsoleHost.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a5c9565f5198a2eb163b4117351755ad\Microsoft.PowerShell.Commands.Management.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a040a0716f7566df89a03a147065e7b6\Microsoft.PowerShell.Commands.Utility.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 28672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9e38543d4e7345dc15d59b71c17c322d\Microsoft.PowerShell.Commands.Utility.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 35840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9c8515f8b9e6bac9dca2f752d88bbce6\Microsoft.PowerShell.ConsoleHost.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9855d3fb15e6c63a811b1f0b66d78428\Microsoft.PowerShell.Commands.Utility.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 32768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8ce19ce94ecab823290e19ab3e7da464\Microsoft.PowerShell.Commands.Utility.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\89d6c6128671e8184aede3b6d8f0fe5c\Microsoft.PowerShell.Commands.Management.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 16896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7f36ec4601c3b1fcd4198c5aaf3a7b9d\Microsoft.PowerShell.Security.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 16384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\79df6578b47a615deb987fa09557d870\Microsoft.PowerShell.Security.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7618f444d33b1311e952ba9285e4a4b2\Microsoft.PowerShell.Security.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\72485e06a75e141b0f9d150eaa95fa71\Microsoft.PowerShell.ConsoleHost.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6e4e01708d885d1f373d52ee694ca0d0\Microsoft.PowerShell.ConsoleHost.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6d894a74b5252b9e3441c342dfe7b361\Microsoft.PowerShell.ConsoleHost.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 33792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6d3f35d5f4167211ac5fd12cd3d0c50f\Microsoft.PowerShell.ConsoleHost.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 16384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6c26e841c995c8157de38be37f6a62b5\Microsoft.PowerShell.Security.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\65af934af23cc59112d080722d9377a9\Microsoft.PowerShell.Commands.Management.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\653eba17530d34173df679a78a2e51e1\Microsoft.PowerShell.Security.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 30720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\522e06dbf6d24654d1101ba9f8092be1\Microsoft.PowerShell.Commands.Utility.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 16384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\508bf6c415f98c24c68ca3d5e77afc58\Microsoft.PowerShell.Security.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5031864f32f6f5bf3077eeda8d002dab\Microsoft.PowerShell.Commands.Utility.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 28672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3a2db624a31e527f25e1d20c69bb5e60\Microsoft.PowerShell.Commands.Utility.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\33d29a0607ec489564ca6b69e395d34e\Microsoft.PowerShell.Security.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 37376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2dc1acb700ab59b1a41aa7604f44fa41\Microsoft.PowerShell.ConsoleHost.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\29fc15ce93165af62488c27b3ae50241\Microsoft.PowerShell.Security.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 16384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\254d61afea8c61a334950ee39eb3065c\Microsoft.PowerShell.Security.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1b23e2c0707d81e7eb14f78552562635\Microsoft.PowerShell.Commands.Management.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 45568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\11238f751fe2a04f80448c83041c70d7\Microsoft.PowerShell.ConsoleHost.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0d4d57c7ed48fa23070836319f7f2f99\Microsoft.PowerShell.ConsoleHost.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\065ac03dc714efba4ef493719f59eea1\Microsoft.PowerShell.Commands.Utility.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05bbffbe100ede49139819641a41dfda\Microsoft.PowerShell.ConsoleHost.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 16896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0235131ec8d6cfca14d7e2197167e50e\Microsoft.PowerShell.Security.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\00d4a310524a80140fa4b1e05a4156e2\Microsoft.PowerShell.Commands.Management.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll

+ 2011-10-13 22:02 . 2011-10-13 22:02 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe

+ 2011-10-14 13:00 . 2011-10-14 13:00 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2010-10-07 12:55 . 2010-10-07 12:55 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-10-13 21:56 . 2011-10-13 21:56 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2004-08-04 20:00 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll

- 2004-08-04 20:00 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll

- 2004-08-04 20:00 . 2011-08-10 12:56 444604 c:\windows\system32\perfh009.dat

+ 2004-08-04 20:00 . 2011-10-13 22:01 444604 c:\windows\system32\perfh009.dat

+ 2004-08-04 20:00 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll

- 2004-08-04 20:00 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll

+ 2004-08-04 20:00 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll

- 2004-08-04 20:00 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll

+ 2009-08-19 10:12 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll

- 2009-08-19 10:12 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll

- 2004-08-04 20:00 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll

+ 2004-08-04 20:00 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll

+ 2004-08-04 20:00 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll

- 2004-08-04 20:00 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 20:00 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe

+ 2006-08-10 17:30 . 2011-10-14 12:58 271784 c:\windows\system32\FNTCACHE.DAT

- 2006-08-10 17:30 . 2011-07-13 17:18 271784 c:\windows\system32\FNTCACHE.DAT

- 2009-08-19 10:12 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll

+ 2009-08-19 10:12 . 2011-08-22 23:48 916480 c:\windows\system32\dllcache\wininet.dll

+ 2009-08-19 10:12 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll

- 2009-08-19 10:12 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll

- 2004-08-04 20:00 . 2009-10-08 21:57 220160 c:\windows\system32\dllcache\oleacc.dll

+ 2004-08-04 20:00 . 2011-09-26 16:41 220160 c:\windows\system32\dllcache\oleacc.dll

+ 2009-08-19 10:12 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll

- 2009-08-19 10:12 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll

+ 2009-08-19 10:12 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll

- 2009-08-19 10:12 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll

- 2010-05-08 10:09 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2010-05-08 10:09 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2010-05-08 10:09 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2010-05-08 10:09 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2009-08-19 10:12 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll

- 2009-08-19 10:12 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2010-06-10 19:30 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2010-06-10 19:30 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2009-08-19 10:12 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2009-08-19 10:12 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-08-19 10:12 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe

+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys

- 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys

- 2011-03-25 11:15 . 2011-03-25 11:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2011-07-07 10:18 . 2011-07-07 10:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2011-03-25 11:15 . 2011-03-25 11:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2011-07-07 10:18 . 2011-07-07 10:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2011-07-07 17:04 . 2011-07-07 17:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2010-09-23 07:26 . 2010-09-23 07:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

+ 2011-07-07 17:01 . 2011-07-07 17:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2010-09-23 07:25 . 2010-09-23 07:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2010-09-23 08:17 . 2010-09-23 08:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2011-07-07 18:09 . 2011-07-07 18:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

- 2009-08-19 09:59 . 2011-09-19 17:01 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe

+ 2009-08-19 09:59 . 2011-10-13 21:57 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-08-19 09:59 . 2011-09-19 17:01 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe

+ 2009-08-19 09:59 . 2011-10-13 21:57 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe

+ 2009-08-19 09:59 . 2011-10-13 21:57 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe

- 2009-08-19 09:59 . 2011-09-19 17:01 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe

+ 2009-08-19 09:59 . 2011-10-13 21:57 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe

- 2009-08-19 09:59 . 2011-09-19 17:01 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe

- 2009-08-19 09:59 . 2011-09-19 17:01 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe

+ 2009-08-19 09:59 . 2011-10-13 21:57 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe

+ 2011-10-13 21:57 . 2011-06-23 18:36 916480 c:\windows\ie8updates\KB2586448-IE8\wininet.dll

+ 2011-10-13 21:57 . 2011-06-23 18:36 105984 c:\windows\ie8updates\KB2586448-IE8\url.dll

+ 2011-10-13 21:57 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2586448-IE8\spuninst\updspapi.dll

+ 2011-10-13 21:57 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2586448-IE8\spuninst\spuninst.exe

+ 2011-10-13 21:57 . 2011-06-23 18:36 206848 c:\windows\ie8updates\KB2586448-IE8\occache.dll

+ 2011-10-13 21:57 . 2011-06-23 18:36 611840 c:\windows\ie8updates\KB2586448-IE8\mstime.dll

+ 2011-10-13 21:57 . 2011-06-23 18:36 602112 c:\windows\ie8updates\KB2586448-IE8\msfeeds.dll

+ 2011-10-13 21:57 . 2011-06-23 18:36 247808 c:\windows\ie8updates\KB2586448-IE8\ieproxy.dll

+ 2011-10-13 21:57 . 2011-06-23 18:36 184320 c:\windows\ie8updates\KB2586448-IE8\iepeers.dll

+ 2011-10-13 21:57 . 2011-06-23 18:36 743424 c:\windows\ie8updates\KB2586448-IE8\iedvtool.dll

+ 2011-10-13 21:57 . 2011-06-23 18:36 387584 c:\windows\ie8updates\KB2586448-IE8\iedkcs32.dll

+ 2011-10-13 21:57 . 2011-06-23 12:05 173568 c:\windows\ie8updates\KB2586448-IE8\ie4uinit.exe

+ 2011-10-13 21:57 . 2011-10-13 21:57 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_3791292d\System.Drawing.dll

+ 2011-10-13 21:57 . 2011-10-13 21:57 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_59099b86\System.Drawing.Design.dll

+ 2011-10-13 21:57 . 2011-10-13 21:57 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_98a22e7d\CustomMarshalers.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe

+ 2011-10-14 13:02 . 2011-10-14 13:02 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll

+ 2011-10-14 13:00 . 2011-10-14 13:00 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\3533d614ebecd4344efbee619dd11a74\System.Web.Routing.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d93514a764a83b18f6f3547b59cc8ae9\System.Web.Extensions.Design.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\93b5d1b77a74b76ac73cbf51ec871c01\System.Web.Entity.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d06a7d5872bbe85795f947f6c75d38c6\System.Web.Entity.Design.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ad0851438a18bf730d974c9b2f5f776a\System.Web.DynamicData.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\734ab0ea87d7dfd5c583eea535c05878\System.Web.Abstractions.ni.dll

+ 2011-10-14 13:01 . 2011-10-14 13:01 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll

+ 2011-10-13 22:02 . 2011-10-13 22:02 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll

+ 2011-10-14 13:00 . 2011-10-14 13:00 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-10-14 13:01 . 2011-10-14 13:01 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\8acd508fd65801747e89bb5ab7e981e4\System.Messaging.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 188928 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\fa74b590b28dbf434dc2f3f237ea16cd\System.Management.Automation.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 221184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\eb8f630a81f6274df2574683bbf9c375\System.Management.Automation.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 172544 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\d800b92c93d2d6703f000d60180ad6c2\System.Management.Automation.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 154112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\6f10327646e704c5f1278d1d84cf37ed\System.Management.Automation.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 154624 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\68cfbfed9e99fb7a21cf6f7303b5dc66\System.Management.Automation.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 181248 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\61d86c61f85f5f527794359569579916\System.Management.Automation.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\5d6a0e02b8e1cff94d07d2507667edc7\System.Management.Automation.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 177664 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\4f5df2a653d5e29bf01d9e357d456561\System.Management.Automation.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 169472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\4988c34bafc6dc76bbbb51f17612b7e7\System.Management.Automation.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 169984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\32bf3a315d3f5a1fd259b95d78e4d660\System.Management.Automation.resources.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\1222f3f74fcdfdac51965b6c9c39cac9\System.Management.Automation.resources.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll

+ 2011-10-14 13:01 . 2011-10-14 13:01 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll

+ 2011-10-14 13:01 . 2011-10-14 13:01 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f373f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\fee1a48b769a8c4beb335ee5ce006091\System.Data.Entity.Design.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll

+ 2011-10-13 22:02 . 2011-10-13 22:02 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf5173121a084337256bc\System.AddIn.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\90e4975b3dffcc5ba853ec0fe1d912cb\sysglobl.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe

+ 2011-10-14 15:19 . 2011-10-14 15:19 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\f2df1ca28301bfe7e1d52b86c8394217\ServiceModelReg.ni.exe

+ 2011-10-14 13:02 . 2011-10-14 13:02 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe

+ 2011-10-14 15:19 . 2011-10-14 15:19 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7862c9224996216eedf544400a5623de\Microsoft.SqlServer.Setup.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 529920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5a4e094530f09658b2825dae177812e8\Microsoft.SqlServer.GridControl.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3483d3b6ab5be612c9d92d51f35336aa\Microsoft.SqlServer.WizardFrameworkLite.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fb17fceaa5465d6eeb15034a4bea2687\Microsoft.PowerShell.ConsoleHost.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9963fdc4d47bf168d55ffca06288c0b6\Microsoft.PowerShell.Commands.Management.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\43b77700ad8d984224b12472318e02ec\Microsoft.PowerShell.Security.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1e71552b14add6b28ac6ad7897f3969d\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\ca1406c347f574dc25831bd1ff0b1593\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll

+ 2011-10-13 22:02 . 2011-10-13 22:02 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe

+ 2011-10-14 15:19 . 2011-10-14 15:19 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e1bcee92f5af50d560d577c0a99ea3bd\AspNetMMCExt.ni.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2004-08-04 20:00 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll

- 2004-08-04 20:00 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll

+ 2004-08-04 20:00 . 2011-10-03 08:35 5971456 c:\windows\system32\mshtml.dll

+ 2009-08-19 10:12 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll

+ 2009-08-14 13:21 . 2011-09-06 13:20 1858944 c:\windows\system32\dllcache\win32k.sys

- 2009-08-14 13:21 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys

+ 2009-08-19 10:12 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll

- 2009-08-19 10:12 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll

+ 2009-08-19 10:12 . 2011-10-03 08:35 5971456 c:\windows\system32\dllcache\mshtml.dll

+ 2010-05-08 10:09 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll

+ 2011-07-07 10:18 . 2011-07-07 10:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2011-03-25 11:15 . 2011-03-25 11:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2011-03-25 11:15 . 2011-03-25 11:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-07-07 10:18 . 2011-07-07 10:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

- 2010-09-23 20:55 . 2010-09-23 20:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2011-07-08 18:59 . 2011-07-08 18:59 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2011-07-08 18:59 . 2011-07-08 18:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

- 2010-09-23 20:55 . 2010-09-23 20:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

+ 2011-07-07 17:02 . 2011-07-07 17:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

- 2010-09-23 07:26 . 2010-09-23 07:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2011-07-07 17:02 . 2011-07-07 17:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

+ 2011-07-08 18:59 . 2011-07-08 18:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

- 2010-09-23 20:55 . 2010-09-23 20:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2011-09-21 21:18 . 2011-09-21 21:18 4985856 c:\windows\Installer\babbcf.msp

+ 2009-08-19 09:59 . 2011-10-13 21:57 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe

- 2009-08-19 09:59 . 2011-09-19 17:01 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe

- 2009-08-19 09:59 . 2011-09-19 17:01 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe

+ 2009-08-19 09:59 . 2011-10-13 21:57 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe

+ 2011-10-13 21:57 . 2011-06-23 18:36 1212416 c:\windows\ie8updates\KB2586448-IE8\urlmon.dll

+ 2011-10-13 21:57 . 2011-07-25 15:17 5969920 c:\windows\ie8updates\KB2586448-IE8\mshtml.dll

+ 2011-10-13 21:57 . 2011-06-23 18:36 1991680 c:\windows\ie8updates\KB2586448-IE8\iertutil.dll

+ 2011-10-13 21:56 . 2011-10-13 21:56 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_addf7bdb\System.dll

+ 2011-10-13 21:57 . 2011-10-13 21:57 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a0dc3984\System.dll

+ 2011-10-13 21:57 . 2011-10-13 21:57 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_93cafdd5\System.Xml.dll

+ 2011-10-13 21:57 . 2011-10-13 21:57 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_16b31d14\System.Xml.dll

+ 2011-10-13 21:57 . 2011-10-13 21:57 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f00e68a0\System.Windows.Forms.dll

+ 2011-10-13 21:57 . 2011-10-13 21:57 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_12307952\System.Windows.Forms.dll

+ 2011-10-13 21:57 . 2011-10-13 21:57 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_4ba932ac\System.Drawing.dll

+ 2011-10-13 21:57 . 2011-10-13 21:57 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_fcc40c15\System.Design.dll

+ 2011-10-13 21:57 . 2011-10-13 21:57 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2967176d\System.Design.dll

+ 2011-10-13 21:57 . 2011-10-13 21:57 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c4e3c06e\mscorlib.dll

+ 2011-10-13 21:57 . 2011-10-13 21:57 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1a620e31\mscorlib.dll

+ 2011-10-13 22:02 . 2011-10-13 22:02 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll

+ 2011-10-13 22:02 . 2011-10-13 22:02 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll

+ 2011-10-13 22:02 . 2011-10-13 22:02 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e\System.WorkflowServices.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\f72c5f649951b0403e62bfab6c453e6f\System.Workflow.Runtime.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0aa4f4174204c93cc5181df4a6b2fb09\System.Workflow.ComponentModel.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\921629dc69a5a895101097c88ae67897\System.Workflow.Activities.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f5dac0448a1dbe2687a5df92904d6274\System.Web.Mobile.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ccaf6bdd256a9b5079fedadcc8993327\System.Web.Extensions.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7\System.ServiceModel.Web.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll

+ 2011-10-14 13:01 . 2011-10-14 13:01 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\1a32e7ce68fa086773b235fc8b525476\System.Management.Automation.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d14065ede44df8e9b5d6b60c5ddccc69\System.IdentityModel.ni.dll

+ 2011-10-14 13:00 . 2011-10-14 13:00 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll

+ 2011-10-14 13:01 . 2011-10-14 13:01 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll

+ 2011-10-14 13:00 . 2011-10-14 13:00 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll

+ 2011-10-14 13:01 . 2011-10-14 13:01 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll

+ 2011-10-13 22:02 . 2011-10-13 22:02 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\541142d8742e6e88f1e729fafee04e71\System.Data.Services.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\5d5aa4b926ae422607ea833d934665c2\System.Data.OracleClient.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a3ce22c2a84fdcb008d72d230ee0b2c0\System.Data.Entity.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll

+ 2011-10-14 13:01 . 2011-10-14 13:01 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll

+ 2011-10-14 13:01 . 2011-10-14 13:01 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll

+ 2011-10-13 22:02 . 2011-10-13 22:02 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b42ad515bb20ec1f1250c040371c6730\PresentationBuildTasks.ni.dll

+ 2011-10-14 15:20 . 2011-10-14 15:20 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll

+ 2011-10-14 15:21 . 2011-10-14 15:21 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2011-08-10 12:55 . 2011-08-10 12:55 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-10-13 22:01 . 2011-10-13 22:01 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2010-10-07 12:55 . 2010-10-07 12:55 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2011-10-13 21:56 . 2011-10-13 21:56 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2011-10-13 21:56 . 2011-10-13 21:56 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

- 2010-10-07 12:55 . 2010-10-07 12:55 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2006-08-10 17:41 . 2011-10-13 21:58 48324552 c:\windows\system32\MRT.exe

- 2009-08-19 10:12 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll

+ 2009-08-19 10:12 . 2011-08-23 22:48 11081728 c:\windows\system32\ieframe.dll

- 2010-05-08 10:09 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll

+ 2010-05-08 10:09 . 2011-08-23 22:48 11081728 c:\windows\system32\dllcache\ieframe.dll

+ 2011-07-13 03:49 . 2011-07-13 03:49 11459584 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2572067\M2572067Uninstall.msp

+ 2011-10-13 22:02 . 2011-10-13 22:02 20333568 c:\windows\Installer\babbe6.msp

+ 2011-07-12 01:43 . 2011-07-12 01:43 11641344 c:\windows\Installer\babbda.msp

+ 2011-07-12 20:50 . 2011-07-12 20:50 17555968 c:\windows\Installer\babbbd.msp

+ 2011-10-13 21:57 . 2011-06-23 18:36 11081728 c:\windows\ie8updates\KB2586448-IE8\ieframe.dll

+ 2011-10-14 13:00 . 2011-10-14 13:00 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll

+ 2011-10-14 13:01 . 2011-10-14 13:01 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll

+ 2011-10-14 15:19 . 2011-10-14 15:19 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll

+ 2011-10-14 13:02 . 2011-10-14 13:02 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c6374d32e4af7b7e3e46b32176f76558\System.Design.ni.dll

+ 2011-10-14 13:01 . 2011-10-14 13:01 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll

+ 2011-10-14 12:59 . 2011-10-14 12:59 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll

+ 2011-10-13 22:02 . 2011-10-13 22:02 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Fw1iLUBX"="c:\docume~1\ALLUSE~1\APPLIC~1\Fw1iLUBX.exe" [bU]

"OMOJlCVrCXqmAKaE"="c:\docume~1\ALLUSE~1\APPLIC~1\OMOJlCVrCXqmAKaE.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-27 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-27 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-27 150040]

"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2009-04-23 2742840]

"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-06-12 4464640]

"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-10 1282048]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-06-02 115560]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"NapsterShell"="c:\program files\Napster\napster.exe" [2010-01-19 323280]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Documents and Settings\\ben\\My Documents\\tdsskiller\\TDSSKiller.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8014:TCP"= 8014:TCP:192.168.1.254/255.255.255.255:Disabled:SEP-8014

"39999:UDP"= 39999:UDP:192.168.1.254/255.255.255.255:Disabled:SEP-39999

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/14/2011 4:30 PM 64288]

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [8/16/2011 5:48 PM 59080]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 10:09 PM 11032]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [9/21/2009 12:48 PM 9472]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/29/2011 4:10 PM 105592]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [9/21/2009 12:42 PM 110080]

R3 usbsmi;Lenovo EasyCamera;c:\windows\system32\drivers\SMIksdrv.sys [9/21/2009 12:43 PM 164992]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]

S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [6/2/2009 10:54 AM 23888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [8/19/2009 4:53 AM 160256]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [8/19/2009 5:08 AM 81192]

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\ben\Application Data\Mozilla\Firefox\Profiles\obyqhg8h.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-20 08:42

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(928)

c:\windows\system32\cscdll.dll

.

Completion time: 2011-10-20 08:43:59

ComboFix-quarantined-files.txt 2011-10-20 13:43

ComboFix2.txt 2011-10-13 16:13

.

Pre-Run: 248,293,994,496 bytes free

Post-Run: 248,404,574,208 bytes free

.

- - End Of File - - EC14DAC26D4602881968E5F8BEAABF8D

[Westycat]

That was supposed to read: It said my Symantec End point protection was still running, but I did not have the shield in the task bar, and when I tried to start Symantec, I received a warning that it did NOT start and had "error code 0x80070005", so I ran combofix.

[screen317]

Hi,

Are you still getting any errors?

[Westycat]

Hi,

Are you still getting any errors?

No, everything appears to be working correctly, Thanks.

[screen317]

Great!

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!

Restart your computer.

Get the latest version of Adobe Flash Player.

Let me know what issues remain.

-screen317

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!